mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
parent
20c7b998a3
commit
fec4b31bc1
@ -1 +0,0 @@
|
||||
The schema file is stored in ../examples/LDAP/samba.schema
|
@ -1,24 +0,0 @@
|
||||
REGEDIT4
|
||||
|
||||
;Contributor: John H Terpstra <jht@samba.org>
|
||||
;Corrected: Stefan Kanthak <skanthak@nexgo.de>
|
||||
;Updated: Jun 25, 2001
|
||||
;
|
||||
;Subject: Registry Entries That Affect Locking and Caching
|
||||
|
||||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
|
||||
"BufFilesDenyWrite"=dword:00000000
|
||||
"BufNamedPipes"=dword:00000000
|
||||
"UseOpportunisticLocking"=dword:00000000
|
||||
"DormantFileLimit"=dword:00000000
|
||||
|
||||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\Linkage]
|
||||
"UtilizeNtCaching"=dword:00000000
|
||||
|
||||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem]
|
||||
"Win95TruncatedExtensions"=dword:00000000
|
||||
"NTFSDisable8dot3NameCreation"=dword:00000001
|
||||
|
||||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters]
|
||||
"EnableOpLockForceClose"=dword:00000001
|
||||
"EnableOpLocks"=dword:00000000
|
@ -1,11 +0,0 @@
|
||||
REGEDIT4
|
||||
|
||||
;Contributor: Tim Small (tim.small@virgin.net)
|
||||
;Updated: 20 August 1997
|
||||
;Status: Current
|
||||
;
|
||||
;Subject: Registry file to enable plain text passwords in NT4-SP3 and later
|
||||
|
||||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters]
|
||||
"EnablePlainTextPassword"=dword:00000001
|
||||
|
@ -1,11 +0,0 @@
|
||||
REGEDIT4
|
||||
|
||||
;Contributor: John H Terpstra
|
||||
;Updated: December 17, 2002
|
||||
;Status: Current
|
||||
;
|
||||
;Subject: Registry file update to delete roaming profiles on logout
|
||||
|
||||
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\winlogon]
|
||||
"DeleteRoamingCache"=dword:00000001
|
||||
|
@ -1,11 +0,0 @@
|
||||
REGEDIT4
|
||||
|
||||
;Contributor: Herb Lewis (herb@sgi.com)
|
||||
;Updated: 16 July 1999
|
||||
;Status: Current
|
||||
;
|
||||
;Subject: Registry file to enable plain text passwords in Windows 2000
|
||||
|
||||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters]
|
||||
"EnablePlainTextPassword"=dword:00000001
|
||||
|
@ -1,4 +0,0 @@
|
||||
REGEDIT4
|
||||
|
||||
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP]
|
||||
"EnablePlainTextPassword"=dword:00000001
|
@ -1,4 +0,0 @@
|
||||
REGEDIT4
|
||||
|
||||
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP]
|
||||
"EnablePlainTextPassword"=dword:00000001
|
@ -1,7 +0,0 @@
|
||||
REGEDIT4
|
||||
|
||||
; Contributor: John H Terpstra <jht@samba.org>
|
||||
; Date: Feb 15, 1999
|
||||
|
||||
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VREDIR]
|
||||
"DiscardCacheOnOpen"=string:00000001
|
@ -1,4 +0,0 @@
|
||||
REGEDIT4
|
||||
|
||||
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP]
|
||||
"EnablePlainTextPassword"=dword:00000001
|
Binary file not shown.
@ -1,11 +0,0 @@
|
||||
Windows Registry Editor Version 5.00
|
||||
|
||||
;
|
||||
; This registry key is needed for a Windows XP Client to join
|
||||
; and logon to a Samba domain. Note: Samba 2.2.3a contained
|
||||
; this key in a broken format which did nothing to the registry -
|
||||
; however XP reported "registry key imported". If in doubt
|
||||
; check the key by hand with regedit.
|
||||
|
||||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
|
||||
"requiresignorseal"=dword:00000000
|
@ -1,7 +0,0 @@
|
||||
REGEDIT4
|
||||
|
||||
;Subject: Registry file to force multiple NT terminal server users to have their own connections.
|
||||
|
||||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters]
|
||||
"MultipleUsersOnConnection"=dword:00000000
|
||||
|
Binary file not shown.
Binary file not shown.
137
docs/THANKS
137
docs/THANKS
@ -1,137 +0,0 @@
|
||||
=====================================================================
|
||||
This file is for thanks to individuals or organisations who have
|
||||
helped with the development of Samba, other than by coding or bug
|
||||
reports. Their contributions are gratefully acknowledged.
|
||||
|
||||
Please refer to the manual pages and change-log for a list of those
|
||||
who have contributed in the form of patches, bug fixes or other
|
||||
direct changes to the package.
|
||||
|
||||
Contributions of any kind are welcomed. If you want to help then
|
||||
please contact Andrew.Tridgell@anu.edu.au, or via normal mail at
|
||||
|
||||
Andrew Tridgell
|
||||
3 Ballow Crescent
|
||||
Macgregor, A.C.T
|
||||
2615 Australia
|
||||
=====================================================================
|
||||
|
||||
|
||||
Lee Fisher (leefi@microsoft.com)
|
||||
Charles Fox (cfox@microsoft.com)
|
||||
Dan Perry (danp@exchnge.microsoft.com)
|
||||
Paul Leach (paulle@microsoft.com)
|
||||
Isaac Heizer (isaache@microsoft.com)
|
||||
|
||||
These Microsoft people have been very helpful and supportive of
|
||||
the development of Samba over some years.
|
||||
|
||||
Lee very kindly supplied me with a copy of the X/Open SMB
|
||||
specs. These have been invaluable in getting the details of the
|
||||
implementation right. They will become even more important as we move
|
||||
towards a Lanman 2.1 compliant server. Lee has provided very
|
||||
useful advice on several aspects of the server.
|
||||
Lee has also provided me with copies of Windows NTAS 3.1, Visual C
|
||||
and a developers CD-ROM. Being able to run NT at home is a
|
||||
great help.
|
||||
|
||||
Charles has helped out in numerous ways with the provision of SMB
|
||||
specifications and helpful advice. He has been following the
|
||||
discussion of Samba on the mailing list and has stepped in
|
||||
regularly to clarify points and to offer help.
|
||||
|
||||
Dan has put me in touch with NT developers to help sort out bugs and
|
||||
compatability issues. He has also supplied me with a copy of the
|
||||
NT browsing spec, which will help a lot in the development of the
|
||||
Samba browser code.
|
||||
|
||||
Paul was responsible for Microsoft paying my flight to Seattle for the
|
||||
first CIFS conference (see http://samba.org/cifs) and has been
|
||||
generally helpful and cooperative as the SMB community moves towards
|
||||
an Internet-ready specification. Isaac has regularly provided help on
|
||||
the behaviour of NT networks.
|
||||
|
||||
Bruce Perens (bruce@pixar.com)
|
||||
|
||||
In appreciation of his effort on Samba we have sent Andrew copies of
|
||||
various Pixar computer-graphics software products. Pixar is best known
|
||||
for its "Renderman" product, the 3-D renderer used by ILM to make special
|
||||
effects for "Terminator II" and "Jurassic Park". We won the first Oscar
|
||||
given to a computer graphic animated feature for our short film "Tin Toy".
|
||||
Our retail products "Typestry" and "Showplace", incorporate the same
|
||||
renderer used on the films, and are available on Windows and the
|
||||
Macintosh.
|
||||
|
||||
|
||||
|
||||
Henry Lee (hyl@microplex.co)
|
||||
|
||||
Henry sent me a M202 ethernet print server, making my little lan
|
||||
one of the few home networks to have it's own print server!
|
||||
|
||||
``Microplex Systems Ltd. is a manufacturer of local and wide area
|
||||
network communications equipment based in beautiful Vancouver, British
|
||||
Columbia, Canada. Microplex's first products were synchronous wide
|
||||
area network devices used in the mainframe communication networks. In
|
||||
August 1991 Microplex introduced its first LAN product, the M200 print
|
||||
server, the first high performance print server under US$1,000.''
|
||||
|
||||
|
||||
Tom Haapanen (tomh@metrics.com)
|
||||
|
||||
Tom sent me two 16 bit SMC ethernet cards to replace my ancient 8
|
||||
bit ones. The performance is much better!
|
||||
|
||||
Software Metrics Inc. is a small custom software development and
|
||||
consulting firm located in Waterloo, Ontario, Canada. We work
|
||||
with a variety of environments (such as Windows, Windows NT and
|
||||
Unix), tools and application areas, and can provide assistance for
|
||||
development work ranging from a few days to to multiple man-year
|
||||
projects. You can find more information at http://www.metrics.com/.
|
||||
|
||||
|
||||
Steve Kennedy (steve@gbnet.net)
|
||||
|
||||
Steve sent me 16Mb of ram so that I could install/test
|
||||
NT3.5. I previous had only 8Mb ram in my test machine, which
|
||||
wasn't enough to install a properly functioning copy of
|
||||
NTAS. Being able to directly test NT3.5 allowed me to solve
|
||||
several long standing NT<->Samba problems. Thanks Steve!
|
||||
|
||||
John Terpstra (jht@aquasoft.com.au)
|
||||
|
||||
Aquasoft are a specialist consulting company whose Samba-using
|
||||
customers span the world.
|
||||
|
||||
Aquasoft have been avid supporters of the Samba project. As a
|
||||
token of appreciation Aquasoft have donated a 486DX2/66 PC with
|
||||
a 540MB EIDE drive and 20MB RAM.
|
||||
|
||||
John has helped to isolate quite a few little glitches over time
|
||||
and has managed to implement some very interesting installations
|
||||
of Samba.
|
||||
|
||||
The donation of the new PC will make it possible to more fully
|
||||
diagnose and observe the behaviour of Samba in conjuction with
|
||||
other SMB protocol utilising systems.
|
||||
|
||||
|
||||
Timothy F. Sipples (tsipple@vnet.IBM.COM)
|
||||
Steve Withers (swithers@vnet.IBM.COM)
|
||||
|
||||
Tim and Steve from IBM organised a copy of the OS/2 developers
|
||||
connection CD set for me, and gave lots of help in getting
|
||||
OS/2 Warp installed. I hope this will allow me to finally fix
|
||||
up those annoying OS/2 related Samba bugs that I have been
|
||||
receiving reports of.
|
||||
|
||||
Keith Wilkins (wilki1k@nectech.co.uk)
|
||||
|
||||
Keith from NEC in England very generously supplied a PC to
|
||||
Luke Leighton to help with his nmbd development work. At the
|
||||
same time Keith offered to help me with some new hardware, and
|
||||
he sent me a pentium motherboard with 32MB of ram
|
||||
onboard. This was very helpful as it allowed me to upgrade
|
||||
my aging server to be a very powerful system. Thanks!
|
||||
|
||||
|
@ -1,6 +0,0 @@
|
||||
Makefile
|
||||
config.cache
|
||||
config.log
|
||||
config.status
|
||||
samba-doc.*
|
||||
dev-doc.*
|
@ -1,203 +0,0 @@
|
||||
#################################################################
|
||||
# Makefile.in for Samba Documentation
|
||||
# Authors: James Moore <jmoore@php.net>
|
||||
# Gerald Carter <jerry@samba.org>
|
||||
# Jelmer Vernooij <jelmer@samba.org>
|
||||
#
|
||||
# Please see http://www.samba.org/samba/cvs.html
|
||||
# for information on getting the latest
|
||||
# source and documentation source files.
|
||||
#
|
||||
#
|
||||
MANPAGES_NAMES=findsmb.1 smbclient.1 \
|
||||
smbspool.8 lmhosts.5 \
|
||||
smbcontrol.1 smbstatus.1 \
|
||||
smbd.8 net.8 smbtar.1 nmbd.8 \
|
||||
smbmnt.8 smbumount.8 nmblookup.1 \
|
||||
smbmount.8 swat.8 rpcclient.1 \
|
||||
smbpasswd.5 testparm.1 samba.7 \
|
||||
smbpasswd.8 testprns.1 \
|
||||
smb.conf.5 wbinfo.1 pdbedit.8 \
|
||||
smbcacls.1 smbsh.1 winbindd.8 \
|
||||
tdbbackup.8 vfstest.1 \
|
||||
profiles.1 smbtree.1 ntlm_auth.1 \
|
||||
editreg.1 smbcquotas.1 log2pcap.1 \
|
||||
mount.cifs.8
|
||||
|
||||
## This part contains only rules. You shouldn't need to change it
|
||||
## if you are adding docs
|
||||
|
||||
TEXSTYLESHEET = @TEXSTYLESHEET@
|
||||
XSLTPROC = @XSLTPROC@ @PAPERSIZE@ --stringparam samba-book 1 --stringparam duplicate_ulinks "@DUPLICATE_ULINKS@" @FONTSIZE@ @CROP@
|
||||
DVIPS = @DVIPS@
|
||||
PNGTOPNM = @PNGTOPNM@
|
||||
PNMTOPS = @PNMTOPS@
|
||||
XMLTO = @XMLTO@
|
||||
SRCDIR = @srcdir@
|
||||
MANDIR=../manpages
|
||||
MANPROJDOC = manpages
|
||||
PROJDOC = projdoc
|
||||
MAKEINDEX = @MAKEINDEX@
|
||||
IMAGEPROJDIR = $(PROJDOC)/imagefiles
|
||||
DEVDOC = devdoc
|
||||
SMBDOTCONFDOC = smbdotconf
|
||||
PSDIR = ..
|
||||
PDFDIR = ..
|
||||
DVIDIR = ..
|
||||
TXTDIR = ../textdocs
|
||||
FAQPROJDOC = faq
|
||||
FAQDIR = ../faq
|
||||
HTMLDIR=../htmldocs
|
||||
PDFLATEX = TEXINPUTS=xslt/latex:.: @PDFLATEX@ --interaction nonstopmode
|
||||
LATEX = TEXINPUTS=xslt/latex:.: @LATEX@ --interaction nonstopmode
|
||||
|
||||
MANPAGES=$(patsubst %,$(MANDIR)/%,$(MANPAGES_NAMES))
|
||||
MANPAGES_HTML=$(patsubst %,$(HTMLDIR)/%.html,$(MANPAGES_NAMES))
|
||||
|
||||
PROJDOC_IMAGES_PNG = $(wildcard $(IMAGEPROJDIR)/*.png)
|
||||
PROJDOC_IMAGES_EPS=$(patsubst %.png,%.eps,$(wildcard $(IMAGEPROJDIR)/*.png))
|
||||
PROJDOC_DEPS = $(PROJDOC)/*.xml $(PROJDOC)/attributions.xml $(MANPROJDOC)/*.xml $(SMBDOTCONFDOC)/smb.conf.5.xml $(SMBDOTCONFDOC)/parameters.all.xml $(SMBDOTCONFDOC)/parameters.global.xml $(SMBDOTCONFDOC)/parameters.service.xml
|
||||
DEVDOC_DEPS = $(DEVDOC)/*.xml $(DEVDOC)/attributions.xml
|
||||
|
||||
all:
|
||||
@echo "Supported make targets:"
|
||||
@echo "pdf - Build PDF version of book"
|
||||
@echo "tex - Build Latex version of book"
|
||||
@echo "dvi - Build Device Independant File of book"
|
||||
@echo "ps - Build PostScript version of book"
|
||||
@echo "everything - Build all of the above"
|
||||
@echo "manpages - Build manpages"
|
||||
@echo "txt - Build plain text version of HOWTO Collection and Developers Guide"
|
||||
@echo -n "html-single - Build single file HTML version of HOWTO Collection"
|
||||
@echo " and developers guide"
|
||||
@echo "html - Build HTML version of HOWTO Collection and Developers Guide"
|
||||
@echo "htmlman - Build html version of manpages"
|
||||
@echo "htmlfaq - Build html version of the FAQ"
|
||||
@echo "undocumented - Output list of undocumented smb.conf options"
|
||||
@echo "everything - Build all of the above"
|
||||
|
||||
everything: manpages pdf html-single html htmlman htmlfaq txt ps
|
||||
|
||||
# Global rules
|
||||
|
||||
pdf: $(PDFDIR) $(PDFDIR)/Samba-HOWTO-Collection.pdf $(PDFDIR)/Samba-Developers-Guide.pdf
|
||||
dvi: $(DVIDIR) $(DVIDIR)/Samba-HOWTO-Collection.dvi $(DVIDIR)/Samba-Developers-Guide.dvi
|
||||
ps: $(PSDIR) $(PSDIR)/Samba-HOWTO-Collection.ps $(PSDIR)/Samba-Developers-Guide.ps
|
||||
txt: $(TXTDIR) $(TXTDIR)/Samba-HOWTO-Collection.txt $(TXTDIR)/Samba-Developers-Guide.txt
|
||||
htmlman: $(HTMLDIR) $(MANPAGES_HTML) CSS
|
||||
htmlfaq: $(HTMLDIR) CSS
|
||||
$(XSLTPROC) --stringparam base.dir "$(FAQDIR)/" --stringparam root.filename samba-faq xslt/html-chunk.xsl $(FAQPROJDOC)/sambafaq.xml
|
||||
html-single: $(HTMLDIR) CSS $(HTMLDIR)/Samba-HOWTO-Collection.html $(HTMLDIR)/Samba-Developers-Guide.html
|
||||
html: $(HTMLDIR) CSS Samba-HOWTO-Collection.xml
|
||||
$(XSLTPROC) -o $(HTMLDIR) xslt/html-chunk.xsl Samba-HOWTO-Collection.xml
|
||||
manpages: $(MANDIR) $(MANPAGES)
|
||||
tex: Samba-HOWTO-Collection.tex Samba-Developers-Guide.tex
|
||||
|
||||
Samba-HOWTO-Collection.xml: $(PROJDOC)/samba-doc.xml $(PROJDOC_DEPS)
|
||||
$(XSLTPROC) --xinclude --output $@ xslt/expand-sambadoc.xsl $<
|
||||
|
||||
Samba-Developers-Guide.xml: $(DEVDOC)/dev-doc.xml $(DEVDOC_DEPS)
|
||||
$(XSLTPROC) --xinclude --output $@ xslt/expand-sambadoc.xsl $<
|
||||
|
||||
$(PROJDOC)/attributions.xml: $(PROJDOC)/samba-doc.xml
|
||||
@echo > $@ # Make sure we don't get recursive dependencies, etc!
|
||||
$(XSLTPROC) --output $@ xslt/generate-attributions.xsl $<
|
||||
|
||||
$(DEVDOC)/attributions.xml: $(DEVDOC)/dev-doc.xml
|
||||
@echo > $@ # Make sure we don't get recursive dependencies, etc!
|
||||
$(XSLTPROC) --output $@ xslt/generate-attributions.xsl $<
|
||||
|
||||
clean:
|
||||
@rm -f *.xml $(MANPAGES) $(TXTDIR)/*.txt $(PSDIR)/*.ps $(PDFDIR)/*.pdf
|
||||
@rm -f $(SMBDOTCONFDOC)/parameters.*.xml $(DVIDIR)/*.dvi
|
||||
@rm -f samba-doc.* dev-doc.* $(PROJDOC)/attributions.xml $(DEVDOC)/attributions.xml
|
||||
@rm -f $(IMAGEPROJDIR)/*.eps $(MANPROJDOC)/smb.conf.5.xml
|
||||
|
||||
# Text files
|
||||
$(TXTDIR):
|
||||
mkdir $(TXTDIR)
|
||||
|
||||
$(TXTDIR)/%.txt: %.xml
|
||||
$(XMLTO) txt -o $(TXTDIR) $< > $@
|
||||
|
||||
# Tex files
|
||||
%.tex: %.xml
|
||||
$(XSLTPROC) --output $@ xslt/latex.xsl $<
|
||||
|
||||
# Adobe PDF files
|
||||
$(PDFDIR)/%.pdf: %.tex
|
||||
-$(PDFLATEX) $<
|
||||
-$(PDFLATEX) $<
|
||||
-$(PDFLATEX) $<
|
||||
mv $(patsubst %.tex,%.pdf,$<) $@
|
||||
|
||||
epsimages: $(PROJDOC_IMAGES_EPS)
|
||||
|
||||
# DVI files
|
||||
$(DVIDIR)/%.dvi: %.tex epsimages
|
||||
-$(LATEX) $<
|
||||
-$(LATEX) $<
|
||||
-$(LATEX) $<
|
||||
mv $(patsubst %.tex,%.dvi,$<) $@
|
||||
|
||||
%.eps: %.png
|
||||
$(PNGTOPNM) $< | $(PNMTOPS) > $@
|
||||
|
||||
# PostScript files
|
||||
$(PSDIR)/%.ps: $(DVIDIR)/%.dvi
|
||||
$(DVIPS) -o $@ $<
|
||||
|
||||
# Single large HTML files
|
||||
|
||||
$(HTMLDIR):
|
||||
mkdir $(HTMLDIR)
|
||||
|
||||
CSS: $(HTMLDIR) xslt/html/samba.css
|
||||
cp xslt/html/samba.css $(HTMLDIR)/
|
||||
|
||||
$(HTMLDIR)/Samba-HOWTO-Collection.html: Samba-HOWTO-Collection.xml $(PROJDOC_DEPS) $(PROJDOC_IMAGES_PNG)
|
||||
$(XSLTPROC) --output $@ xslt/html.xsl $<
|
||||
|
||||
$(HTMLDIR)/Samba-Developers-Guide.html: Samba-Developers-Guide.xml $(DEVDOC_DEPS)
|
||||
$(XSLTPROC) --output $@ xslt/html.xsl $<
|
||||
|
||||
$(HTMLDIR)/%.html: %.xml
|
||||
$(XSLTPROC) --output $@ xslt/html.xsl $<
|
||||
|
||||
%.xml: $(MANPROJDOC)/%.xml
|
||||
$(XSLTPROC) --output $@ xslt/expand-sambadoc.xsl $<
|
||||
|
||||
# Manpages
|
||||
$(SMBDOTCONFDOC)/parameters.all.xml: $(SMBDOTCONFDOC)/generate-file-list.sh
|
||||
@cd $(SMBDOTCONFDOC) && \
|
||||
/bin/sh generate-file-list.sh >parameters.all.xml && \
|
||||
cd ..
|
||||
|
||||
$(SMBDOTCONFDOC)/parameters.global.xml: $(SMBDOTCONFDOC)/parameters.all.xml $(SMBDOTCONFDOC)/generate-context.xsl
|
||||
@cd $(SMBDOTCONFDOC) && \
|
||||
$(XSLTPROC) --xinclude \
|
||||
--param smb.context "'G'" \
|
||||
--output parameters.global.xml \
|
||||
generate-context.xsl parameters.all.xml && \
|
||||
cd ..
|
||||
|
||||
$(SMBDOTCONFDOC)/parameters.service.xml: $(SMBDOTCONFDOC)/parameters.all.xml $(SMBDOTCONFDOC)/generate-context.xsl
|
||||
@cd $(SMBDOTCONFDOC) && \
|
||||
$(XSLTPROC) --xinclude \
|
||||
--param smb.context "'S'" \
|
||||
--output parameters.service.xml \
|
||||
generate-context.xsl parameters.all.xml && \
|
||||
cd ..
|
||||
|
||||
smb.conf.5.xml: $(SMBDOTCONFDOC)/smb.conf.5.xml $(SMBDOTCONFDOC)/parameters.all.xml \
|
||||
$(SMBDOTCONFDOC)/parameters.global.xml $(SMBDOTCONFDOC)/parameters.service.xml
|
||||
$(XSLTPROC) --xinclude --output $@ xslt/expand-sambadoc.xsl $<
|
||||
|
||||
$(MANDIR):
|
||||
mkdir $(MANDIR)
|
||||
|
||||
$(MANDIR)/%: %.xml
|
||||
$(XSLTPROC) --output $@ xslt/man.xsl $<
|
||||
|
||||
undocumented: $(SMBDOTCONFDOC)/parameters.all.xml
|
||||
$(PERL) scripts/find_missing_doc.pl ../..
|
2483
docs/docbook/configure
vendored
2483
docs/docbook/configure
vendored
File diff suppressed because it is too large
Load Diff
@ -1,53 +0,0 @@
|
||||
AC_INIT(global.ent)
|
||||
|
||||
AC_PATH_PROG(XSLTPROC, xsltproc)
|
||||
if test "x$XSLTPROC" = x; then
|
||||
AC_MSG_ERROR("xsltproc is required")
|
||||
fi
|
||||
AC_PATH_PROG(PDFLATEX, pdflatex)
|
||||
if test "x$PDFLATEX" = x; then
|
||||
AC_MSG_ERROR("pdflatex is required")
|
||||
fi
|
||||
AC_PATH_PROG(MAKEINDEX, makeindex)
|
||||
if test "x$MAKEINDEX" = x; then
|
||||
AC_MSG_ERROR("makeindex is required")
|
||||
fi
|
||||
|
||||
PAPERSIZE=""
|
||||
TEXSTYLESHEET=xslt/latex.xsl
|
||||
DUPLICATE_ULINKS=""
|
||||
|
||||
CROP="--stringparam docrop 0"
|
||||
|
||||
AC_ARG_ENABLE(crop,
|
||||
[ --enable-crop Whether to use a crop template],
|
||||
[ test "$withval" && CROP="--stringparam docrop 1" ])
|
||||
|
||||
PAPERSIZE="--stringparam papersize a4paper"
|
||||
|
||||
AC_ARG_WITH(papersize,
|
||||
[ --with-papersize Specify papersize (a4paper,letter) ],
|
||||
[ test "$withval" && PAPERSIZE="--stringparam papersize $withval" ])
|
||||
|
||||
FONTSIZE="--stringparam fontsize 10.5"
|
||||
|
||||
AC_ARG_WITH(fontsize,
|
||||
[ --with-fontsize Specify the fontsize in points (default: 10.5) ],
|
||||
[ test "$withval" && FONTSIZE="--stringparam fontsize $withval" ])
|
||||
|
||||
AC_PATH_PROG(LATEX, latex)
|
||||
AC_PATH_PROG(DVIPS, dvips)
|
||||
AC_PATH_PROG(PNGTOPNM, pngtopnm)
|
||||
AC_PATH_PROG(PNMTOPS, pnmtops)
|
||||
AC_PATH_PROG(PERL, perl)
|
||||
AC_PATH_PROG(XMLTO, xmlto)
|
||||
|
||||
DOC_BUILD_DATE=`date '+%d-%m-%Y'`
|
||||
AC_SUBST(DOC_BUILD_DATE)
|
||||
AC_SUBST(TEXSTYLESHEET)
|
||||
AC_SUBST(PAPERSIZE)
|
||||
AC_SUBST(DUPLICATE_ULINKS)
|
||||
AC_SUBST(FONTSIZE)
|
||||
AC_SUBST(CROP)
|
||||
|
||||
AC_OUTPUT( Makefile )
|
@ -1 +0,0 @@
|
||||
attributions.xml
|
@ -1,237 +0,0 @@
|
||||
<chapter id="CodingSuggestions">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Steve</firstname><surname>French</surname>
|
||||
</author>
|
||||
<author>
|
||||
<firstname>Simo</firstname><surname>Sorce</surname>
|
||||
</author>
|
||||
<author>
|
||||
<firstname>Andrew</firstname><surname>Bartlett</surname>
|
||||
</author>
|
||||
<author>
|
||||
<firstname>Tim</firstname><surname>Potter</surname>
|
||||
</author>
|
||||
<author>
|
||||
<firstname>Martin</firstname><surname>Pool</surname>
|
||||
</author>
|
||||
</chapterinfo>
|
||||
|
||||
<title>Coding Suggestions</title>
|
||||
|
||||
<para>
|
||||
So you want to add code to Samba ...
|
||||
</para>
|
||||
|
||||
<para>
|
||||
One of the daunting tasks facing a programmer attempting to write code for
|
||||
Samba is understanding the various coding conventions used by those most
|
||||
active in the project. These conventions were mostly unwritten and helped
|
||||
improve either the portability, stability or consistency of the code. This
|
||||
document will attempt to document a few of the more important coding
|
||||
practices used at this time on the Samba project. The coding practices are
|
||||
expected to change slightly over time, and even to grow as more is learned
|
||||
about obscure portability considerations. Two existing documents
|
||||
<filename>samba/source/internals.doc</filename> and
|
||||
<filename>samba/source/architecture.doc</filename> provide
|
||||
additional information.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The loosely related question of coding style is very personal and this
|
||||
document does not attempt to address that subject, except to say that I
|
||||
have observed that eight character tabs seem to be preferred in Samba
|
||||
source. If you are interested in the topic of coding style, two oft-quoted
|
||||
documents are:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<ulink url="http://lxr.linux.no/source/Documentation/CodingStyle">http://lxr.linux.no/source/Documentation/CodingStyle</ulink>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<ulink url="http://www.fsf.org/prep/standards_toc.html">http://www.fsf.org/prep/standards_toc.html</ulink>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
But note that coding style in Samba varies due to the many different
|
||||
programmers who have contributed.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Following are some considerations you should use when adding new code to
|
||||
Samba. First and foremost remember that:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Portability is a primary consideration in adding function, as is network
|
||||
compatability with de facto, existing, real world CIFS/SMB implementations.
|
||||
There are lots of platforms that Samba builds on so use caution when adding
|
||||
a call to a library function that is not invoked in existing Samba code.
|
||||
Also note that there are many quite different SMB/CIFS clients that Samba
|
||||
tries to support, not all of which follow the SNIA CIFS Technical Reference
|
||||
(or the earlier Microsoft reference documents or the X/Open book on the SMB
|
||||
Standard) perfectly.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Here are some other suggestions:
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
|
||||
<listitem><para>
|
||||
use d_printf instead of printf for display text
|
||||
reason: enable auto-substitution of translated language text
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
use SAFE_FREE instead of free
|
||||
reason: reduce traps due to null pointers
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
don't use bzero use memset, or ZERO_STRUCT and ZERO_STRUCTP macros
|
||||
reason: not POSIX
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
don't use strcpy and strlen (use safe_* equivalents)
|
||||
reason: to avoid traps due to buffer overruns
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
don't use getopt_long, use popt functions instead
|
||||
reason: portability
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
explicitly add const qualifiers on parm passing in functions where parm
|
||||
is input only (somewhat controversial but const can be #defined away)
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
when passing a va_list as an arg, or assigning one to another
|
||||
please use the VA_COPY() macro
|
||||
reason: on some platforms, va_list is a struct that must be
|
||||
initialized in each function...can SEGV if you don't.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
discourage use of threads
|
||||
reason: portability (also see architecture.doc)
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
don't explicitly include new header files in C files - new h files
|
||||
should be included by adding them once to includes.h
|
||||
reason: consistency
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
don't explicitly extern functions (they are autogenerated by
|
||||
"make proto" into proto.h)
|
||||
reason: consistency
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
use endian safe macros when unpacking SMBs (see byteorder.h and
|
||||
internals.doc)
|
||||
reason: not everyone uses Intel
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Note Unicode implications of charset handling (see internals.doc). See
|
||||
pull_* and push_* and convert_string functions.
|
||||
reason: Internationalization
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Don't assume English only
|
||||
reason: See above
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Try to avoid using in/out parameters (functions that return data which
|
||||
overwrites input parameters)
|
||||
reason: Can cause stability problems
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Ensure copyright notices are correct, don't append Tridge's name to code
|
||||
that he didn't write. If you did not write the code, make sure that it
|
||||
can coexist with the rest of the Samba GPLed code.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Consider usage of DATA_BLOBs for length specified byte-data.
|
||||
reason: stability
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Take advantage of tdbs for database like function
|
||||
reason: consistency
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Don't access the SAM_ACCOUNT structure directly, they should be accessed
|
||||
via pdb_get...() and pdb_set...() functions.
|
||||
reason: stability, consistency
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Don't check a password directly against the passdb, always use the
|
||||
check_password() interface.
|
||||
reason: long term pluggability
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Try to use asprintf rather than pstrings and fstrings where possible
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Use normal C comments / * instead of C++ comments // like
|
||||
this. Although the C++ comment format is part of the C99
|
||||
standard, some older vendor C compilers do not accept it.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Try to write documentation for API functions and structures
|
||||
explaining the point of the code, the way it should be used, and
|
||||
any special conditions or results. Mark these with a double-star
|
||||
comment start / ** so that they can be picked up by Doxygen, as in
|
||||
this file.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Keep the scope narrow. This means making functions/variables
|
||||
static whenever possible. We don't want our namespace
|
||||
polluted. Each module should have a minimal number of externally
|
||||
visible functions or variables.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Use function pointers to keep knowledge about particular pieces of
|
||||
code isolated in one place. We don't want a particular piece of
|
||||
functionality to be spread out across lots of places - that makes
|
||||
for fragile, hand to maintain code. Instead, design an interface
|
||||
and use tables containing function pointers to implement specific
|
||||
functionality. This is particularly important for command
|
||||
interpreters.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Think carefully about what it will be like for someone else to add
|
||||
to and maintain your code. If it would be hard for someone else to
|
||||
maintain then do it another way.
|
||||
</para></listitem>
|
||||
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
The suggestions above are simply that, suggestions, but the information may
|
||||
help in reducing the routine rework done on new code. The preceeding list
|
||||
is expected to change routinely as new support routines and macros are
|
||||
added.
|
||||
</para>
|
||||
</chapter>
|
@ -1,154 +0,0 @@
|
||||
<chapter id="netbios">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Luke</firstname><surname>Leighton</surname>
|
||||
</author>
|
||||
<pubdate>12 June 1997</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>Definition of NetBIOS Protocol and Name Resolution Modes</title>
|
||||
|
||||
<sect1>
|
||||
<title>NETBIOS</title>
|
||||
|
||||
<para>
|
||||
NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX.
|
||||
Samba only uses NetBIOS over TCP/IP. For details on the TCP/IP NetBIOS
|
||||
Session Service NetBIOS Datagram Service, and NetBIOS Names, see
|
||||
rfc1001.txt and rfc1002.txt.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS
|
||||
datagrams to be sent out over the 'wire' embedded within LLC frames.
|
||||
NetBEUI is not required when using NetBIOS over TCP/IP protocols and it
|
||||
is preferable NOT to install NetBEUI if it can be avoided.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is
|
||||
preferable NOT to install the IPX/SPX transport unless you are using Novell
|
||||
servers. At the very least, it is recommended that you do not install
|
||||
'NetBIOS over IPX/SPX'.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
[When installing Windows 95, you will find that NetBEUI and IPX/SPX are
|
||||
installed as the default protocols. This is because they are the simplest
|
||||
to manage: no Windows 95 user-configuration is required].
|
||||
</para>
|
||||
|
||||
<para>
|
||||
NetBIOS applications (such as samba) offer their services (for example,
|
||||
SMB file and print sharing) on a NetBIOS name. They must claim this name
|
||||
on the network before doing so. The NetBIOS session service will then
|
||||
accept connections on the application's behalf (on the NetBIOS name
|
||||
claimed by the application). A NetBIOS session between the application
|
||||
and the client can then commence.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
NetBIOS names consist of 15 characters plus a 'type' character. This is
|
||||
similar, in concept, to an IP address and a TCP port number, respectively.
|
||||
A NetBIOS-aware application on a host will offer different services under
|
||||
different NetBIOS name types, just as a host will offer different TCP/IP
|
||||
services on different port numbers.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
NetBIOS names must be claimed on a network, and must be defended. The use
|
||||
of NetBIOS names is most suitable on a single subnet; a Local Area Network
|
||||
or a Wide Area Network.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
NetBIOS names are either UNIQUE or GROUP. Only one application can claim a
|
||||
UNIQUE NetBIOS name on a network.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>BROADCAST NetBIOS</title>
|
||||
|
||||
<para>
|
||||
Clients can claim names, and therefore offer services on successfully claimed
|
||||
names, on their broadcast-isolated subnet. One way to get NetBIOS services
|
||||
(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
|
||||
SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make
|
||||
your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This, however, is not recommended. If you have a large LAN or WAN, you will
|
||||
find that some of your hosts spend 95 percent of their time dealing with
|
||||
broadcast traffic. [If you have IPX/SPX on your LAN or WAN, you will find
|
||||
that this is already happening: a packet analyzer will show, roughly
|
||||
every twelve minutes, great swathes of broadcast traffic!].
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>NBNS NetBIOS</title>
|
||||
|
||||
<para>
|
||||
rfc1001.txt describes, amongst other things, the implementation and use
|
||||
of, a 'NetBIOS Name Service'. NT/AS offers 'Windows Internet Name Service'
|
||||
which is fully rfc1001/2 compliant, but has had to take specific action
|
||||
with certain NetBIOS names in order to make it useful. (for example, it
|
||||
deals with the registration of <1c> <1d> <1e> names all in different ways.
|
||||
I recommend the reading of the Microsoft WINS Server Help files for full
|
||||
details).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The use of a WINS server cuts down on broadcast network traffic for
|
||||
NetBIOS name resolution. It has the effect of pulling all the broadcast
|
||||
isolated subnets together into a single NetBIOS scope, across your LAN
|
||||
or WAN, while avoiding the use of TCP/IP broadcast packets.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When you have a WINS server on your LAN, WINS clients will be able to
|
||||
contact the WINS server to resolve NetBIOS names. Note that only those
|
||||
WINS clients that have registered with the same WINS server will be
|
||||
visible. The WINS server _can_ have static NetBIOS entries added to its
|
||||
database (usually for security reasons you might want to consider putting
|
||||
your domain controllers or other important servers as static entries,
|
||||
but you should not rely on this as your sole means of security), but for
|
||||
the most part, NetBIOS names are registered dynamically.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This provides some confusion for lots of people, and is worth mentioning
|
||||
here: a Browse Server is NOT a WINS Server, even if these services are
|
||||
implemented in the same application. A Browse Server _needs_ a WINS server
|
||||
because a Browse Server is a WINS client, which is _not_ the same thing].
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Clients can claim names, and therefore offer services on successfully claimed
|
||||
names, on their broadcast-isolated subnet. One way to get NetBIOS services
|
||||
(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
|
||||
SMB file/print sharing: see cifs6.txt) working on a LAN or WAN is to make
|
||||
your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
|
||||
You will find, however, if you do this on a large LAN or a WAN, that your
|
||||
network is completely swamped by NetBIOS and browsing packets, which is why
|
||||
WINS was developed to minimise the necessity of broadcast traffic.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
WINS Clients therefore claim names from the WINS server. If the WINS
|
||||
server allows them to register a name, the client's NetBIOS session service
|
||||
can then offer services on this name. Other WINS clients will then
|
||||
contact the WINS server to resolve a NetBIOS name.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,129 +0,0 @@
|
||||
<chapter id="tracing">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Andrew</firstname><surname>Tridgell</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
</affiliation>
|
||||
</author>
|
||||
</chapterinfo>
|
||||
|
||||
<title>Tracing samba system calls</title>
|
||||
|
||||
<para>
|
||||
This file describes how to do a system call trace on Samba to work out
|
||||
what its doing wrong. This is not for the faint of heart, but if you
|
||||
are reading this then you are probably desperate.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Actually its not as bad as the the above makes it sound, just don't
|
||||
expect the output to be very pretty :-)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Ok, down to business. One of the big advantages of unix systems is
|
||||
that they nearly all come with a system trace utility that allows you
|
||||
to monitor all system calls that a program is making. This is
|
||||
extremely using for debugging and also helps when trying to work out
|
||||
why something is slower than you expect. You can use system tracing
|
||||
without any special compilation options.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The system trace utility is called different things on different
|
||||
systems. On Linux systems its called strace. Under SunOS 4 its called
|
||||
trace. Under SVR4 style systems (including solaris) its called
|
||||
truss. Under many BSD systems its called ktrace.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The first thing you should do is read the man page for your native
|
||||
system call tracer. In the discussion below I'll assume its called
|
||||
strace as strace is the only portable system tracer (its available for
|
||||
free for many unix types) and its also got some of the nicest
|
||||
features.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Next, try using strace on some simple commands. For example, <command>strace
|
||||
ls</command> or <command>strace echo hello</command>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You'll notice that it produces a LOT of output. It is showing you the
|
||||
arguments to every system call that the program makes and the
|
||||
result. Very little happens in a program without a system call so you
|
||||
get lots of output. You'll also find that it produces a lot of
|
||||
"preamble" stuff showing the loading of shared libraries etc. Ignore
|
||||
this (unless its going wrong!)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For example, the only line that really matters in the <command>strace echo
|
||||
hello</command> output is:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
write(1, "hello\n", 6) = 6
|
||||
</programlisting></para>
|
||||
|
||||
<para>all the rest is just setting up to run the program.</para>
|
||||
|
||||
<para>
|
||||
Ok, now you're familiar with strace. To use it on Samba you need to
|
||||
strace the running smbd daemon. The way I tend ot use it is to first
|
||||
login from my Windows PC to the Samba server, then use smbstatus to
|
||||
find which process ID that client is attached to, then as root I do
|
||||
<command>strace -p PID</command> to attach to that process. I normally redirect the
|
||||
stderr output from this command to a file for later perusal. For
|
||||
example, if I'm using a csh style shell:
|
||||
</para>
|
||||
|
||||
<para><command>strace -f -p 3872 >& strace.out</command></para>
|
||||
|
||||
<para>or with a sh style shell:</para>
|
||||
|
||||
<para><command>strace -f -p 3872 > strace.out 2>&1</command></para>
|
||||
|
||||
<para>
|
||||
Note the "-f" option. This is only available on some systems, and
|
||||
allows you to trace not just the current process, but any children it
|
||||
forks. This is great for finding printing problems caused by the
|
||||
"print command" being wrong.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Once you are attached you then can do whatever it is on the client
|
||||
that is causing problems and you will capture all the system calls
|
||||
that smbd makes.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
So how do you interpret the results? Generally I search through the
|
||||
output for strings that I know will appear when the problem
|
||||
happens. For example, if I am having touble with permissions on a file
|
||||
I would search for that files name in the strace output and look at
|
||||
the surrounding lines. Another trick is to match up file descriptor
|
||||
numbers and "follow" what happens to an open file until it is closed.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Beyond this you will have to use your initiative. To give you an idea
|
||||
of what you are looking for here is a piece of strace output that
|
||||
shows that <filename>/dev/null</filename> is not world writeable, which
|
||||
causes printing to fail with Samba:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
[pid 28268] open("/dev/null", O_RDWR) = -1 EACCES (Permission denied)
|
||||
[pid 28268] open("/dev/null", O_WRONLY) = -1 EACCES (Permission denied)
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
The process is trying to first open <filename>/dev/null</filename> read-write
|
||||
then read-only. Both fail. This means <filename>/dev/null</filename> has
|
||||
incorrect permissions.
|
||||
</para>
|
||||
|
||||
</chapter>
|
@ -1,184 +0,0 @@
|
||||
<chapter id="architecture">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Dan</firstname><surname>Shearer</surname>
|
||||
</author>
|
||||
<pubdate> November 1997</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>Samba Architecture</title>
|
||||
|
||||
<sect1>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>
|
||||
This document gives a general overview of how Samba works
|
||||
internally. The Samba Team has tried to come up with a model which is
|
||||
the best possible compromise between elegance, portability, security
|
||||
and the constraints imposed by the very messy SMB and CIFS
|
||||
protocol.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It also tries to answer some of the frequently asked questions such as:
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
Is Samba secure when running on Unix? The xyz platform?
|
||||
What about the root priveliges issue?
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>Pros and cons of multithreading in various parts of Samba</para></listitem>
|
||||
|
||||
<listitem><para>Why not have a separate process for name resolution, WINS, and browsing?</para></listitem>
|
||||
|
||||
</orderedlist>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Multithreading and Samba</title>
|
||||
|
||||
<para>
|
||||
People sometimes tout threads as a uniformly good thing. They are very
|
||||
nice in their place but are quite inappropriate for smbd. nmbd is
|
||||
another matter, and multi-threading it would be very nice.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The short version is that smbd is not multithreaded, and alternative
|
||||
servers that take this approach under Unix (such as Syntax, at the
|
||||
time of writing) suffer tremendous performance penalties and are less
|
||||
robust. nmbd is not threaded either, but this is because it is not
|
||||
possible to do it while keeping code consistent and portable across 35
|
||||
or more platforms. (This drawback also applies to threading smbd.)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The longer versions is that there are very good reasons for not making
|
||||
smbd multi-threaded. Multi-threading would actually make Samba much
|
||||
slower, less scalable, less portable and much less robust. The fact
|
||||
that we use a separate process for each connection is one of Samba's
|
||||
biggest advantages.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Threading smbd</title>
|
||||
|
||||
<para>
|
||||
A few problems that would arise from a threaded smbd are:
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
It's not only to create threads instead of processes, but you
|
||||
must care about all variables if they have to be thread specific
|
||||
(currently they would be global).
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
if one thread dies (eg. a seg fault) then all threads die. We can
|
||||
immediately throw robustness out the window.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
many of the system calls we make are blocking. Non-blocking
|
||||
equivalents of many calls are either not available or are awkward (and
|
||||
slow) to use. So while we block in one thread all clients are
|
||||
waiting. Imagine if one share is a slow NFS filesystem and the others
|
||||
are fast, we will end up slowing all clients to the speed of NFS.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
you can't run as a different uid in different threads. This means
|
||||
we would have to switch uid/gid on _every_ SMB packet. It would be
|
||||
horrendously slow.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
the per process file descriptor limit would mean that we could only
|
||||
support a limited number of clients.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
we couldn't use the system locking calls as the locking context of
|
||||
fcntl() is a process, not a thread.
|
||||
</para></listitem>
|
||||
|
||||
</orderedlist>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Threading nmbd</title>
|
||||
|
||||
<para>
|
||||
This would be ideal, but gets sunk by portability requirements.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Andrew tried to write a test threads library for nmbd that used only
|
||||
ansi-C constructs (using setjmp and longjmp). Unfortunately some OSes
|
||||
defeat this by restricting longjmp to calling addresses that are
|
||||
shallower than the current address on the stack (apparently AIX does
|
||||
this). This makes a truly portable threads library impossible. So to
|
||||
support all our current platforms we would have to code nmbd both with
|
||||
and without threads, and as the real aim of threads is to make the
|
||||
code clearer we would not have gained anything. (it is a myth that
|
||||
threads make things faster. threading is like recursion, it can make
|
||||
things clear but the same thing can always be done faster by some
|
||||
other method)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Chris tried to spec out a general design that would abstract threading
|
||||
vs separate processes (vs other methods?) and make them accessible
|
||||
through some general API. This doesn't work because of the data
|
||||
sharing requirements of the protocol (packets in the future depending
|
||||
on packets now, etc.) At least, the code would work but would be very
|
||||
clumsy, and besides the fork() type model would never work on Unix. (Is there an OS that it would work on, for nmbd?)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A fork() is cheap, but not nearly cheap enough to do on every UDP
|
||||
packet that arrives. Having a pool of processes is possible but is
|
||||
nasty to program cleanly due to the enormous amount of shared data (in
|
||||
complex structures) between the processes. We can't rely on each
|
||||
platform having a shared memory system.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>nbmd Design</title>
|
||||
|
||||
<para>
|
||||
Originally Andrew used recursion to simulate a multi-threaded
|
||||
environment, which use the stack enormously and made for really
|
||||
confusing debugging sessions. Luke Leighton rewrote it to use a
|
||||
queuing system that keeps state information on each packet. The
|
||||
first version used a single structure which was used by all the
|
||||
pending states. As the initialisation of this structure was
|
||||
done by adding arguments, as the functionality developed, it got
|
||||
pretty messy. So, it was replaced with a higher-order function
|
||||
and a pointer to a user-defined memory block. This suddenly
|
||||
made things much simpler: large numbers of functions could be
|
||||
made static, and modularised. This is the same principle as used
|
||||
in NT's kernel, and achieves the same effect as threads, but in
|
||||
a single process.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Then Jeremy rewrote nmbd. The packet data in nmbd isn't what's on the
|
||||
wire. It's a nice format that is very amenable to processing but still
|
||||
keeps the idea of a distinct packet. See "struct packet_struct" in
|
||||
nameserv.h. It has all the detail but none of the on-the-wire
|
||||
mess. This makes it ideal for using in disk or memory-based databases
|
||||
for browsing and WINS support.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
</chapter>
|
File diff suppressed because it is too large
Load Diff
@ -1,109 +0,0 @@
|
||||
<chapter id="contributing">
|
||||
<chapterinfo>
|
||||
&author.jelmer;
|
||||
</chapterinfo>
|
||||
|
||||
<title>Contributing code</title>
|
||||
|
||||
<para>Here are a few tips and notes that might be useful if you are
|
||||
interested in modifying samba source code and getting it into
|
||||
samba's main branch.</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>Retrieving the source</term>
|
||||
|
||||
<listitem>
|
||||
<para>In order to contribute code to samba, make sure you have the
|
||||
latest source. Retrieving the samba source code from CVS is
|
||||
documented in the appendix of the Samba HOWTO Collection.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Discuss large modifications with team members</term>
|
||||
<listitem>
|
||||
<para>Please discuss large modifications you are going to make
|
||||
with members of the samba team. Some parts of the samba code
|
||||
have one or more 'owners' - samba developers who wrote most
|
||||
of the code and maintain it.
|
||||
</para>
|
||||
|
||||
<para>This way you can avoid spending your time and effort on
|
||||
something that is not going to make it into the main samba branch
|
||||
because someone else was working on the same thing or because your
|
||||
implementation is not the correct one.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Patch format</term>
|
||||
<listitem>
|
||||
<para>Patches to the samba tree should be in unified diff format,
|
||||
e.g. files generated by <userinput>diff -u</userinput>.
|
||||
</para>
|
||||
|
||||
<para>If you are modifying a copy of samba you retrieved from CVS,
|
||||
you can easily generate a diff file of these changes by running
|
||||
<userinput>cvs diff -u</userinput>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Points of attention when modifying samba source code</term>
|
||||
<listitem><para>
|
||||
<simplelist>
|
||||
<member>Don't simply copy code from other places and modify it until it
|
||||
works. Code needs to be clean and logical. Duplicate
|
||||
code is to be avoided.</member>
|
||||
<member>Test your patch. It might take a while before one of us looks
|
||||
at your patch so it will take longer before your patch when your patch
|
||||
needs to go thru the review cycle again.</member>
|
||||
<member>Don't put seperate patches in one large diff file. This makes
|
||||
it harder to read, understand and test the patch. You might
|
||||
also risk not getting a good patch committed because you mixed it
|
||||
with one that had issues. </member>
|
||||
<member>Make sure your patch complies to the samba coding style as
|
||||
suggested in the coding-suggestions chapter. </member>
|
||||
</simplelist>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Sending in bugfixes</term>
|
||||
<listitem>
|
||||
<para>Bugfixes to bugs in samba should be submitted to samba's
|
||||
<ulink url="https://bugzilla.samba.org/">bugzilla system</ulink>,
|
||||
along with a description of the bug.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Sending in feature patches</term>
|
||||
<listitem>
|
||||
<para>Send feature patches along with a description of what the
|
||||
patch is supposed to do to the
|
||||
<ulink url="mailto:samba-technical@samba.org">Samba-technical mailinglist</ulink> and possibly to a samba team member who is (one of the) 'owners'
|
||||
of the code you made modifications to. We are all busy people
|
||||
so everybody tends to 'let one of the others handle it'. If nobody
|
||||
responded to your patch for a week, try to send it again until you
|
||||
get a response from one of us.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Feedback on your patch</term>
|
||||
<listitem>
|
||||
<para>One of the team members will look at your patch and either
|
||||
commit your patch or give comments why he won't apply it. In the
|
||||
latter case you can fix your patch and re-send it until
|
||||
your patch is approved.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
</chapter>
|
@ -1,321 +0,0 @@
|
||||
<chapter id="debug">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Chris</firstname><surname>Hertel</surname>
|
||||
</author>
|
||||
<pubdate>July 1998</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>The samba DEBUG system</title>
|
||||
|
||||
<sect1>
|
||||
<title>New Output Syntax</title>
|
||||
|
||||
<para>
|
||||
The syntax of a debugging log file is represented as:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
>debugfile< :== { >debugmsg< }
|
||||
|
||||
>debugmsg< :== >debughdr< '\n' >debugtext<
|
||||
|
||||
>debughdr< :== '[' TIME ',' LEVEL ']' FILE ':' [FUNCTION] '(' LINE ')'
|
||||
|
||||
>debugtext< :== { >debugline< }
|
||||
|
||||
>debugline< :== TEXT '\n'
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
TEXT is a string of characters excluding the newline character.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
LEVEL is the DEBUG level of the message (an integer in the range
|
||||
0..10).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
TIME is a timestamp.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
FILE is the name of the file from which the debug message was
|
||||
generated.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
FUNCTION is the function from which the debug message was generated.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
LINE is the line number of the debug statement that generated the
|
||||
message.
|
||||
</para>
|
||||
|
||||
<para>Basically, what that all means is:</para>
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
A debugging log file is made up of debug messages.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Each debug message is made up of a header and text. The header is
|
||||
separated from the text by a newline.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
The header begins with the timestamp and debug level of the
|
||||
message enclosed in brackets. The filename, function, and line
|
||||
number at which the message was generated follow. The filename is
|
||||
terminated by a colon, and the function name is terminated by the
|
||||
parenthesis which contain the line number. Depending upon the
|
||||
compiler, the function name may be missing (it is generated by the
|
||||
__FUNCTION__ macro, which is not universally implemented, dangit).
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
The message text is made up of zero or more lines, each terminated
|
||||
by a newline.
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>Here's some example output:</para>
|
||||
|
||||
<para><programlisting>
|
||||
[1998/08/03 12:55:25, 1] nmbd.c:(659)
|
||||
Netbios nameserver version 1.9.19-prealpha started.
|
||||
Copyright Andrew Tridgell 1994-1997
|
||||
[1998/08/03 12:55:25, 3] loadparm.c:(763)
|
||||
Initializing global parameters
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
Note that in the above example the function names are not listed on
|
||||
the header line. That's because the example above was generated on an
|
||||
SGI Indy, and the SGI compiler doesn't support the __FUNCTION__ macro.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>The DEBUG() Macro</title>
|
||||
|
||||
<para>
|
||||
Use of the DEBUG() macro is unchanged. DEBUG() takes two parameters.
|
||||
The first is the message level, the second is the body of a function
|
||||
call to the Debug1() function.
|
||||
</para>
|
||||
|
||||
<para>That's confusing.</para>
|
||||
|
||||
<para>Here's an example which may help a bit. If you would write</para>
|
||||
|
||||
<para><programlisting>
|
||||
printf( "This is a %s message.\n", "debug" );
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
to send the output to stdout, then you would write
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
DEBUG( 0, ( "This is a %s message.\n", "debug" ) );
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
to send the output to the debug file. All of the normal printf()
|
||||
formatting escapes work.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Note that in the above example the DEBUG message level is set to 0.
|
||||
Messages at level 0 always print. Basically, if the message level is
|
||||
less than or equal to the global value DEBUGLEVEL, then the DEBUG
|
||||
statement is processed.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The output of the above example would be something like:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
[1998/07/30 16:00:51, 0] file.c:function(128)
|
||||
This is a debug message.
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
Each call to DEBUG() creates a new header *unless* the output produced
|
||||
by the previous call to DEBUG() did not end with a '\n'. Output to the
|
||||
debug file is passed through a formatting buffer which is flushed
|
||||
every time a newline is encountered. If the buffer is not empty when
|
||||
DEBUG() is called, the new input is simply appended.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
...but that's really just a Kludge. It was put in place because
|
||||
DEBUG() has been used to write partial lines. Here's a simple (dumb)
|
||||
example of the kind of thing I'm talking about:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
DEBUG( 0, ("The test returned " ) );
|
||||
if( test() )
|
||||
DEBUG(0, ("True") );
|
||||
else
|
||||
DEBUG(0, ("False") );
|
||||
DEBUG(0, (".\n") );
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
Without the format buffer, the output (assuming test() returned true)
|
||||
would look like this:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
[1998/07/30 16:00:51, 0] file.c:function(256)
|
||||
The test returned
|
||||
[1998/07/30 16:00:51, 0] file.c:function(258)
|
||||
True
|
||||
[1998/07/30 16:00:51, 0] file.c:function(261)
|
||||
.
|
||||
</programlisting></para>
|
||||
|
||||
<para>Which isn't much use. The format buffer kludge fixes this problem.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>The DEBUGADD() Macro</title>
|
||||
|
||||
<para>
|
||||
In addition to the kludgey solution to the broken line problem
|
||||
described above, there is a clean solution. The DEBUGADD() macro never
|
||||
generates a header. It will append new text to the current debug
|
||||
message even if the format buffer is empty. The syntax of the
|
||||
DEBUGADD() macro is the same as that of the DEBUG() macro.
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
DEBUG( 0, ("This is the first line.\n" ) );
|
||||
DEBUGADD( 0, ("This is the second line.\nThis is the third line.\n" ) );
|
||||
</programlisting></para>
|
||||
|
||||
<para>Produces</para>
|
||||
|
||||
<para><programlisting>
|
||||
[1998/07/30 16:00:51, 0] file.c:function(512)
|
||||
This is the first line.
|
||||
This is the second line.
|
||||
This is the third line.
|
||||
</programlisting></para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>The DEBUGLVL() Macro</title>
|
||||
|
||||
<para>
|
||||
One of the problems with the DEBUG() macro was that DEBUG() lines
|
||||
tended to get a bit long. Consider this example from
|
||||
nmbd_sendannounce.c:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
DEBUG(3,("send_local_master_announcement: type %x for name %s on subnet %s for workgroup %s\n",
|
||||
type, global_myname, subrec->subnet_name, work->work_group));
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
One solution to this is to break it down using DEBUG() and DEBUGADD(),
|
||||
as follows:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
DEBUG( 3, ( "send_local_master_announcement: " ) );
|
||||
DEBUGADD( 3, ( "type %x for name %s ", type, global_myname ) );
|
||||
DEBUGADD( 3, ( "on subnet %s ", subrec->subnet_name ) );
|
||||
DEBUGADD( 3, ( "for workgroup %s\n", work->work_group ) );
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
A similar, but arguably nicer approach is to use the DEBUGLVL() macro.
|
||||
This macro returns True if the message level is less than or equal to
|
||||
the global DEBUGLEVEL value, so:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
if( DEBUGLVL( 3 ) )
|
||||
{
|
||||
dbgtext( "send_local_master_announcement: " );
|
||||
dbgtext( "type %x for name %s ", type, global_myname );
|
||||
dbgtext( "on subnet %s ", subrec->subnet_name );
|
||||
dbgtext( "for workgroup %s\n", work->work_group );
|
||||
}
|
||||
</programlisting></para>
|
||||
|
||||
<para>(The dbgtext() function is explained below.)</para>
|
||||
|
||||
<para>There are a few advantages to this scheme:</para>
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
The test is performed only once.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
You can allocate variables off of the stack that will only be used
|
||||
within the DEBUGLVL() block.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Processing that is only relevant to debug output can be contained
|
||||
within the DEBUGLVL() block.
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>New Functions</title>
|
||||
|
||||
<sect2>
|
||||
<title>dbgtext()</title>
|
||||
<para>
|
||||
This function prints debug message text to the debug file (and
|
||||
possibly to syslog) via the format buffer. The function uses a
|
||||
variable argument list just like printf() or Debug1(). The
|
||||
input is printed into a buffer using the vslprintf() function,
|
||||
and then passed to format_debug_text().
|
||||
|
||||
If you use DEBUGLVL() you will probably print the body of the
|
||||
message using dbgtext().
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>dbghdr()</title>
|
||||
<para>
|
||||
This is the function that writes a debug message header.
|
||||
Headers are not processed via the format buffer. Also note that
|
||||
if the format buffer is not empty, a call to dbghdr() will not
|
||||
produce any output. See the comments in dbghdr() for more info.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It is not likely that this function will be called directly. It
|
||||
is used by DEBUG() and DEBUGADD().
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>format_debug_text()</title>
|
||||
<para>
|
||||
This is a static function in debug.c. It stores the output text
|
||||
for the body of the message in a buffer until it encounters a
|
||||
newline. When the newline character is found, the buffer is
|
||||
written to the debug file via the Debug1() function, and the
|
||||
buffer is reset. This allows us to add the indentation at the
|
||||
beginning of each line of the message body, and also ensures
|
||||
that the output is written a line at a time (which cleans up
|
||||
syslog output).
|
||||
</para>
|
||||
</sect2>
|
||||
</sect1>
|
||||
</chapter>
|
@ -1,87 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
<!ENTITY NetBIOS SYSTEM "NetBIOS.xml">
|
||||
<!ENTITY Architecture SYSTEM "architecture.xml">
|
||||
<!ENTITY debug SYSTEM "debug.xml">
|
||||
<!ENTITY internals SYSTEM "internals.xml">
|
||||
<!ENTITY parsing SYSTEM "parsing.xml">
|
||||
<!ENTITY unix-smb SYSTEM "unix-smb.xml">
|
||||
<!ENTITY CodingSuggestions SYSTEM "CodingSuggestions.xml">
|
||||
<!ENTITY Tracing SYSTEM "Tracing.xml">
|
||||
<!ENTITY cifsntdomain SYSTEM "cifsntdomain.xml">
|
||||
<!ENTITY printing SYSTEM "printing.xml">
|
||||
<!ENTITY wins SYSTEM "wins.xml">
|
||||
<!ENTITY sam SYSTEM "sam.xml">
|
||||
<!ENTITY encryption SYSTEM "encryption.xml">
|
||||
<!ENTITY rpc-plugin SYSTEM "rpc_plugin.xml">
|
||||
<!ENTITY modules SYSTEM "modules.xml">
|
||||
<!ENTITY packagers SYSTEM "packagers.xml">
|
||||
<!ENTITY contributing SYSTEM "contributing.xml">
|
||||
<!ENTITY vfs SYSTEM "vfs.xml">
|
||||
<!ENTITY windows-deb SYSTEM "windows-debug.xml">
|
||||
]>
|
||||
|
||||
<book id="Samba-Developers-Guide">
|
||||
|
||||
<title>SAMBA Developers Guide</title>
|
||||
|
||||
<bookinfo>
|
||||
<abstract>
|
||||
<para>
|
||||
<emphasis>Last Update</emphasis> : Fri Jun 6 00:45:54 CEST 2003
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This book is a collection of documents that might be useful for
|
||||
people developing samba or those interested in doing so.
|
||||
It's nothing more than a collection of documents written by samba developers about
|
||||
the internals of various parts of samba and the SMB protocol. It's still incomplete.
|
||||
The most recent version of this document
|
||||
can be found at <ulink url="http://devel.samba.org/">http://devel.samba.org/</ulink>.
|
||||
Please send updates to <ulink
|
||||
url="mailto:jelmer@samba.org">Jelmer Vernooij</ulink>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This documentation is distributed under the GNU General Public License (GPL)
|
||||
version 2. A copy of the license is included with the Samba source
|
||||
distribution. A copy can be found on-line at <ulink
|
||||
url="http://www.fsf.org/licenses/gpl.txt">http://www.fsf.org/licenses/gpl.txt</ulink>
|
||||
</para>
|
||||
|
||||
</abstract>
|
||||
|
||||
</bookinfo>
|
||||
<preface>
|
||||
<title>Attributions</title>
|
||||
|
||||
&attributions-dev;
|
||||
</preface>
|
||||
|
||||
|
||||
<!-- Contents -->
|
||||
<toc/>
|
||||
|
||||
<!-- Chapters -->
|
||||
&NetBIOS;
|
||||
&Architecture;
|
||||
&debug;
|
||||
&CodingSuggestions;
|
||||
&internals;
|
||||
&parsing;
|
||||
&unix-smb;
|
||||
&Tracing;
|
||||
&windows-deb;
|
||||
&cifsntdomain;
|
||||
&printing;
|
||||
&wins;
|
||||
&sam;
|
||||
&encryption;
|
||||
&modules;
|
||||
&rpc-plugin;
|
||||
&vfs;
|
||||
&packagers;
|
||||
&contributing;
|
||||
|
||||
</book>
|
@ -1,197 +0,0 @@
|
||||
<chapter id="pwencrypt">
|
||||
|
||||
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Jeremy</firstname><surname>Allison</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address>
|
||||
<email>samba@samba.org</email>
|
||||
</address>
|
||||
</affiliation>
|
||||
</author>
|
||||
|
||||
<pubdate>19 Apr 1999</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>LanMan and NT Password Encryption</title>
|
||||
|
||||
<sect1>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>With the development of LanManager and Windows NT
|
||||
compatible password encryption for Samba, it is now able
|
||||
to validate user connections in exactly the same way as
|
||||
a LanManager or Windows NT server.</para>
|
||||
|
||||
<para>This document describes how the SMB password encryption
|
||||
algorithm works and what issues there are in choosing whether
|
||||
you want to use it. You should read it carefully, especially
|
||||
the part about security and the "PROS and CONS" section.</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>How does it work?</title>
|
||||
|
||||
<para>LanManager encryption is somewhat similar to UNIX
|
||||
password encryption. The server uses a file containing a
|
||||
hashed value of a user's password. This is created by taking
|
||||
the user's plaintext password, capitalising it, and either
|
||||
truncating to 14 bytes or padding to 14 bytes with null bytes.
|
||||
This 14 byte value is used as two 56 bit DES keys to encrypt
|
||||
a 'magic' eight byte value, forming a 16 byte value which is
|
||||
stored by the server and client. Let this value be known as
|
||||
the "hashed password".</para>
|
||||
|
||||
<para>Windows NT encryption is a higher quality mechanism,
|
||||
consisting of doing an MD4 hash on a Unicode version of the user's
|
||||
password. This also produces a 16 byte hash value that is
|
||||
non-reversible.</para>
|
||||
|
||||
<para>When a client (LanManager, Windows for WorkGroups, Windows
|
||||
95 or Windows NT) wishes to mount a Samba drive (or use a Samba
|
||||
resource), it first requests a connection and negotiates the
|
||||
protocol that the client and server will use. In the reply to this
|
||||
request the Samba server generates and appends an 8 byte, random
|
||||
value - this is stored in the Samba server after the reply is sent
|
||||
and is known as the "challenge". The challenge is different for
|
||||
every client connection.</para>
|
||||
|
||||
<para>The client then uses the hashed password (16 byte values
|
||||
described above), appended with 5 null bytes, as three 56 bit
|
||||
DES keys, each of which is used to encrypt the challenge 8 byte
|
||||
value, forming a 24 byte value known as the "response".</para>
|
||||
|
||||
<para>In the SMB call SMBsessionsetupX (when user level security
|
||||
is selected) or the call SMBtconX (when share level security is
|
||||
selected), the 24 byte response is returned by the client to the
|
||||
Samba server. For Windows NT protocol levels the above calculation
|
||||
is done on both hashes of the user's password and both responses are
|
||||
returned in the SMB call, giving two 24 byte values.</para>
|
||||
|
||||
<para>The Samba server then reproduces the above calculation, using
|
||||
its own stored value of the 16 byte hashed password (read from the
|
||||
<filename>smbpasswd</filename> file - described later) and the challenge
|
||||
value that it kept from the negotiate protocol reply. It then checks
|
||||
to see if the 24 byte value it calculates matches the 24 byte value
|
||||
returned to it from the client.</para>
|
||||
|
||||
<para>If these values match exactly, then the client knew the
|
||||
correct password (or the 16 byte hashed value - see security note
|
||||
below) and is thus allowed access. If not, then the client did not
|
||||
know the correct password and is denied access.</para>
|
||||
|
||||
<para>Note that the Samba server never knows or stores the cleartext
|
||||
of the user's password - just the 16 byte hashed values derived from
|
||||
it. Also note that the cleartext password or 16 byte hashed values
|
||||
are never transmitted over the network - thus increasing security.</para>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>The smbpasswd file</title>
|
||||
<anchor id="SMBPASSWDFILEFORMAT"/>
|
||||
<para>In order for Samba to participate in the above protocol
|
||||
it must be able to look up the 16 byte hashed values given a user name.
|
||||
Unfortunately, as the UNIX password value is also a one way hash
|
||||
function (ie. it is impossible to retrieve the cleartext of the user's
|
||||
password given the UNIX hash of it), a separate password file
|
||||
containing this 16 byte value must be kept. To minimise problems with
|
||||
these two password files, getting out of sync, the UNIX <filename>
|
||||
/etc/passwd</filename> and the <filename>smbpasswd</filename> file,
|
||||
a utility, <command>mksmbpasswd.sh</command>, is provided to generate
|
||||
a smbpasswd file from a UNIX <filename>/etc/passwd</filename> file.
|
||||
</para>
|
||||
|
||||
|
||||
<para>To generate the smbpasswd file from your <filename>/etc/passwd
|
||||
</filename> file use the following command:</para>
|
||||
|
||||
<para><prompt>$ </prompt><userinput>cat /etc/passwd | mksmbpasswd.sh
|
||||
> /usr/local/samba/private/smbpasswd</userinput></para>
|
||||
|
||||
<para>If you are running on a system that uses NIS, use</para>
|
||||
|
||||
<para><prompt>$ </prompt><userinput>ypcat passwd | mksmbpasswd.sh
|
||||
> /usr/local/samba/private/smbpasswd</userinput></para>
|
||||
|
||||
<para>The <command>mksmbpasswd.sh</command> program is found in
|
||||
the Samba source directory. By default, the smbpasswd file is
|
||||
stored in :</para>
|
||||
|
||||
<para><filename>/usr/local/samba/private/smbpasswd</filename></para>
|
||||
|
||||
<para>The owner of the <filename>/usr/local/samba/private/</filename>
|
||||
directory should be set to root, and the permissions on it should
|
||||
be set to 0500 (<command>chmod 500 /usr/local/samba/private</command>).
|
||||
</para>
|
||||
|
||||
<para>Likewise, the smbpasswd file inside the private directory should
|
||||
be owned by root and the permissions on is should be set to 0600
|
||||
(<command>chmod 600 smbpasswd</command>).</para>
|
||||
|
||||
|
||||
<para>The format of the smbpasswd file is (The line has been
|
||||
wrapped here. It should appear as one entry per line in
|
||||
your smbpasswd file.)</para>
|
||||
|
||||
<para><programlisting>
|
||||
username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
|
||||
[Account type]:LCT-<last-change-time>:Long name
|
||||
</programlisting></para>
|
||||
|
||||
<para>Although only the <replaceable>username</replaceable>,
|
||||
<replaceable>uid</replaceable>, <replaceable>
|
||||
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</replaceable>,
|
||||
[<replaceable>Account type</replaceable>] and <replaceable>
|
||||
last-change-time</replaceable> sections are significant
|
||||
and are looked at in the Samba code.</para>
|
||||
|
||||
<para>It is <emphasis>VITALLY</emphasis> important that there by 32
|
||||
'X' characters between the two ':' characters in the XXX sections -
|
||||
the smbpasswd and Samba code will fail to validate any entries that
|
||||
do not have 32 characters between ':' characters. The first XXX
|
||||
section is for the Lanman password hash, the second is for the
|
||||
Windows NT version.</para>
|
||||
|
||||
<para>When the password file is created all users have password entries
|
||||
consisting of 32 'X' characters. By default this disallows any access
|
||||
as this user. When a user has a password set, the 'X' characters change
|
||||
to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii
|
||||
representation of the 16 byte hashed value of a user's password.</para>
|
||||
|
||||
<para>To set a user to have no password (not recommended), edit the file
|
||||
using vi, and replace the first 11 characters with the ascii text
|
||||
<constant>"NO PASSWORD"</constant> (minus the quotes).</para>
|
||||
|
||||
<para>For example, to clear the password for user bob, his smbpasswd file
|
||||
entry would look like :</para>
|
||||
|
||||
<para><programlisting>
|
||||
bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
|
||||
[U ]:LCT-00000000:Bob's full name:/bobhome:/bobshell
|
||||
</programlisting></para>
|
||||
|
||||
<para>If you are allowing users to use the smbpasswd command to set
|
||||
their own passwords, you may want to give users NO PASSWORD initially
|
||||
so they do not have to enter a previous password when changing to their
|
||||
new password (not recommended). In order for you to allow this the
|
||||
<command>smbpasswd</command> program must be able to connect to the
|
||||
<command>smbd</command> daemon as that user with no password. Enable this
|
||||
by adding the line :</para>
|
||||
|
||||
<para><command>null passwords = yes</command></para>
|
||||
|
||||
<para>to the [global] section of the smb.conf file (this is why
|
||||
the above scenario is not recommended). Preferably, allocate your
|
||||
users a default password to begin with, so you do not have
|
||||
to enable this on your server.</para>
|
||||
|
||||
<para><emphasis>Note : </emphasis>This file should be protected very
|
||||
carefully. Anyone with access to this file can (with enough knowledge of
|
||||
the protocols) gain access to your SMB server. The file is thus more
|
||||
sensitive than a normal unix <filename>/etc/passwd</filename> file.</para>
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,119 +0,0 @@
|
||||
<chapter id="gencache">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Rafal</firstname><surname>Szczesniak</surname>
|
||||
</author>
|
||||
<pubdate>April 2003</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>General cache mechanism and API</title>
|
||||
|
||||
<sect1>
|
||||
<title>Abstract</title>
|
||||
<para>
|
||||
General cache (gencache) was designed to combine various kinds of caching
|
||||
mechanisms into one, defined by a simple API. This way, anyone can use it
|
||||
to create their own caching layer on top of gencache. An example of
|
||||
such approach is the netbios name cache.
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>The mechanism</title>
|
||||
<para>
|
||||
Gencache utilises <emphasise>tdb</emphasise> database, like many other
|
||||
parts of Samba. As its origins are in Berkeley DB implementation, it
|
||||
uses key/value pairs stored in binary file. The values gencache
|
||||
operates on are string-based, however. This makes very easy to use it
|
||||
in command line environment eg. to quickly take a look at what's in
|
||||
the cache or set some value.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
All the data is stored in <filename>gencache.tdb</filename>
|
||||
file. Records put there are in key/value format as mentioned below,
|
||||
but as it's a cache, the timeout plays also important role and has a
|
||||
special place in the key/value pair, as well as API.
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
|
||||
<sect1>
|
||||
<title>The data structure</title>
|
||||
<para>
|
||||
The record stored in <filename>gencache.tdb</filename> file consists
|
||||
of the key, the value and the expiration timeout. While the first part
|
||||
is stored completely independent from the others, the last two are
|
||||
kept together. The form the record has is:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
key: <string&bt;
|
||||
value: <12-digit timeout&bt;/<string>
|
||||
</programlisting></para>
|
||||
|
||||
<para>The timeout part is the ASCII representation of
|
||||
<emphasis>time_t</emphasis> value of the time when the cache entry
|
||||
expires. Obviously the API, the programmer is provided with, hides this detail,
|
||||
so that you don't have to care about checking it. Simply watch
|
||||
carefully the return status of the function.
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>The API</title>
|
||||
|
||||
<para><programlisting>
|
||||
BOOL gencache_init()
|
||||
</programlisting></para>
|
||||
|
||||
<para>This is used to initialise to whole caching mechanism. It means
|
||||
opening the file or creating it if non-existing. If it's already been
|
||||
opened earlier, then the routine just does nothing and returns
|
||||
<constant>true</constant>. If something goes wrong, say the user
|
||||
doesn't have necessary rights, the function returns
|
||||
<constant>false</constant>.</para>
|
||||
|
||||
<para><programlisting>
|
||||
BOOL gencache_shutdown()
|
||||
</programlisting></para>
|
||||
|
||||
<para>This is the proper way to close the cache file. It simply
|
||||
returns <constant>true</constant> after successful closing file and
|
||||
<constant>false</constant> upon a failure.</para>
|
||||
|
||||
<para><programlisting>
|
||||
BOOL gencache_set(const char* keystr, const char* value, time_t timeout)
|
||||
</programlisting></para>
|
||||
|
||||
<para>This is one of the most basic functions. What it allows you to
|
||||
do is to set some particular cache entry. If the entry haven't
|
||||
existed yet, the function will act just as it was "gencache_add"
|
||||
function. If it's already been in the cache, the entry will be set to
|
||||
the new value. In either case, the cache entry will be set with given
|
||||
key, value and timeout. Thus it is comfortable way to just set the
|
||||
entry and not care about the details.</para>
|
||||
|
||||
<para><programlisting>
|
||||
BOOL gencache_set_only(const char* keystr, const char* value, time_t timeout)
|
||||
</programlisting></para>
|
||||
|
||||
<para><programlisting>
|
||||
BOOL gencache_del(const char* keystr)
|
||||
</programlisting></para>
|
||||
|
||||
<para><programlisting>
|
||||
BOOL gencache_get(const char* keystr, char** valstr, time_t* timeout)
|
||||
</programlisting></para>
|
||||
|
||||
<para><programlisting>
|
||||
void gencache_iterate(void (*fn)(const char* key, const char *value, time_t timeout, void* dptr),
|
||||
void* data, const char* keystr_pattern)
|
||||
|
||||
</programlisting></para>
|
||||
|
||||
<sect1>
|
||||
<title>Writing your own caching layer</title>
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,440 +0,0 @@
|
||||
<chapter id="internals">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>David</firstname><surname>Chappell</surname>
|
||||
<affiliation>
|
||||
<address><email>David.Chappell@mail.trincoll.edu</email></address>
|
||||
</affiliation>
|
||||
</author>
|
||||
<pubdate>8 May 1996</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>Samba Internals</title>
|
||||
|
||||
<sect1>
|
||||
<title>Character Handling</title>
|
||||
<para>
|
||||
This section describes character set handling in Samba, as implemented in
|
||||
Samba 3.0 and above
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In the past Samba had very ad-hoc character set handling. Scattered
|
||||
throughout the code were numerous calls which converted particular
|
||||
strings to/from DOS codepages. The problem is that there was no way of
|
||||
telling if a particular char* is in dos codepage or unix
|
||||
codepage. This led to a nightmare of code that tried to cope with
|
||||
particular cases without handlingt the general case.
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>The new functions</title>
|
||||
|
||||
<para>
|
||||
The new system works like this:
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
all char* strings inside Samba are "unix" strings. These are
|
||||
multi-byte strings that are in the charset defined by the "unix
|
||||
charset" option in smb.conf.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
there is no single fixed character set for unix strings, but any
|
||||
character set that is used does need the following properties:
|
||||
</para>
|
||||
<orderedlist>
|
||||
|
||||
<listitem><para>
|
||||
must not contain NULLs except for termination
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
must be 7-bit compatible with C strings, so that a constant
|
||||
string or character in C will be byte-for-byte identical to the
|
||||
equivalent string in the chosen character set.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
when you uppercase or lowercase a string it does not become
|
||||
longer than the original string
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
must be able to correctly hold all characters that your client
|
||||
will throw at it
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
For example, UTF-8 is fine, and most multi-byte asian character sets
|
||||
are fine, but UCS2 could not be used for unix strings as they
|
||||
contain nulls.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem><para>
|
||||
when you need to put a string into a buffer that will be sent on the
|
||||
wire, or you need a string in a character set format that is
|
||||
compatible with the clients character set then you need to use a
|
||||
pull_ or push_ function. The pull_ functions pull a string from a
|
||||
wire buffer into a (multi-byte) unix string. The push_ functions
|
||||
push a string out to a wire buffer.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
the two main pull_ and push_ functions you need to understand are
|
||||
pull_string and push_string. These functions take a base pointer
|
||||
that should point at the start of the SMB packet that the string is
|
||||
in. The functions will check the flags field in this packet to
|
||||
automatically determine if the packet is marked as a unicode packet,
|
||||
and they will choose whether to use unicode for this string based on
|
||||
that flag. You may also force this decision using the STR_UNICODE or
|
||||
STR_ASCII flags. For use in smbd/ and libsmb/ there are wrapper
|
||||
functions clistr_ and srvstr_ that call the pull_/push_ functions
|
||||
with the appropriate first argument.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You may also call the pull_ascii/pull_ucs2 or push_ascii/push_ucs2
|
||||
functions if you know that a particular string is ascii or
|
||||
unicode. There are also a number of other convenience functions in
|
||||
charcnv.c that call the pull_/push_ functions with particularly
|
||||
common arguments, such as pull_ascii_pstring()
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem><para>
|
||||
The biggest thing to remember is that internal (unix) strings in Samba
|
||||
may now contain multi-byte characters. This means you cannot assume
|
||||
that characters are always 1 byte long. Often this means that you will
|
||||
have to convert strings to ucs2 and back again in order to do some
|
||||
(seemingly) simple task. For examples of how to do this see functions
|
||||
like strchr_m(). I know this is very slow, and we will eventually
|
||||
speed it up but right now we want this stuff correct not fast.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
all lp_ functions now return unix strings. The magic "DOS" flag on
|
||||
parameters is gone.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
all vfs functions take unix strings. Don't convert when passing to them
|
||||
</para></listitem>
|
||||
|
||||
</orderedlist>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Macros in byteorder.h</title>
|
||||
|
||||
<para>
|
||||
This section describes the macros defined in byteorder.h. These macros
|
||||
are used extensively in the Samba code.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>CVAL(buf,pos)</title>
|
||||
|
||||
<para>
|
||||
returns the byte at offset pos within buffer buf as an unsigned character.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>PVAL(buf,pos)</title>
|
||||
<para>returns the value of CVAL(buf,pos) cast to type unsigned integer.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>SCVAL(buf,pos,val)</title>
|
||||
<para>sets the byte at offset pos within buffer buf to value val.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>SVAL(buf,pos)</title>
|
||||
<para>
|
||||
returns the value of the unsigned short (16 bit) little-endian integer at
|
||||
offset pos within buffer buf. An integer of this type is sometimes
|
||||
refered to as "USHORT".
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>IVAL(buf,pos)</title>
|
||||
<para>returns the value of the unsigned 32 bit little-endian integer at offset
|
||||
pos within buffer buf.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>SVALS(buf,pos)</title>
|
||||
<para>returns the value of the signed short (16 bit) little-endian integer at
|
||||
offset pos within buffer buf.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>IVALS(buf,pos)</title>
|
||||
<para>returns the value of the signed 32 bit little-endian integer at offset pos
|
||||
within buffer buf.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>SSVAL(buf,pos,val)</title>
|
||||
<para>sets the unsigned short (16 bit) little-endian integer at offset pos within
|
||||
buffer buf to value val.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>SIVAL(buf,pos,val)</title>
|
||||
<para>sets the unsigned 32 bit little-endian integer at offset pos within buffer
|
||||
buf to the value val.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>SSVALS(buf,pos,val)</title>
|
||||
<para>sets the short (16 bit) signed little-endian integer at offset pos within
|
||||
buffer buf to the value val.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>SIVALS(buf,pos,val)</title>
|
||||
<para>sets the signed 32 bit little-endian integer at offset pos withing buffer
|
||||
buf to the value val.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>RSVAL(buf,pos)</title>
|
||||
<para>returns the value of the unsigned short (16 bit) big-endian integer at
|
||||
offset pos within buffer buf.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>RIVAL(buf,pos)</title>
|
||||
<para>returns the value of the unsigned 32 bit big-endian integer at offset
|
||||
pos within buffer buf.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>RSSVAL(buf,pos,val)</title>
|
||||
<para>sets the value of the unsigned short (16 bit) big-endian integer at
|
||||
offset pos within buffer buf to value val.
|
||||
refered to as "USHORT".</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>RSIVAL(buf,pos,val)</title>
|
||||
<para>sets the value of the unsigned 32 bit big-endian integer at offset
|
||||
pos within buffer buf to value val.</para>
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
|
||||
<sect1>
|
||||
<title>LAN Manager Samba API</title>
|
||||
|
||||
<para>
|
||||
This section describes the functions need to make a LAN Manager RPC call.
|
||||
This information had been obtained by examining the Samba code and the LAN
|
||||
Manager 2.0 API documentation. It should not be considered entirely
|
||||
reliable.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<programlisting>
|
||||
call_api(int prcnt, int drcnt, int mprcnt, int mdrcnt,
|
||||
char *param, char *data, char **rparam, char **rdata);
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This function is defined in client.c. It uses an SMB transaction to call a
|
||||
remote api.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Parameters</title>
|
||||
|
||||
<para>The parameters are as follows:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
prcnt: the number of bytes of parameters begin sent.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
drcnt: the number of bytes of data begin sent.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
mprcnt: the maximum number of bytes of parameters which should be returned
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
mdrcnt: the maximum number of bytes of data which should be returned
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
param: a pointer to the parameters to be sent.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
data: a pointer to the data to be sent.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
rparam: a pointer to a pointer which will be set to point to the returned
|
||||
paramters. The caller of call_api() must deallocate this memory.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
rdata: a pointer to a pointer which will be set to point to the returned
|
||||
data. The caller of call_api() must deallocate this memory.
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
These are the parameters which you ought to send, in the order of their
|
||||
appearance in the parameter block:
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
|
||||
<listitem><para>
|
||||
An unsigned 16 bit integer API number. You should set this value with
|
||||
SSVAL(). I do not know where these numbers are described.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
An ASCIIZ string describing the parameters to the API function as defined
|
||||
in the LAN Manager documentation. The first parameter, which is the server
|
||||
name, is ommited. This string is based uppon the API function as described
|
||||
in the manual, not the data which is actually passed.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
An ASCIIZ string describing the data structure which ought to be returned.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Any parameters which appear in the function call, as defined in the LAN
|
||||
Manager API documentation, after the "Server" and up to and including the
|
||||
"uLevel" parameters.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
An unsigned 16 bit integer which gives the size in bytes of the buffer we
|
||||
will use to receive the returned array of data structures. Presumably this
|
||||
should be the same as mdrcnt. This value should be set with SSVAL().
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
An ASCIIZ string describing substructures which should be returned. If no
|
||||
substructures apply, this string is of zero length.
|
||||
</para></listitem>
|
||||
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
The code in client.c always calls call_api() with no data. It is unclear
|
||||
when a non-zero length data buffer would be sent.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Return value</title>
|
||||
|
||||
<para>
|
||||
The returned parameters (pointed to by rparam), in their order of appearance
|
||||
are:</para>
|
||||
|
||||
<orderedlist>
|
||||
|
||||
<listitem><para>
|
||||
An unsigned 16 bit integer which contains the API function's return code.
|
||||
This value should be read with SVAL().
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
An adjustment which tells the amount by which pointers in the returned
|
||||
data should be adjusted. This value should be read with SVAL(). Basically,
|
||||
the address of the start of the returned data buffer should have the returned
|
||||
pointer value added to it and then have this value subtracted from it in
|
||||
order to obtain the currect offset into the returned data buffer.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
A count of the number of elements in the array of structures returned.
|
||||
It is also possible that this may sometimes be the number of bytes returned.
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
When call_api() returns, rparam points to the returned parameters. The
|
||||
first if these is the result code. It will be zero if the API call
|
||||
suceeded. This value by be read with "SVAL(rparam,0)".
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The second parameter may be read as "SVAL(rparam,2)". It is a 16 bit offset
|
||||
which indicates what the base address of the returned data buffer was when
|
||||
it was built on the server. It should be used to correct pointer before
|
||||
use.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The returned data buffer contains the array of returned data structures.
|
||||
Note that all pointers must be adjusted before use. The function
|
||||
fix_char_ptr() in client.c can be used for this purpose.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The third parameter (which may be read as "SVAL(rparam,4)") has something to
|
||||
do with indicating the amount of data returned or possibly the amount of
|
||||
data which can be returned if enough buffer space is allowed.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Code character table</title>
|
||||
<para>
|
||||
Certain data structures are described by means of ASCIIz strings containing
|
||||
code characters. These are the code characters:
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
W a type byte little-endian unsigned integer
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
N a count of substructures which follow
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
D a four byte little-endian unsigned integer
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
B a byte (with optional count expressed as trailing ASCII digits)
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
z a four byte offset to a NULL terminated string
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
l a four byte offset to non-string user data
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
b an offset to data (with count expressed as trailing ASCII digits)
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
r pointer to returned data buffer???
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
L length in bytes of returned data buffer???
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
h number of bytes of information available???
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
|
||||
</sect1>
|
||||
</chapter>
|
@ -1,328 +0,0 @@
|
||||
<chapter id="modules">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Jelmer</firstname><surname>Vernooij</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>jelmer@samba.org</email></address>
|
||||
</affiliation>
|
||||
</author>
|
||||
<author>
|
||||
<firstname>Stefan</firstname><surname>Metzmacher</surname>
|
||||
<affiliation>
|
||||
<address><email>metze@metzemix.de</email></address>
|
||||
</affiliation>
|
||||
<contrib>events interface</contrib>
|
||||
</author>
|
||||
<pubdate> 17 September 2003 </pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>Modules</title>
|
||||
|
||||
<sect1>
|
||||
<title>Advantages</title>
|
||||
|
||||
<para>
|
||||
The new modules system has the following advantages:
|
||||
</para>
|
||||
|
||||
<simplelist>
|
||||
<member>Transparent loading of static and shared modules (no need
|
||||
for a subsystem to know about modules)</member>
|
||||
<member>Simple selection between shared and static modules at configure time</member>
|
||||
<member>"preload modules" option for increasing performance for stable modules</member>
|
||||
<member>No nasty #define stuff anymore</member>
|
||||
<member>All backends are available as plugin now (including pdb_ldap and pdb_tdb)</member>
|
||||
</simplelist>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Loading modules</title>
|
||||
|
||||
<para>
|
||||
Some subsystems in samba use different backends. These backends can be
|
||||
either statically linked in to samba or available as a plugin. A subsystem
|
||||
should have a function that allows a module to register itself. For example,
|
||||
the passdb subsystem has:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init);
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
This function will be called by the initialisation function of the module to
|
||||
register itself.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Static modules</title>
|
||||
|
||||
<para>
|
||||
The modules system compiles a list of initialisation functions for the
|
||||
static modules of each subsystem. This is a define. For example,
|
||||
it is here currently (from <filename>include/config.h</filename>):
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
/* Static init functions */
|
||||
#define static_init_pdb { pdb_mysql_init(); pdb_ldap_init(); pdb_smbpasswd_init(); pdb_tdbsam_init(); pdb_guest_init();}
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
These functions should be called before the subsystem is used. That
|
||||
should be done when the subsystem is initialised or first used.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Shared modules</title>
|
||||
|
||||
<para>
|
||||
If a subsystem needs a certain backend, it should check if it has
|
||||
already been registered. If the backend hasn't been registered already,
|
||||
the subsystem should call smb_probe_module(char *subsystem, char *backend).
|
||||
This function tries to load the correct module from a certain path
|
||||
($LIBDIR/subsystem/backend.so). If the first character in 'backend'
|
||||
is a slash, smb_probe_module() tries to load the module from the
|
||||
absolute path specified in 'backend'.
|
||||
</para>
|
||||
|
||||
<para>After smb_probe_module() has been executed, the subsystem
|
||||
should check again if the module has been registered.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Writing modules</title>
|
||||
|
||||
<para>
|
||||
Each module has an initialisation function. For modules that are
|
||||
included with samba this name is '<replaceable>subsystem</replaceable>_<replaceable>backend</replaceable>_init'. For external modules (that will never be built-in, but only available as a module) this name is always 'init_module'. (In the case of modules included with samba, the configure system will add a #define subsystem_backend_init() init_module()).
|
||||
The prototype for these functions is:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
NTSTATUS init_module(void);
|
||||
</programlisting></para>
|
||||
|
||||
<para>This function should call one or more
|
||||
registration functions. The function should return NT_STATUS_OK on success and
|
||||
NT_STATUS_UNSUCCESSFUL or a more useful nt error code on failure.</para>
|
||||
|
||||
<para>For example, pdb_ldap_init() contains: </para>
|
||||
|
||||
<para><programlisting>
|
||||
NTSTATUS pdb_ldap_init(void)
|
||||
{
|
||||
smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam);
|
||||
smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_nua", pdb_init_ldapsam_nua);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
</programlisting></para>
|
||||
|
||||
<sect2>
|
||||
<title>Static/Shared selection in configure.in</title>
|
||||
|
||||
<para>
|
||||
Some macros in configure.in generate the various defines and substs that
|
||||
are necessary for the system to work correct. All modules that should
|
||||
be built by default have to be added to the variable 'default_modules'.
|
||||
For example, if ldap is found, pdb_ldap is added to this variable.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
On the bottom of configure.in, SMB_MODULE() should be called
|
||||
for each module and SMB_SUBSYSTEM() for each subsystem.
|
||||
</para>
|
||||
|
||||
<para>Syntax:</para>
|
||||
|
||||
<para><programlisting>
|
||||
SMB_MODULE(<replaceable>subsystem</replaceable>_<replaceable>backend</replaceable>, <replaceable>object files</replaceable>, <replaceable>plugin name</replaceable>, <replaceable>subsystem name</replaceable>, <replaceable>static_action</replaceable>, <replaceable>shared_action</replaceable>)
|
||||
SMB_SUBSYSTEM(<replaceable>subsystem</replaceable>,<replaceable>depfile</replaceable>)
|
||||
</programlisting></para>
|
||||
|
||||
<para>The depfile for a certain subsystem is the file that calls the
|
||||
initialisation functions for the statically built in modules.</para>
|
||||
|
||||
<para>
|
||||
<replaceable>@SUBSYSTEM_MODULES@</replaceable> in Makefile.in will
|
||||
be replaced with the names of the plugins to build.
|
||||
</para>
|
||||
|
||||
<para>You must make sure all .c files that contain defines that can
|
||||
be changed by ./configure are rebuilded in the 'modules_clean' make target.
|
||||
Practically, this means all c files that contain <command>static_init_subsystem;</command> calls need to be rebuilded.
|
||||
</para>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
There currently also is a configure.in command called SMB_MODULE_PROVIVES().
|
||||
This is used for modules that register multiple things. It should not
|
||||
be used as probing will most likely disappear in the future.</para>
|
||||
</note>
|
||||
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Registration of events</title>
|
||||
|
||||
<sect2>
|
||||
<title>Intention</title>
|
||||
|
||||
<para>
|
||||
For some modules it is necessary to drop idle database connections,
|
||||
or do other things periodically.
|
||||
Some modules need to do close database connections or similar things
|
||||
when the server exits.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Advantages</title>
|
||||
|
||||
<para>
|
||||
The event registration system has the following advantages:
|
||||
</para>
|
||||
|
||||
<simplelist>
|
||||
<member>Every module is able to register/unregister idle or exit handlers called from the main server loop</member>
|
||||
<member>No need for hacking the main server anymore</member>
|
||||
</simplelist>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>General stuff</title>
|
||||
|
||||
<para>
|
||||
Each event has an event_id of type smb_event_id_t, which identifies the event in its event list.
|
||||
(Take a look at <filename>include/module.h</filename> and <filename>lib/module.c</filename>.)
|
||||
There are currently two event types:
|
||||
</para>
|
||||
|
||||
<simplelist>
|
||||
<member>idle events</member>
|
||||
<member>exit events</member>
|
||||
</simplelist>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Type: idle event</title>
|
||||
|
||||
<para>
|
||||
Idle events are called periodically from the main server loop.
|
||||
if the specified interval is less or equal than 0, the default SMB_IDLE_EVENT_DEFAULT_INTERVAL (180 s) is used.
|
||||
if the specified interval is less than SMB_IDLE_EVENT_MIN_INTERVAL (30 s), SMB_IDLE_EVENT_MIN_INTERVAL is used.
|
||||
In any other case the specified interval is used.
|
||||
</para>
|
||||
|
||||
<note><para>
|
||||
the real interval can be differ from the specified interval about up to +/- 30 s.
|
||||
</para></note>
|
||||
|
||||
<para>
|
||||
Idle events can be registered via the
|
||||
<programlisting>
|
||||
smb_event_id_t smb_register_idle_event(smb_idle_event_fn *fn, void *data, time_t interval);
|
||||
</programlisting> function.
|
||||
</para>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry><term>fn</term>
|
||||
<listitem><para>
|
||||
the function pointer to idle handler function.
|
||||
this function must have the following prototype!
|
||||
<programlisting>
|
||||
void example_idle_event_fn(void **data, time_t *interval, time_t now);
|
||||
</programlisting>
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>data</term>
|
||||
<listitem><para>this is a pointer to private data which is passed to the idle function when it's called.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>interval</term>
|
||||
<listitem><para>
|
||||
this is a pointer to the time_t interval in witch the idle handler function is called.
|
||||
the idle handler is able to change it's interval.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>
|
||||
the event_id is returned on succes, on failure SMB_EVENT_ID_INVALID is returned.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Idle events can be unregistered via the
|
||||
<programlisting>
|
||||
BOOL smb_unregister_idle_event(smb_event_id_t id);
|
||||
</programlisting> function.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
True is returned on success, False on failure.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Type: exit event</title>
|
||||
|
||||
<para>Exit events are called when the server exits</para>
|
||||
|
||||
<para>
|
||||
Exit events can be registered via the
|
||||
<programlisting>
|
||||
smb_event_id_t smb_register_exit_event(smb_exit_event_fn *fn, void *data);
|
||||
</programlisting> function.
|
||||
</para>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry><term>fn</term>
|
||||
<listitem><para>
|
||||
the function pointer to exit handler function.
|
||||
this function must have the following prototype!
|
||||
<programlisting>
|
||||
void example_exit_event_fn(void **data);
|
||||
</programlisting>
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>data</term>
|
||||
<listitem><para>this is a pointer to private data which is passed to the exit function when it's called.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
<para>
|
||||
the event_id is returned on success, on failure SMB_EVENT_ID_INVALID is returned.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Exit events can be unregistered via the
|
||||
<programlisting>
|
||||
BOOL smb_unregister_exit_event(smb_event_id_t id);
|
||||
</programlisting> function.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
True is returned on succes, False on failure.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,40 +0,0 @@
|
||||
<chapter id="Packaging">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Jelmer</firstname><surname>Vernooij</surname>
|
||||
</author>
|
||||
</chapterinfo>
|
||||
|
||||
<title>Notes to packagers</title>
|
||||
|
||||
<sect1>
|
||||
<title>Versioning</title>
|
||||
|
||||
<para>Please, please update the version number in
|
||||
<filename>source/include/version.h</filename> to include the versioning of your package. This makes it easier to distinguish standard samba builds
|
||||
from custom-build samba builds (distributions often patch packages). For
|
||||
example, a good version would be: </para>
|
||||
|
||||
<para><programlisting>
|
||||
Version 2.999+3.0.alpha21-5 for Debian
|
||||
</programlisting></para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Modules</title>
|
||||
|
||||
<para>Samba now has support for building parts of samba as plugins. This
|
||||
makes it possible to, for example, put ldap or mysql support in a seperate
|
||||
package, thus making it possible to have a normal samba package not
|
||||
depending on ldap or mysql. To build as much parts of samba
|
||||
as a plugin, run: </para>
|
||||
|
||||
<para><programlisting>
|
||||
./configure --with-shared-modules=rpc,vfs,auth,pdb,charset
|
||||
</programlisting></para>
|
||||
|
||||
</sect1>
|
||||
|
||||
|
||||
</chapter>
|
@ -1,239 +0,0 @@
|
||||
<chapter id="parsing">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Chris</firstname><surname>Hertel</surname>
|
||||
</author>
|
||||
<pubdate>November 1997</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>The smb.conf file</title>
|
||||
|
||||
<sect1>
|
||||
<title>Lexical Analysis</title>
|
||||
|
||||
<para>
|
||||
Basically, the file is processed on a line by line basis. There are
|
||||
four types of lines that are recognized by the lexical analyzer
|
||||
(params.c):
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
Blank lines - Lines containing only whitespace.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Comment lines - Lines beginning with either a semi-colon or a
|
||||
pound sign (';' or '#').
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Section header lines - Lines beginning with an open square bracket ('[').
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Parameter lines - Lines beginning with any other character.
|
||||
(The default line type.)
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
The first two are handled exclusively by the lexical analyzer, which
|
||||
ignores them. The latter two line types are scanned for
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
- Section names
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
- Parameter names
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
- Parameter values
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
These are the only tokens passed to the parameter loader
|
||||
(loadparm.c). Parameter names and values are divided from one
|
||||
another by an equal sign: '='.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Handling of Whitespace</title>
|
||||
|
||||
<para>
|
||||
Whitespace is defined as all characters recognized by the isspace()
|
||||
function (see ctype(3C)) except for the newline character ('\n')
|
||||
The newline is excluded because it identifies the end of the line.
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
The lexical analyzer scans past white space at the beginning of a line.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Section and parameter names may contain internal white space. All
|
||||
whitespace within a name is compressed to a single space character.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Internal whitespace within a parameter value is kept verbatim with
|
||||
the exception of carriage return characters ('\r'), all of which
|
||||
are removed.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Leading and trailing whitespace is removed from names and values.
|
||||
</para></listitem>
|
||||
|
||||
</orderedlist>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Handling of Line Continuation</title>
|
||||
|
||||
<para>
|
||||
Long section header and parameter lines may be extended across
|
||||
multiple lines by use of the backslash character ('\\'). Line
|
||||
continuation is ignored for blank and comment lines.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If the last (non-whitespace) character within a section header or on
|
||||
a parameter line is a backslash, then the next line will be
|
||||
(logically) concatonated with the current line by the lexical
|
||||
analyzer. For example:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
param name = parameter value string \
|
||||
with line continuation.
|
||||
</programlisting></para>
|
||||
|
||||
<para>Would be read as</para>
|
||||
|
||||
<para><programlisting>
|
||||
param name = parameter value string with line continuation.
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
Note that there are five spaces following the word 'string',
|
||||
representing the one space between 'string' and '\\' in the top
|
||||
line, plus the four preceeding the word 'with' in the second line.
|
||||
(Yes, I'm counting the indentation.)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Line continuation characters are ignored on blank lines and at the end
|
||||
of comments. They are *only* recognized within section and parameter
|
||||
lines.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Line Continuation Quirks</title>
|
||||
|
||||
<para>Note the following example:</para>
|
||||
|
||||
<para><programlisting>
|
||||
param name = parameter value string \
|
||||
\
|
||||
with line continuation.
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
The middle line is *not* parsed as a blank line because it is first
|
||||
concatonated with the top line. The result is
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
param name = parameter value string with line continuation.
|
||||
</programlisting></para>
|
||||
|
||||
<para>The same is true for comment lines.</para>
|
||||
|
||||
<para><programlisting>
|
||||
param name = parameter value string \
|
||||
; comment \
|
||||
with a comment.
|
||||
</programlisting></para>
|
||||
|
||||
<para>This becomes:</para>
|
||||
|
||||
<para><programlisting>
|
||||
param name = parameter value string ; comment with a comment.
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
On a section header line, the closing bracket (']') is considered a
|
||||
terminating character, and the rest of the line is ignored. The lines
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
[ section name ] garbage \
|
||||
param name = value
|
||||
</programlisting></para>
|
||||
|
||||
<para>are read as</para>
|
||||
|
||||
<para><programlisting>
|
||||
[section name]
|
||||
param name = value
|
||||
</programlisting></para>
|
||||
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Syntax</title>
|
||||
|
||||
<para>The syntax of the smb.conf file is as follows:</para>
|
||||
|
||||
<para><programlisting>
|
||||
<file> :== { <section> } EOF
|
||||
<section> :== <section header> { <parameter line> }
|
||||
<section header> :== '[' NAME ']'
|
||||
<parameter line> :== NAME '=' VALUE NL
|
||||
</programlisting></para>
|
||||
|
||||
<para>Basically, this means that</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
a file is made up of zero or more sections, and is terminated by
|
||||
an EOF (we knew that).
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
A section is made up of a section header followed by zero or more
|
||||
parameter lines.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
A section header is identified by an opening bracket and
|
||||
terminated by the closing bracket. The enclosed NAME identifies
|
||||
the section.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
A parameter line is divided into a NAME and a VALUE. The *first*
|
||||
equal sign on the line separates the NAME from the VALUE. The
|
||||
VALUE is terminated by a newline character (NL = '\n').
|
||||
</para></listitem>
|
||||
|
||||
</orderedlist>
|
||||
|
||||
<sect2>
|
||||
<title>About params.c</title>
|
||||
|
||||
<para>
|
||||
The parsing of the config file is a bit unusual if you are used to
|
||||
lex, yacc, bison, etc. Both lexical analysis (scanning) and parsing
|
||||
are performed by params.c. Values are loaded via callbacks to
|
||||
loadparm.c.
|
||||
</para>
|
||||
</sect2>
|
||||
</sect1>
|
||||
</chapter>
|
@ -1,393 +0,0 @@
|
||||
<chapter id="printing">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Gerald</firstname><surname>Carter</surname>
|
||||
</author>
|
||||
<pubdate>October 2002</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
|
||||
<title>Samba Printing Internals</title>
|
||||
|
||||
|
||||
<sect1>
|
||||
<title>Abstract</title>
|
||||
<para>
|
||||
The purpose of this document is to provide some insight into
|
||||
Samba's printing functionality and also to describe the semantics
|
||||
of certain features of Windows client printing.
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
|
||||
|
||||
<sect1>
|
||||
<title>
|
||||
Printing Interface to Various Back ends
|
||||
</title>
|
||||
|
||||
<para>
|
||||
Samba uses a table of function pointers to seven functions. The
|
||||
function prototypes are defined in the <varname>printif</varname> structure declared
|
||||
in <filename>printing.h</filename>.
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>retrieve the contents of a print queue</para></listitem>
|
||||
<listitem><para>pause the print queue</para></listitem>
|
||||
<listitem><para>resume a paused print queue</para></listitem>
|
||||
<listitem><para>delete a job from the queue</para></listitem>
|
||||
<listitem><para>pause a job in the print queue</para></listitem>
|
||||
<listitem><para>result a paused print job in the queue</para></listitem>
|
||||
<listitem><para>submit a job to the print queue</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
Currently there are only two printing back end implementations
|
||||
defined.
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>a generic set of functions for working with standard UNIX
|
||||
printing subsystems</para></listitem>
|
||||
|
||||
<listitem><para>a set of CUPS specific functions (this is only enabled if
|
||||
the CUPS libraries were located at compile time).</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</sect1>
|
||||
|
||||
|
||||
|
||||
|
||||
<sect1>
|
||||
<title>
|
||||
Print Queue TDB's
|
||||
</title>
|
||||
|
||||
|
||||
<para>
|
||||
Samba provides periodic caching of the output from the "lpq command"
|
||||
for performance reasons. This cache time is configurable in seconds.
|
||||
Obviously the longer the cache time the less often smbd will be
|
||||
required to exec a copy of lpq. However, the accuracy of the print
|
||||
queue contents displayed to clients will be diminished as well.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The list of currently opened print queue TDB's can be found
|
||||
be examining the list of tdb_print_db structures ( see print_db_head
|
||||
in printing.c ). A queue TDB is opened using the wrapper function
|
||||
printing.c:get_print_db_byname(). The function ensures that smbd
|
||||
does not open more than MAX_PRINT_DBS_OPEN in an effort to prevent
|
||||
a large print server from exhausting all available file descriptors.
|
||||
If the number of open queue TDB's exceeds the MAX_PRINT_DBS_OPEN
|
||||
limit, smbd falls back to a most recently used algorithm for maintaining
|
||||
a list of open TDB's.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
There are two ways in which a a print job can be entered into
|
||||
a print queue's TDB. The first is to submit the job from a Windows
|
||||
client which will insert the job information directly into the TDB.
|
||||
The second method is to have the print job picked up by executing the
|
||||
"lpq command".
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
/* included from printing.h */
|
||||
struct printjob {
|
||||
pid_t pid; /* which process launched the job */
|
||||
int sysjob; /* the system (lp) job number */
|
||||
int fd; /* file descriptor of open file if open */
|
||||
time_t starttime; /* when the job started spooling */
|
||||
int status; /* the status of this job */
|
||||
size_t size; /* the size of the job so far */
|
||||
int page_count; /* then number of pages so far */
|
||||
BOOL spooled; /* has it been sent to the spooler yet? */
|
||||
BOOL smbjob; /* set if the job is a SMB job */
|
||||
fstring filename; /* the filename used to spool the file */
|
||||
fstring jobname; /* the job name given to us by the client */
|
||||
fstring user; /* the user who started the job */
|
||||
fstring queuename; /* service number of printer for this job */
|
||||
NT_DEVICEMODE *nt_devmode;
|
||||
};
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
The current manifestation of the printjob structure contains a field
|
||||
for the UNIX job id returned from the "lpq command" and a Windows job
|
||||
ID (32-bit bounded by PRINT_MAX_JOBID). When a print job is returned
|
||||
by the "lpq command" that does not match an existing job in the queue's
|
||||
TDB, a 32-bit job ID above the <*vance doesn't know what word is missing here*> is generating by adding UNIX_JOB_START to
|
||||
the id reported by lpq.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In order to match a 32-bit Windows jobid onto a 16-bit lanman print job
|
||||
id, smbd uses an in memory TDB to match the former to a number appropriate
|
||||
for old lanman clients.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When updating a print queue, smbd will perform the following
|
||||
steps ( refer to <filename>print.c:print_queue_update()</filename> ):
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>Check to see if another smbd is currently in
|
||||
the process of updating the queue contents by checking the pid
|
||||
stored in <constant>LOCK/<replaceable>printer_name</replaceable></constant>.
|
||||
If so, then do not update the TDB.</para></listitem>
|
||||
|
||||
<listitem><para>Lock the mutex entry in the TDB and store our own pid.
|
||||
Check that this succeeded, else fail.</para></listitem>
|
||||
|
||||
<listitem><para>Store the updated time stamp for the new cache
|
||||
listing</para></listitem>
|
||||
|
||||
<listitem><para>Retrieve the queue listing via "lpq command"</para></listitem>
|
||||
|
||||
<listitem><para><programlisting>
|
||||
foreach job in the queue
|
||||
{
|
||||
if the job is a UNIX job, create a new entry;
|
||||
if the job has a Windows based jobid, then
|
||||
{
|
||||
Lookup the record by the jobid;
|
||||
if the lookup failed, then
|
||||
treat it as a UNIX job;
|
||||
else
|
||||
update the job status only
|
||||
}
|
||||
}</programlisting></para></listitem>
|
||||
|
||||
<listitem><para>Delete any jobs in the TDB that are not
|
||||
in the in the lpq listing</para></listitem>
|
||||
|
||||
<listitem><para>Store the print queue status in the TDB</para></listitem>
|
||||
|
||||
<listitem><para>update the cache time stamp again</para></listitem>
|
||||
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
Note that it is the contents of this TDB that is returned to Windows
|
||||
clients and not the actual listing from the "lpq command".
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The NT_DEVICEMODE stored as part of the printjob structure is used to
|
||||
store a pointer to a non-default DeviceMode associated with the print
|
||||
job. The pointer will be non-null when the client included a Device
|
||||
Mode in the OpenPrinterEx() call and subsequently submitted a job for
|
||||
printing on that same handle. If the client did not include a Device
|
||||
Mode in the OpenPrinterEx() request, the nt_devmode field is NULL
|
||||
and the job has the printer's device mode associated with it by default.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Only non-default Device Mode are stored with print jobs in the print
|
||||
queue TDB. Otherwise, the Device Mode is obtained from the printer
|
||||
object when the client issues a GetJob(level == 2) request.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
|
||||
|
||||
|
||||
<sect1>
|
||||
<title>
|
||||
ChangeID and Client Caching of Printer Information
|
||||
</title>
|
||||
|
||||
<para>
|
||||
[To be filled in later]
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
|
||||
|
||||
<sect1>
|
||||
<title>
|
||||
Windows NT/2K Printer Change Notify
|
||||
</title>
|
||||
|
||||
<para>
|
||||
When working with Windows NT+ clients, it is possible for a
|
||||
print server to use RPC to send asynchronous change notification
|
||||
events to clients for certain printer and print job attributes.
|
||||
This can be useful when the client needs to know that a new
|
||||
job has been added to the queue for a given printer or that the
|
||||
driver for a printer has been changed. Note that this is done
|
||||
entirely orthogonal to cache updates based on a new ChangeID for
|
||||
a printer object.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The basic set of RPC's used to implement change notification are
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>RemoteFindFirstPrinterChangeNotifyEx ( RFFPCN )</para></listitem>
|
||||
<listitem><para>RemoteFindNextPrinterChangeNotifyEx ( RFNPCN )</para></listitem>
|
||||
<listitem><para>FindClosePrinterChangeNotify( FCPCN )</para></listitem>
|
||||
<listitem><para>ReplyOpenPrinter</para></listitem>
|
||||
<listitem><para>ReplyClosePrinter</para></listitem>
|
||||
<listitem><para>RouteRefreshPrinterChangeNotify ( RRPCN )</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
One additional RPC is available to a server, but is never used by the
|
||||
Windows spooler service:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>RouteReplyPrinter()</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
The opnum for all of these RPC's are defined in include/rpc_spoolss.h
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Windows NT print servers use a bizarre method of sending print
|
||||
notification event to clients. The process of registering a new change
|
||||
notification handle is as follows. The 'C' is for client and the
|
||||
'S' is for server. All error conditions have been eliminated.
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
C: Obtain handle to printer or to the printer
|
||||
server via the standard OpenPrinterEx() call.
|
||||
S: Respond with a valid handle to object
|
||||
|
||||
C: Send a RFFPCN request with the previously obtained
|
||||
handle with either (a) set of flags for change events
|
||||
to monitor, or (b) a PRINTER_NOTIFY_OPTIONS structure
|
||||
containing the event information to monitor. The windows
|
||||
spooler has only been observed to use (b).
|
||||
S: The <* another missing word*> opens a new TCP session to the client (thus requiring
|
||||
all print clients to be CIFS servers as well) and sends
|
||||
a ReplyOpenPrinter() request to the client.
|
||||
C: The client responds with a printer handle that can be used to
|
||||
send event notification messages.
|
||||
S: The server replies success to the RFFPCN request.
|
||||
|
||||
C: The windows spooler follows the RFFPCN with a RFNPCN
|
||||
request to fetch the current values of all monitored
|
||||
attributes.
|
||||
S: The server replies with an array SPOOL_NOTIFY_INFO_DATA
|
||||
structures (contained in a SPOOL_NOTIFY_INFO structure).
|
||||
|
||||
C: If the change notification handle is ever released by the
|
||||
client via a FCPCN request, the server sends a ReplyClosePrinter()
|
||||
request back to the client first. However a request of this
|
||||
nature from the client is often an indication that the previous
|
||||
notification event was not marshalled correctly by the server
|
||||
or a piece of data was wrong.
|
||||
S: The server closes the internal change notification handle
|
||||
(POLICY_HND) and does not send any further change notification
|
||||
events to the client for that printer or job.
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
The current list of notification events supported by Samba can be
|
||||
found by examining the internal tables in srv_spoolss_nt.c
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>printer_notify_table[]</para></listitem>
|
||||
<listitem><para>job_notify_table[]</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
When an event occurs that could be monitored, smbd sends a message
|
||||
to itself about the change. The list of events to be transmitted
|
||||
are queued by the smbd process sending the message to prevent an
|
||||
overload of TDB usage and the internal message is sent during smbd's
|
||||
idle loop (refer to printing/notify.c and the functions
|
||||
send_spoolss_notify2_msg() and print_notify_send_messages() ).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The decision of whether or not the change is to be sent to connected
|
||||
clients is made by the routine which actually sends the notification.
|
||||
( refer to srv_spoolss_nt.c:recieve_notify2_message() ).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Because it possible to receive a listing of multiple changes for
|
||||
multiple printers, the notification events must be split into
|
||||
categories by the printer name. This makes it possible to group
|
||||
multiple change events to be sent in a single RPC according to the
|
||||
printer handle obtained via a ReplyOpenPrinter().
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The actual change notification is performed using the RRPCN request
|
||||
RPC. This packet contains
|
||||
</para>
|
||||
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>the printer handle registered with the
|
||||
client's spooler on which the change occurred</para></listitem>
|
||||
|
||||
<listitem><para>The change_low value which was sent as part
|
||||
of the last RFNPCN request from the client</para></listitem>
|
||||
|
||||
<listitem><para>The SPOOL_NOTIFY_INFO container with the event
|
||||
information</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
A <varname>SPOOL_NOTIFY_INFO</varname> contains:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>the version and flags field are predefined
|
||||
and should not be changed</para></listitem>
|
||||
|
||||
<listitem><para>The count field is the number of entries
|
||||
in the SPOOL_NOTIFY_INFO_DATA array</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
The <varname>SPOOL_NOTIFY_INFO_DATA</varname> entries contain:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>The type defines whether or not this event
|
||||
is for a printer or a print job</para></listitem>
|
||||
|
||||
<listitem><para>The field is the flag identifying the event</para></listitem>
|
||||
|
||||
<listitem><para>the notify_data union contains the new valuie of the
|
||||
attribute</para></listitem>
|
||||
|
||||
<listitem><para>The enc_type defines the size of the structure for marshalling
|
||||
and unmarshalling</para></listitem>
|
||||
|
||||
<listitem><para>(a) the id must be 0 for a printer event on a printer handle.
|
||||
(b) the id must be the job id for an event on a printer job
|
||||
(c) the id must be the matching number of the printer index used
|
||||
in the response packet to the RFNPCN when using a print server
|
||||
handle for notification. Samba currently uses the snum of
|
||||
the printer for this which can break if the list of services
|
||||
has been modified since the notification handle was registered.</para></listitem>
|
||||
|
||||
<listitem><para>The size is either (a) the string length in UNICODE for strings,
|
||||
(b) the size in bytes of the security descriptor, or (c) 0 for
|
||||
data values.</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
</sect1>
|
||||
</chapter>
|
@ -1,88 +0,0 @@
|
||||
<chapter id="rpc-plugin">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Anthony</firstname><surname>Liguori</surname>
|
||||
<affiliation>
|
||||
<orgname>IBM</orgname>
|
||||
<address><email>aliguor@us.ibm.com</email></address>
|
||||
</affiliation>
|
||||
</author>
|
||||
<author>
|
||||
<firstname>Jelmer</firstname><surname>Vernooij</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>jelmer@samba.org</email></address>
|
||||
</affiliation>
|
||||
</author>
|
||||
<pubdate>January 2003</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>RPC Pluggable Modules</title>
|
||||
|
||||
<sect1>
|
||||
<title>About</title>
|
||||
|
||||
<para>
|
||||
This document describes how to make use the new RPC Pluggable Modules features
|
||||
of Samba 3.0. This architecture was added to increase the maintainability of
|
||||
Samba allowing RPC Pipes to be worked on separately from the main CVS branch.
|
||||
The RPM architecture will also allow third-party vendors to add functionality
|
||||
to Samba through plug-ins.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>General Overview</title>
|
||||
|
||||
<para>
|
||||
When an RPC call is sent to smbd, smbd tries to load a shared library by the
|
||||
name <filename>librpc_<pipename>.so</filename> to handle the call if
|
||||
it doesn't know how to handle the call internally. For instance, LSA calls
|
||||
are handled by <filename>librpc_lsass.so</filename>..
|
||||
These shared libraries should be located in the <filename><sambaroot>/lib/rpc</filename>. smbd then attempts to call the init_module function within
|
||||
the shared library. Check the chapter on modules for more information.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In the init_module function, the library should call
|
||||
rpc_pipe_register_commands(). This function takes the following arguments:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *srv,
|
||||
const struct api_struct *cmds, int size);
|
||||
</programlisting></para>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry><term>version</term>
|
||||
<listitem><para>Version number of the RPC interface. Use the define <emphasis>SMB_RPC_INTERFACE_VERSION</emphasis> for this
|
||||
argument.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>clnt</term>
|
||||
<listitem><para>the Client name of the named pipe</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>srv</term>
|
||||
<listitem><para>the Server name of the named pipe</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>cmds</term>
|
||||
<listitem><para>a list of api_structs that map RPC ordinal numbers to function calls</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>size</term>
|
||||
<listitem><para>the number of api_structs contained in cmds</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
<para>
|
||||
See rpc_server/srv_reg.c and rpc_server/srv_reg_nt.c for a small example of
|
||||
how to use this library.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
</chapter>
|
@ -1,357 +0,0 @@
|
||||
<chapter id="sam">
|
||||
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Andrew</firstname><surname>Bartlett</surname>
|
||||
</author>
|
||||
<pubdate>1 October 2002</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>The Upcoming SAM System</title>
|
||||
|
||||
<sect1>
|
||||
<title>Security in the 'new SAM'</title>
|
||||
|
||||
<para>One of the biggest problems with passdb is it's implementation of
|
||||
'security'. Access control is on a 'are you root at the moment' basis,
|
||||
and it has no concept of NT ACLs. Things like ldapsam had to add
|
||||
'magic' 'are you root' checks.</para>
|
||||
|
||||
<para>We took this very seriously when we started work, and the new structure
|
||||
is designed with this in mind, from the ground up. Each call to the SAM
|
||||
has a NT_TOKEN and (if relevant) an 'access desired'. This is either
|
||||
provided as a parameter, or implicitly supplied by the object being
|
||||
accessed.</para>
|
||||
|
||||
<para>
|
||||
For example, when you call
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const
|
||||
NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain,
|
||||
const char *name, SAM_ACCOUNT_HANDLE **account)
|
||||
</programlisting>
|
||||
|
||||
<para>
|
||||
The context can be NULL (and is used to allow import/export by setting
|
||||
up 2 contexts, and allowing calls on both simultaneously)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The access token *must* be specified. Normally the user's token out of
|
||||
current_user, this can also be a global 'system' context.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The access desired is as per the ACL, for passing to the seaccess stuff.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The domain/username are standard. Even if we only have one domain,
|
||||
keeping this ensures that we don't get 'unqualified' usernames (same
|
||||
problem as we had with unqualified SIDs).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
We return a 'handle'. This is opaque to the rest of Samba, but is
|
||||
operated on by get/set routines, all of which return NTSTATUS.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The access checking is done by the SAM module. The reason it is not
|
||||
done 'above' the interface is to ensure a 'choke point'. I put a lot of
|
||||
effort into the auth subsystem to ensure we never 'accidentally' forgot
|
||||
to check for null passwords, missed a restriction etc. I intend the SAM
|
||||
to be written with the same caution.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The reason the access checking is not handled by the interface itself is
|
||||
due to the different implementations it make take on. For example, on
|
||||
ADS, you cannot set a password over a non-SSL connection. Other
|
||||
backends may have similar requirements - we need to leave this policy up
|
||||
to the modules. They will naturally have access to 'helper' procedures
|
||||
and good examples to avoid mishaps.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
(Furthermore, some backends my actually chose to push the whole ACL
|
||||
issue to the remote server, and - assuming ldap for this example - bind
|
||||
as the user directly)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Each returned handle has an internal 'access permitted', which allows
|
||||
the 'get' and 'set' routines to return 'ACCESS_DENIED' for things that
|
||||
were not able to be retrieved from the backend. This removes the need
|
||||
to specify the NT_TOKEN on every operation, and allows for 'object not
|
||||
present' to be easily distinguished from 'access denied'.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When you 'set' an object (calling sam_update_account) the internal
|
||||
details are again used. Each change that has been made to the object
|
||||
has been flagged, so as to avoid race conditions (on unmodified
|
||||
components) and to avoid violating any extra ACL requirements on the
|
||||
actual data store (like the LDAP server).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Finally, we have generic get_sec_desc() and set_sec_desc() routines to
|
||||
allow external ACL manipulation. These do lookups based on SID.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Standalone from UNIX</title>
|
||||
|
||||
<para>
|
||||
One of the primary tenants of the 'new SAM' is that it would not attempt
|
||||
to deal with 'what unix id for that'. This would be left to the 'SMS'
|
||||
(Sid Mapping System') or SID farm, and probably administered via
|
||||
winbind. We have had constructive discussion on how 'basic' unix
|
||||
accounts like 'root' would be handled, and we think this can work.
|
||||
Accounts not preexisting in unix would be served up via winbind.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This is an *optional* part, and my preferred end-game. We have a fare
|
||||
way to go before things like winbind up to it however.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Handles and Races in the new SAM</title>
|
||||
|
||||
<para>
|
||||
One of the things that the 'new SAM' work has tried to face is both
|
||||
compatibility with existing code, and a closer alignment to the SAMR
|
||||
interface. I consider SAMR to be a 'primary customer' to the this work,
|
||||
because if we get alignment with that wrong, things get more, rather
|
||||
than less complex. Also, most other parts of Samba are much more
|
||||
flexible with what they can allow.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In any case, that was a decision taken as to how the general design
|
||||
would progress. BTW, my understanding of SAMR may be completely flawed.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
One of the most race-prone areas of the new code is the conflicting
|
||||
update problem. We have taken two approaches:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>'Not conflicting' conflicts. Due to the way usrmgr operates, it will
|
||||
open a user, display all the properties and *save* them all, even if you
|
||||
don't change any.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For this, see what I've done in rpc_server/srv_samr_util.c. I intend
|
||||
to take this one step further, and operate on the 'handle' that the
|
||||
values were read from. This should mean that we only update things that
|
||||
have *really* changed.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
'conflicting' updates: Currently we don't deal with this (in passdb
|
||||
or the new sam stuff), but the design is sufficiently flexible to 'deny'
|
||||
a second update. I don't foresee locking records however.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Layers</title>
|
||||
|
||||
<sect2>
|
||||
<title>Application</title>
|
||||
|
||||
<para>
|
||||
This is where smbd, samtest and whatever end-user replacement we have
|
||||
for pdbedit sits. They use only the SAM interface, and do not get
|
||||
'special knowledge' of what is below them.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2>
|
||||
<title>SAM Interface</title>
|
||||
|
||||
<para>
|
||||
This level 'owns' the various handle structures, the get/set routines on
|
||||
those structures and provides the public interface. The application
|
||||
layer may initialize a 'context' to be passed to all interface routines,
|
||||
else a default, self-initialising context will be supplied. This layser
|
||||
finds the appropriate backend module for the task, and tries very hard
|
||||
not to need to much 'knowledge'. It should just provide the required
|
||||
abstraction to the modules below, and arrange for their initial loading.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
We could possibly add ACL checking at this layer, to avoid discrepancies
|
||||
in implementation modules.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>SAM Modules</title>
|
||||
|
||||
<para>
|
||||
These do not communicate with the application directly, only by setting
|
||||
values in the handles, and receiving requests from the interface. These
|
||||
modules are responsible for translating values from the handle's
|
||||
.private into (say) an LDAP modification list. The module is expected
|
||||
to 'know' things like it's own domain SID, domain name, and any other
|
||||
state attached to the SAM. Simpler modules may call back to some helper
|
||||
routine.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>SAM Modules</title>
|
||||
|
||||
<sect2>
|
||||
<title>Special Module: sam_passdb</title>
|
||||
|
||||
<para>
|
||||
In order for there to be a smooth transition, kai is writing a module
|
||||
that reads existing passdb backends, and translates them into SAM
|
||||
replies. (Also pulling data from the account policy DB etc). We also
|
||||
intend to write a module that does the reverse - gives the SAM a passdb
|
||||
interface.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>sam_ads</title>
|
||||
<para>
|
||||
This is the first of the SAM modules to be committed to the tree -
|
||||
mainly because I needed to coordinate work with metze (who authored most
|
||||
of it). This module aims to use Samba's libads code to provide an
|
||||
Active Directory LDAP client, suitable for use on a mixed-mode DC.
|
||||
While it is currently being tested against Win2k servers (with a
|
||||
password in the smb.conf file) it is expected to eventually use a
|
||||
(possibly modified) OpenLDAP server. We hope that this will assist in
|
||||
the construction of an Samba AD DC.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
We also intend to construct a Samba 2.2/3.0 compatible ldap module,
|
||||
again using libads code.
|
||||
</para>
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Memory Management</title>
|
||||
|
||||
<para>
|
||||
The 'new SAM' development effort also concerned itself with getting a
|
||||
sane implementation of memory management. It was decided that we would
|
||||
be (as much as possible) talloc based, using an 'internal talloc
|
||||
context' on many objects. That is, the creation of an object would
|
||||
initiate it's own internal talloc context, and this would be used for
|
||||
all operations on that object. Much of this is already implemented in
|
||||
passdb. Also, like passdb, it will be possible to specify that some
|
||||
object actually be created on a specified context.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Memory management is important here because the APIs in the 'new SAM' do
|
||||
not use 'pdb_init()' or an equivalent. They always allocate new
|
||||
objects. Enumeration's are slightly different, and occur on a supplied
|
||||
context that 'owns' the entire list, rather than per-element. (the
|
||||
enumeration functions return an array of all elements - not full handles
|
||||
just basic (and public) info) Likewise for things that fill in a char
|
||||
**.
|
||||
</para>
|
||||
|
||||
<para>For example:</para>
|
||||
|
||||
<para><programlisting>
|
||||
NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN
|
||||
*access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name,
|
||||
uint32 *type)
|
||||
</programlisting></para>
|
||||
|
||||
<para>Takes a context to allocate the 'name' on, while:</para>
|
||||
|
||||
<para><programlisting>
|
||||
NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const
|
||||
NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID
|
||||
*accountsid, SAM_ACCOUNT_HANDLE **account)
|
||||
</programlisting></para>
|
||||
|
||||
<para>Allocates a handle and stores the allocation context on that handle.</para>
|
||||
|
||||
<para>I think that the following:</para>
|
||||
|
||||
<para><programlisting>
|
||||
NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const
|
||||
NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl,
|
||||
int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
|
||||
</programlisting></para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Testing</title>
|
||||
|
||||
<para>
|
||||
Testing is vital in any piece of software, and Samba is certainly no
|
||||
exception. In designing this new subsystem, we have taken care to ensure
|
||||
it is easily tested, independent of outside protocols.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To this end, Jelmer has constructed 'samtest'.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This utility (see torture/samtest.c) is structured like rpcclient, but
|
||||
instead operates on the SAM subsystem. It creates a 'custom' SAM
|
||||
context, that may be distinct from the default values used by the rest
|
||||
of the system, and can load a separate configuration file.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A small number of commands are currently implemented, but these have
|
||||
already proved vital in testing. I expect SAM module authors will find
|
||||
it particularly valuable.
|
||||
</para>
|
||||
|
||||
<para>Example useage:</para>
|
||||
|
||||
<para><prompt>$</prompt> <command>bin/samtest</command></para>
|
||||
|
||||
<para><programlisting>
|
||||
> context ads:ldap://192.168.1.96
|
||||
</programlisting>
|
||||
(this loads a new context, using the new ADS module. The parameter is
|
||||
the 'location' of the ldap server)
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
> lookup_name DOMAIN abartlet
|
||||
</programlisting>
|
||||
(returns a sid).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Because the 'new SAM' is NT ACL based, there will be a command to
|
||||
specify an arbitrary NT ACL, but for now it uses 'system' by default.
|
||||
</para>
|
||||
</sect1>
|
||||
</chapter>
|
@ -1,316 +0,0 @@
|
||||
<chapter id="unix-smb">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Andrew</firstname><surname>Tridgell</surname>
|
||||
</author>
|
||||
<pubdate>April 1995</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>NetBIOS in a Unix World</title>
|
||||
|
||||
<sect1>
|
||||
<title>Introduction</title>
|
||||
<para>
|
||||
This is a short document that describes some of the issues that
|
||||
confront a SMB implementation on unix, and how Samba copes with
|
||||
them. They may help people who are looking at unix<->PC
|
||||
interoperability.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It was written to help out a person who was writing a paper on unix to
|
||||
PC connectivity.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Usernames</title>
|
||||
<para>
|
||||
The SMB protocol has only a loose username concept. Early SMB
|
||||
protocols (such as CORE and COREPLUS) have no username concept at
|
||||
all. Even in later protocols clients often attempt operations
|
||||
(particularly printer operations) without first validating a username
|
||||
on the server.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Unix security is based around username/password pairs. A unix box
|
||||
should not allow clients to do any substantive operation without some
|
||||
sort of validation.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The problem mostly manifests itself when the unix server is in "share
|
||||
level" security mode. This is the default mode as the alternative
|
||||
"user level" security mode usually forces a client to connect to the
|
||||
server as the same user for each connected share, which is
|
||||
inconvenient in many sites.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In "share level" security the client normally gives a username in the
|
||||
"session setup" protocol, but does not supply an accompanying
|
||||
password. The client then connects to resources using the "tree
|
||||
connect" protocol, and supplies a password. The problem is that the
|
||||
user on the PC types the username and the password in different
|
||||
contexts, unaware that they need to go together to give access to the
|
||||
server. The username is normally the one the user typed in when they
|
||||
"logged onto" the PC (this assumes Windows for Workgroups). The
|
||||
password is the one they chose when connecting to the disk or printer.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The user often chooses a totally different username for their login as
|
||||
for the drive connection. Often they also want to access different
|
||||
drives as different usernames. The unix server needs some way of
|
||||
divining the correct username to combine with each password.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Samba tries to avoid this problem using several methods. These succeed
|
||||
in the vast majority of cases. The methods include username maps, the
|
||||
service%user syntax, the saving of session setup usernames for later
|
||||
validation and the derivation of the username from the service name
|
||||
(either directly or via the user= option).
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>File Ownership</title>
|
||||
|
||||
<para>
|
||||
The commonly used SMB protocols have no way of saying "you can't do
|
||||
that because you don't own the file". They have, in fact, no concept
|
||||
of file ownership at all.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This brings up all sorts of interesting problems. For example, when
|
||||
you copy a file to a unix drive, and the file is world writeable but
|
||||
owned by another user the file will transfer correctly but will
|
||||
receive the wrong date. This is because the utime() call under unix
|
||||
only succeeds for the owner of the file, or root, even if the file is
|
||||
world writeable. For security reasons Samba does all file operations
|
||||
as the validated user, not root, so the utime() fails. This can stuff
|
||||
up shared development diectories as programs like "make" will not get
|
||||
file time comparisons right.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
There are several possible solutions to this problem, including
|
||||
username mapping, and forcing a specific username for particular
|
||||
shares.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Passwords</title>
|
||||
|
||||
<para>
|
||||
Many SMB clients uppercase passwords before sending them. I have no
|
||||
idea why they do this. Interestingly WfWg uppercases the password only
|
||||
if the server is running a protocol greater than COREPLUS, so
|
||||
obviously it isn't just the data entry routines that are to blame.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Unix passwords are case sensitive. So if users use mixed case
|
||||
passwords they are in trouble.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Samba can try to cope with this by either using the "password level"
|
||||
option which causes Samba to try the offered password with up to the
|
||||
specified number of case changes, or by using the "password server"
|
||||
option which allows Samba to do its validation via another machine
|
||||
(typically a WinNT server).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Samba supports the password encryption method used by SMB
|
||||
clients. Note that the use of password encryption in Microsoft
|
||||
networking leads to password hashes that are "plain text equivalent".
|
||||
This means that it is *VERY* important to ensure that the Samba
|
||||
smbpasswd file containing these password hashes is only readable
|
||||
by the root user. See the documentation ENCRYPTION.txt for more
|
||||
details.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Locking</title>
|
||||
<para>
|
||||
Since samba 2.2, samba supports other types of locking as well. This
|
||||
section is outdated.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The locking calls available under a DOS/Windows environment are much
|
||||
richer than those available in unix. This means a unix server (like
|
||||
Samba) choosing to use the standard fcntl() based unix locking calls
|
||||
to implement SMB locking has to improvise a bit.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
One major problem is that dos locks can be in a 32 bit (unsigned)
|
||||
range. Unix locking calls are 32 bits, but are signed, giving only a 31
|
||||
bit range. Unfortunately OLE2 clients use the top bit to select a
|
||||
locking range used for OLE semaphores.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To work around this problem Samba compresses the 32 bit range into 31
|
||||
bits by appropriate bit shifting. This seems to work but is not
|
||||
ideal. In a future version a separate SMB lockd may be added to cope
|
||||
with the problem.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It also doesn't help that many unix lockd daemons are very buggy and
|
||||
crash at the slightest provocation. They normally go mostly unused in
|
||||
a unix environment because few unix programs use byte range
|
||||
locking. The stress of huge numbers of lock requests from dos/windows
|
||||
clients can kill the daemon on some systems.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The second major problem is the "opportunistic locking" requested by
|
||||
some clients. If a client requests opportunistic locking then it is
|
||||
asking the server to notify it if anyone else tries to do something on
|
||||
the same file, at which time the client will say if it is willing to
|
||||
give up its lock. Unix has no simple way of implementing
|
||||
opportunistic locking, and currently Samba has no support for it.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Deny Modes</title>
|
||||
|
||||
<para>
|
||||
When a SMB client opens a file it asks for a particular "deny mode" to
|
||||
be placed on the file. These modes (DENY_NONE, DENY_READ, DENY_WRITE,
|
||||
DENY_ALL, DENY_FCB and DENY_DOS) specify what actions should be
|
||||
allowed by anyone else who tries to use the file at the same time. If
|
||||
DENY_READ is placed on the file, for example, then any attempt to open
|
||||
the file for reading should fail.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Unix has no equivalent notion. To implement this Samba uses either lock
|
||||
files based on the files inode and placed in a separate lock
|
||||
directory or a shared memory implementation. The lock file method
|
||||
is clumsy and consumes processing and file resources,
|
||||
the shared memory implementation is vastly prefered and is turned on
|
||||
by default for those systems that support it.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Trapdoor UIDs</title>
|
||||
<para>
|
||||
A SMB session can run with several uids on the one socket. This
|
||||
happens when a user connects to two shares with different
|
||||
usernames. To cope with this the unix server needs to switch uids
|
||||
within the one process. On some unixes (such as SCO) this is not
|
||||
possible. This means that on those unixes the client is restricted to
|
||||
a single uid.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Note that you can also get the "trapdoor uid" message for other
|
||||
reasons. Please see the FAQ for details.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Port numbers</title>
|
||||
<para>
|
||||
There is a convention that clients on sockets use high "unprivilaged"
|
||||
port numbers (>1000) and connect to servers on low "privilaged" port
|
||||
numbers. This is enforced in Unix as non-root users can't open a
|
||||
socket for listening on port numbers less than 1000.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Most PC based SMB clients (such as WfWg and WinNT) don't follow this
|
||||
convention completely. The main culprit is the netbios nameserving on
|
||||
udp port 137. Name query requests come from a source port of 137. This
|
||||
is a problem when you combine it with the common firewalling technique
|
||||
of not allowing incoming packets on low port numbers. This means that
|
||||
these clients can't query a netbios nameserver on the other side of a
|
||||
low port based firewall.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The problem is more severe with netbios node status queries. I've
|
||||
found that WfWg, Win95 and WinNT3.5 all respond to netbios node status
|
||||
queries on port 137 no matter what the source port was in the
|
||||
request. This works between machines that are both using port 137, but
|
||||
it means it's not possible for a unix user to do a node status request
|
||||
to any of these OSes unless they are running as root. The answer comes
|
||||
back, but it goes to port 137 which the unix user can't listen
|
||||
on. Interestingly WinNT3.1 got this right - it sends node status
|
||||
responses back to the source port in the request.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Protocol Complexity</title>
|
||||
<para>
|
||||
There are many "protocol levels" in the SMB protocol. It seems that
|
||||
each time new functionality was added to a Microsoft operating system,
|
||||
they added the equivalent functions in a new protocol level of the SMB
|
||||
protocol to "externalise" the new capabilities.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This means the protocol is very "rich", offering many ways of doing
|
||||
each file operation. This means SMB servers need to be complex and
|
||||
large. It also means it is very difficult to make them bug free. It is
|
||||
not just Samba that suffers from this problem, other servers such as
|
||||
WinNT don't support every variation of every call and it has almost
|
||||
certainly been a headache for MS developers to support the myriad of
|
||||
SMB calls that are available.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
There are about 65 "top level" operations in the SMB protocol (things
|
||||
like SMBread and SMBwrite). Some of these include hundreds of
|
||||
sub-functions (SMBtrans has at least 120 sub-functions, like
|
||||
DosPrintQAdd and NetSessionEnum). All of them take several options
|
||||
that can change the way they work. Many take dozens of possible
|
||||
"information levels" that change the structures that need to be
|
||||
returned. Samba supports all but 2 of the "top level" functions. It
|
||||
supports only 8 (so far) of the SMBtrans sub-functions. Even NT
|
||||
doesn't support them all.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Samba currently supports up to the "NT LM 0.12" protocol, which is the
|
||||
one preferred by Win95 and WinNT3.5. Luckily this protocol level has a
|
||||
"capabilities" field which specifies which super-duper new-fangled
|
||||
options the server suports. This helps to make the implementation of
|
||||
this protocol level much easier.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
There is also a problem with the SMB specications. SMB is a X/Open
|
||||
spec, but the X/Open book is far from ideal, and fails to cover many
|
||||
important issues, leaving much to the imagination. Microsoft recently
|
||||
renamed the SMB protocol CIFS (Common Internet File System) and have
|
||||
published new specifications. These are far superior to the old
|
||||
X/Open documents but there are still undocumented calls and features.
|
||||
This specification is actively being worked on by a CIFS developers
|
||||
mailing list hosted by Microsft.
|
||||
</para>
|
||||
</sect1>
|
||||
</chapter>
|
||||
|
@ -1,797 +0,0 @@
|
||||
<chapter id="vfs">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Alexander</firstname><surname>Bokovoy</surname>
|
||||
<affiliation>
|
||||
<address><email>ab@samba.org</email></address>
|
||||
</affiliation>
|
||||
</author>
|
||||
<author>
|
||||
<firstname>Stefan</firstname><surname>Metzmacher</surname>
|
||||
<affiliation>
|
||||
<address><email>metze@metzemix.de</email></address>
|
||||
</affiliation>
|
||||
</author>
|
||||
<pubdate> 27 May 2003 </pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>VFS Modules</title>
|
||||
|
||||
<sect1>
|
||||
<title>The Samba (Posix) VFS layer</title>
|
||||
|
||||
<sect2>
|
||||
<title>The general interface</title>
|
||||
|
||||
<para>
|
||||
Each VFS operation has a vfs_op_type, a function pointer and a handle pointer in the
|
||||
struct vfs_ops and tree macros to make it easier to call the operations.
|
||||
(Take a look at <filename>include/vfs.h</filename> and <filename>include/vfs_macros.h</filename>.)
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
typedef enum _vfs_op_type {
|
||||
SMB_VFS_OP_NOOP = -1,
|
||||
|
||||
...
|
||||
|
||||
/* File operations */
|
||||
|
||||
SMB_VFS_OP_OPEN,
|
||||
SMB_VFS_OP_CLOSE,
|
||||
SMB_VFS_OP_READ,
|
||||
SMB_VFS_OP_WRITE,
|
||||
SMB_VFS_OP_LSEEK,
|
||||
SMB_VFS_OP_SENDFILE,
|
||||
|
||||
...
|
||||
|
||||
SMB_VFS_OP_LAST
|
||||
} vfs_op_type;
|
||||
</programlisting></para>
|
||||
|
||||
<para>This struct contains the function and handle pointers for all operations.<programlisting>
|
||||
struct vfs_ops {
|
||||
struct vfs_fn_pointers {
|
||||
...
|
||||
|
||||
/* File operations */
|
||||
|
||||
int (*open)(struct vfs_handle_struct *handle,
|
||||
struct connection_struct *conn,
|
||||
const char *fname, int flags, mode_t mode);
|
||||
int (*close)(struct vfs_handle_struct *handle,
|
||||
struct files_struct *fsp, int fd);
|
||||
ssize_t (*read)(struct vfs_handle_struct *handle,
|
||||
struct files_struct *fsp, int fd, void *data, size_t n);
|
||||
ssize_t (*write)(struct vfs_handle_struct *handle,
|
||||
struct files_struct *fsp, int fd,
|
||||
const void *data, size_t n);
|
||||
SMB_OFF_T (*lseek)(struct vfs_handle_struct *handle,
|
||||
struct files_struct *fsp, int fd,
|
||||
SMB_OFF_T offset, int whence);
|
||||
ssize_t (*sendfile)(struct vfs_handle_struct *handle,
|
||||
int tofd, files_struct *fsp, int fromfd,
|
||||
const DATA_BLOB *header, SMB_OFF_T offset, size_t count);
|
||||
|
||||
...
|
||||
} ops;
|
||||
|
||||
struct vfs_handles_pointers {
|
||||
...
|
||||
|
||||
/* File operations */
|
||||
|
||||
struct vfs_handle_struct *open;
|
||||
struct vfs_handle_struct *close;
|
||||
struct vfs_handle_struct *read;
|
||||
struct vfs_handle_struct *write;
|
||||
struct vfs_handle_struct *lseek;
|
||||
struct vfs_handle_struct *sendfile;
|
||||
|
||||
...
|
||||
} handles;
|
||||
};
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
This macros SHOULD be used to call any vfs operation.
|
||||
DO NOT ACCESS conn->vfs.ops.* directly !!!
|
||||
<programlisting>
|
||||
...
|
||||
|
||||
/* File operations */
|
||||
#define SMB_VFS_OPEN(conn, fname, flags, mode) \
|
||||
((conn)->vfs.ops.open((conn)->vfs.handles.open,\
|
||||
(conn), (fname), (flags), (mode)))
|
||||
#define SMB_VFS_CLOSE(fsp, fd) \
|
||||
((fsp)->conn->vfs.ops.close(\
|
||||
(fsp)->conn->vfs.handles.close, (fsp), (fd)))
|
||||
#define SMB_VFS_READ(fsp, fd, data, n) \
|
||||
((fsp)->conn->vfs.ops.read(\
|
||||
(fsp)->conn->vfs.handles.read,\
|
||||
(fsp), (fd), (data), (n)))
|
||||
#define SMB_VFS_WRITE(fsp, fd, data, n) \
|
||||
((fsp)->conn->vfs.ops.write(\
|
||||
(fsp)->conn->vfs.handles.write,\
|
||||
(fsp), (fd), (data), (n)))
|
||||
#define SMB_VFS_LSEEK(fsp, fd, offset, whence) \
|
||||
((fsp)->conn->vfs.ops.lseek(\
|
||||
(fsp)->conn->vfs.handles.lseek,\
|
||||
(fsp), (fd), (offset), (whence)))
|
||||
#define SMB_VFS_SENDFILE(tofd, fsp, fromfd, header, offset, count) \
|
||||
((fsp)->conn->vfs.ops.sendfile(\
|
||||
(fsp)->conn->vfs.handles.sendfile,\
|
||||
(tofd), (fsp), (fromfd), (header), (offset), (count)))
|
||||
|
||||
...
|
||||
</programlisting></para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Possible VFS operation layers</title>
|
||||
|
||||
<para>
|
||||
These values are used by the VFS subsystem when building the conn->vfs
|
||||
and conn->vfs_opaque structs for a connection with multiple VFS modules.
|
||||
Internally, Samba differentiates only opaque and transparent layers at this process.
|
||||
Other types are used for providing better diagnosing facilities.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Most modules will provide transparent layers. Opaque layer is for modules
|
||||
which implement actual file system calls (like DB-based VFS). For example,
|
||||
default POSIX VFS which is built in into Samba is an opaque VFS module.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Other layer types (logger, splitter, scanner) were designed to provide different
|
||||
degree of transparency and for diagnosing VFS module behaviour.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Each module can implement several layers at the same time provided that only
|
||||
one layer is used per each operation.
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
typedef enum _vfs_op_layer {
|
||||
SMB_VFS_LAYER_NOOP = -1, /* - For using in VFS module to indicate end of array */
|
||||
/* of operations description */
|
||||
SMB_VFS_LAYER_OPAQUE = 0, /* - Final level, does not call anything beyond itself */
|
||||
SMB_VFS_LAYER_TRANSPARENT, /* - Normal operation, calls underlying layer after */
|
||||
/* possibly changing passed data */
|
||||
SMB_VFS_LAYER_LOGGER, /* - Logs data, calls underlying layer, logging may not */
|
||||
/* use Samba VFS */
|
||||
SMB_VFS_LAYER_SPLITTER, /* - Splits operation, calls underlying layer _and_ own facility, */
|
||||
/* then combines result */
|
||||
SMB_VFS_LAYER_SCANNER /* - Checks data and possibly initiates additional */
|
||||
/* file activity like logging to files _inside_ samba VFS */
|
||||
} vfs_op_layer;
|
||||
</programlisting></para>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>The Interaction between the Samba VFS subsystem and the modules</title>
|
||||
|
||||
<sect2>
|
||||
<title>Initialization and registration</title>
|
||||
|
||||
<para>
|
||||
As each Samba module a VFS module should have a
|
||||
<programlisting>NTSTATUS vfs_example_init(void);</programlisting> function if it's staticly linked to samba or
|
||||
<programlisting>NTSTATUS init_module(void);</programlisting> function if it's a shared module.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This should be the only non static function inside the module.
|
||||
Global variables should also be static!
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The module should register its functions via the
|
||||
<programlisting>
|
||||
NTSTATUS smb_register_vfs(int version, const char *name, vfs_op_tuple *vfs_op_tuples);
|
||||
</programlisting> function.
|
||||
</para>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry><term>version</term>
|
||||
<listitem><para>should be filled with SMB_VFS_INTERFACE_VERSION</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>name</term>
|
||||
<listitem><para>this is the name witch can be listed in the
|
||||
<command>vfs objects</command> parameter to use this module.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>vfs_op_tuples</term>
|
||||
<listitem><para>
|
||||
this is an array of vfs_op_tuple's.
|
||||
(vfs_op_tuples is descripted in details below.)
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
<para>
|
||||
For each operation the module wants to provide it has a entry in the
|
||||
vfs_op_tuple array.
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
typedef struct _vfs_op_tuple {
|
||||
void* op;
|
||||
vfs_op_type type;
|
||||
vfs_op_layer layer;
|
||||
} vfs_op_tuple;
|
||||
</programlisting>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry><term>op</term>
|
||||
<listitem><para>the function pointer to the specified function.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>type</term>
|
||||
<listitem><para>the vfs_op_type of the function to specified witch operation the function provides.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>layer</term>
|
||||
<listitem><para>the vfs_op_layer in whitch the function operates.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
<para>A simple example:</para>
|
||||
|
||||
<programlisting>
|
||||
static vfs_op_tuple example_op_tuples[] = {
|
||||
{SMB_VFS_OP(example_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT},
|
||||
{SMB_VFS_OP(example_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT},
|
||||
|
||||
{SMB_VFS_OP(example_rename), SMB_VFS_OP_RENAME, SMB_VFS_LAYER_OPAQUE},
|
||||
|
||||
/* This indicates the end of the array */
|
||||
{SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
|
||||
};
|
||||
|
||||
NTSTATUS init_module(void)
|
||||
{
|
||||
return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "example", example_op_tuples);
|
||||
}
|
||||
</programlisting>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>How the Modules handle per connection data</title>
|
||||
|
||||
<para>Each VFS function has as first parameter a pointer to the modules vfs_handle_struct.
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
typedef struct vfs_handle_struct {
|
||||
struct vfs_handle_struct *next, *prev;
|
||||
const char *param;
|
||||
struct vfs_ops vfs_next;
|
||||
struct connection_struct *conn;
|
||||
void *data;
|
||||
void (*free_data)(void **data);
|
||||
} vfs_handle_struct;
|
||||
</programlisting>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry><term>param</term>
|
||||
<listitem><para>this is the module parameter specified in the <command>vfs objects</command> parameter.</para>
|
||||
<para>e.g. for 'vfs objects = example:test' param would be "test".</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>vfs_next</term>
|
||||
<listitem><para>This vfs_ops struct contains the information for calling the next module operations.
|
||||
Use the SMB_VFS_NEXT_* macros to call a next module operations and
|
||||
don't access handle->vfs_next.ops.* directly!</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>conn</term>
|
||||
<listitem><para>This is a pointer back to the connection_struct to witch the handle belongs.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>data</term>
|
||||
<listitem><para>This is a pointer for holding module private data.
|
||||
You can alloc data with connection life time on the handle->conn->mem_ctx TALLOC_CTX.
|
||||
But you can also manage the memory allocation yourself.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>free_data</term>
|
||||
<listitem><para>This is a function pointer to a function that free's the module private data.
|
||||
If you talloc your private data on the TALLOC_CTX handle->conn->mem_ctx,
|
||||
you can set this function pointer to NULL.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
<para>Some useful MACROS for handle private data.
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
#define SMB_VFS_HANDLE_GET_DATA(handle, datap, type, ret) { \
|
||||
if (!(handle)||((datap=(type *)(handle)->data)==NULL)) { \
|
||||
DEBUG(0,("%s() failed to get vfs_handle->data!\n",FUNCTION_MACRO)); \
|
||||
ret; \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SMB_VFS_HANDLE_SET_DATA(handle, datap, free_fn, type, ret) { \
|
||||
if (!(handle)) { \
|
||||
DEBUG(0,("%s() failed to set handle->data!\n",FUNCTION_MACRO)); \
|
||||
ret; \
|
||||
} else { \
|
||||
if ((handle)->free_data) { \
|
||||
(handle)->free_data(&(handle)->data); \
|
||||
} \
|
||||
(handle)->data = (void *)datap; \
|
||||
(handle)->free_data = free_fn; \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SMB_VFS_HANDLE_FREE_DATA(handle) { \
|
||||
if ((handle) && (handle)->free_data) { \
|
||||
(handle)->free_data(&(handle)->data); \
|
||||
} \
|
||||
}
|
||||
</programlisting>
|
||||
|
||||
<para>How SMB_VFS_LAYER_TRANSPARENT functions can call the SMB_VFS_LAYER_OPAQUE functions.</para>
|
||||
|
||||
<para>The easiest way to do this is to use the SMB_VFS_OPAQUE_* macros.
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
...
|
||||
/* File operations */
|
||||
#define SMB_VFS_OPAQUE_OPEN(conn, fname, flags, mode) \
|
||||
((conn)->vfs_opaque.ops.open(\
|
||||
(conn)->vfs_opaque.handles.open,\
|
||||
(conn), (fname), (flags), (mode)))
|
||||
#define SMB_VFS_OPAQUE_CLOSE(fsp, fd) \
|
||||
((fsp)->conn->vfs_opaque.ops.close(\
|
||||
(fsp)->conn->vfs_opaque.handles.close,\
|
||||
(fsp), (fd)))
|
||||
#define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) \
|
||||
((fsp)->conn->vfs_opaque.ops.read(\
|
||||
(fsp)->conn->vfs_opaque.handles.read,\
|
||||
(fsp), (fd), (data), (n)))
|
||||
#define SMB_VFS_OPAQUE_WRITE(fsp, fd, data, n) \
|
||||
((fsp)->conn->vfs_opaque.ops.write(\
|
||||
(fsp)->conn->vfs_opaque.handles.write,\
|
||||
(fsp), (fd), (data), (n)))
|
||||
#define SMB_VFS_OPAQUE_LSEEK(fsp, fd, offset, whence) \
|
||||
((fsp)->conn->vfs_opaque.ops.lseek(\
|
||||
(fsp)->conn->vfs_opaque.handles.lseek,\
|
||||
(fsp), (fd), (offset), (whence)))
|
||||
#define SMB_VFS_OPAQUE_SENDFILE(tofd, fsp, fromfd, header, offset, count) \
|
||||
((fsp)->conn->vfs_opaque.ops.sendfile(\
|
||||
(fsp)->conn->vfs_opaque.handles.sendfile,\
|
||||
(tofd), (fsp), (fromfd), (header), (offset), (count)))
|
||||
...
|
||||
</programlisting>
|
||||
|
||||
<para>How SMB_VFS_LAYER_TRANSPARENT functions can call the next modules functions.</para>
|
||||
|
||||
<para>The easiest way to do this is to use the SMB_VFS_NEXT_* macros.
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
...
|
||||
/* File operations */
|
||||
#define SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode) \
|
||||
((handle)->vfs_next.ops.open(\
|
||||
(handle)->vfs_next.handles.open,\
|
||||
(conn), (fname), (flags), (mode)))
|
||||
#define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) \
|
||||
((handle)->vfs_next.ops.close(\
|
||||
(handle)->vfs_next.handles.close,\
|
||||
(fsp), (fd)))
|
||||
#define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) \
|
||||
((handle)->vfs_next.ops.read(\
|
||||
(handle)->vfs_next.handles.read,\
|
||||
(fsp), (fd), (data), (n)))
|
||||
#define SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n) \
|
||||
((handle)->vfs_next.ops.write(\
|
||||
(handle)->vfs_next.handles.write,\
|
||||
(fsp), (fd), (data), (n)))
|
||||
#define SMB_VFS_NEXT_LSEEK(handle, fsp, fd, offset, whence) \
|
||||
((handle)->vfs_next.ops.lseek(\
|
||||
(handle)->vfs_next.handles.lseek,\
|
||||
(fsp), (fd), (offset), (whence)))
|
||||
#define SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, header, offset, count) \
|
||||
((handle)->vfs_next.ops.sendfile(\
|
||||
(handle)->vfs_next.handles.sendfile,\
|
||||
(tofd), (fsp), (fromfd), (header), (offset), (count)))
|
||||
...
|
||||
</programlisting>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Upgrading to the New VFS Interface</title>
|
||||
|
||||
<sect2>
|
||||
<title>Upgrading from 2.2.* and 3.0aplha modules</title>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
Add "vfs_handle_struct *handle, " as first parameter to all vfs operation functions.
|
||||
e.g. example_connect(connection_struct *conn, const char *service, const char *user);
|
||||
-> example_connect(vfs_handle_struct *handle, connection_struct *conn, const char *service, const char *user);
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Replace "default_vfs_ops." with "smb_vfs_next_".
|
||||
e.g. default_vfs_ops.connect(conn, service, user);
|
||||
-> smb_vfs_next_connect(conn, service, user);
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Uppercase all "smb_vfs_next_*" functions.
|
||||
e.g. smb_vfs_next_connect(conn, service, user);
|
||||
-> SMB_VFS_NEXT_CONNECT(conn, service, user);
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Add "handle, " as first parameter to all SMB_VFS_NEXT_*() calls.
|
||||
e.g. SMB_VFS_NEXT_CONNECT(conn, service, user);
|
||||
-> SMB_VFS_NEXT_CONNECT(handle, conn, service, user);
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
(Only for 2.2.* modules)
|
||||
Convert the old struct vfs_ops example_ops to
|
||||
a vfs_op_tuple example_op_tuples[] array.
|
||||
e.g.
|
||||
<programlisting>
|
||||
struct vfs_ops example_ops = {
|
||||
/* Disk operations */
|
||||
example_connect, /* connect */
|
||||
example_disconnect, /* disconnect */
|
||||
NULL, /* disk free *
|
||||
/* Directory operations */
|
||||
NULL, /* opendir */
|
||||
NULL, /* readdir */
|
||||
NULL, /* mkdir */
|
||||
NULL, /* rmdir */
|
||||
NULL, /* closedir */
|
||||
/* File operations */
|
||||
NULL, /* open */
|
||||
NULL, /* close */
|
||||
NULL, /* read */
|
||||
NULL, /* write */
|
||||
NULL, /* lseek */
|
||||
NULL, /* sendfile */
|
||||
NULL, /* rename */
|
||||
NULL, /* fsync */
|
||||
example_stat, /* stat */
|
||||
example_fstat, /* fstat */
|
||||
example_lstat, /* lstat */
|
||||
NULL, /* unlink */
|
||||
NULL, /* chmod */
|
||||
NULL, /* fchmod */
|
||||
NULL, /* chown */
|
||||
NULL, /* fchown */
|
||||
NULL, /* chdir */
|
||||
NULL, /* getwd */
|
||||
NULL, /* utime */
|
||||
NULL, /* ftruncate */
|
||||
NULL, /* lock */
|
||||
NULL, /* symlink */
|
||||
NULL, /* readlink */
|
||||
NULL, /* link */
|
||||
NULL, /* mknod */
|
||||
NULL, /* realpath */
|
||||
NULL, /* fget_nt_acl */
|
||||
NULL, /* get_nt_acl */
|
||||
NULL, /* fset_nt_acl */
|
||||
NULL, /* set_nt_acl */
|
||||
|
||||
NULL, /* chmod_acl */
|
||||
NULL, /* fchmod_acl */
|
||||
|
||||
NULL, /* sys_acl_get_entry */
|
||||
NULL, /* sys_acl_get_tag_type */
|
||||
NULL, /* sys_acl_get_permset */
|
||||
NULL, /* sys_acl_get_qualifier */
|
||||
NULL, /* sys_acl_get_file */
|
||||
NULL, /* sys_acl_get_fd */
|
||||
NULL, /* sys_acl_clear_perms */
|
||||
NULL, /* sys_acl_add_perm */
|
||||
NULL, /* sys_acl_to_text */
|
||||
NULL, /* sys_acl_init */
|
||||
NULL, /* sys_acl_create_entry */
|
||||
NULL, /* sys_acl_set_tag_type */
|
||||
NULL, /* sys_acl_set_qualifier */
|
||||
NULL, /* sys_acl_set_permset */
|
||||
NULL, /* sys_acl_valid */
|
||||
NULL, /* sys_acl_set_file */
|
||||
NULL, /* sys_acl_set_fd */
|
||||
NULL, /* sys_acl_delete_def_file */
|
||||
NULL, /* sys_acl_get_perm */
|
||||
NULL, /* sys_acl_free_text */
|
||||
NULL, /* sys_acl_free_acl */
|
||||
NULL /* sys_acl_free_qualifier */
|
||||
};
|
||||
</programlisting>
|
||||
->
|
||||
<programlisting>
|
||||
static vfs_op_tuple example_op_tuples[] = {
|
||||
{SMB_VFS_OP(example_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT},
|
||||
{SMB_VFS_OP(example_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT},
|
||||
|
||||
{SMB_VFS_OP(example_fstat), SMB_VFS_OP_FSTAT, SMB_VFS_LAYER_TRANSPARENT},
|
||||
{SMB_VFS_OP(example_stat), SMB_VFS_OP_STAT, SMB_VFS_LAYER_TRANSPARENT},
|
||||
{SMB_VFS_OP(example_lstat), SMB_VFS_OP_LSTAT, SMB_VFS_LAYER_TRANSPARENT},
|
||||
|
||||
{SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
|
||||
};
|
||||
</programlisting>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Move the example_op_tuples[] array to the end of the file.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Add the init_module() function at the end of the file.
|
||||
e.g.
|
||||
<programlisting>
|
||||
NTSTATUS init_module(void)
|
||||
{
|
||||
return smb_register_vfs(SMB_VFS_INTERFACE_VERSION,"example",example_op_tuples);
|
||||
}
|
||||
</programlisting>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Check if your vfs_init() function does more then just prepare the vfs_ops structs or
|
||||
remember the struct smb_vfs_handle_struct.
|
||||
<simplelist>
|
||||
<member>If NOT you can remove the vfs_init() function.</member>
|
||||
<member>If YES decide if you want to move the code to the example_connect() operation or to the init_module(). And then remove vfs_init().
|
||||
e.g. a debug class registration should go into init_module() and the allocation of private data should go to example_connect().</member>
|
||||
</simplelist>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
(Only for 3.0alpha* modules)
|
||||
Check if your vfs_done() function contains needed code.
|
||||
<simplelist>
|
||||
<member>If NOT you can remove the vfs_done() function.</member>
|
||||
<member>If YES decide if you can move the code to the example_disconnect() operation. Otherwise register a SMB_EXIT_EVENT with smb_register_exit_event(); (Described in the <link linkend="modules">modules section</link>) And then remove vfs_done(). e.g. the freeing of private data should go to example_disconnect().
|
||||
</member>
|
||||
</simplelist>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Check if you have any global variables left.
|
||||
Decide if it wouldn't be better to have this data on a connection basis.
|
||||
<simplelist>
|
||||
<member>If NOT leave them as they are. (e.g. this could be the variable for the private debug class.)</member>
|
||||
<member>If YES pack all this data into a struct. You can use handle->data to point to such a struct on a per connection basis.</member>
|
||||
</simplelist>
|
||||
|
||||
e.g. if you have such a struct:
|
||||
<programlisting>
|
||||
struct example_privates {
|
||||
char *some_string;
|
||||
int db_connection;
|
||||
};
|
||||
</programlisting>
|
||||
first way of doing it:
|
||||
<programlisting>
|
||||
static int example_connect(vfs_handle_struct *handle,
|
||||
connection_struct *conn, const char *service,
|
||||
const char* user)
|
||||
{
|
||||
struct example_privates *data = NULL;
|
||||
|
||||
/* alloc our private data */
|
||||
data = (struct example_privates *)talloc_zero(conn->mem_ctx, sizeof(struct example_privates));
|
||||
if (!data) {
|
||||
DEBUG(0,("talloc_zero() failed\n"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* init out private data */
|
||||
data->some_string = talloc_strdup(conn->mem_ctx,"test");
|
||||
if (!data->some_string) {
|
||||
DEBUG(0,("talloc_strdup() failed\n"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
data->db_connection = open_db_conn();
|
||||
|
||||
/* and now store the private data pointer in handle->data
|
||||
* we don't need to specify a free_function here because
|
||||
* we use the connection TALLOC context.
|
||||
* (return -1 if something failed.)
|
||||
*/
|
||||
VFS_HANDLE_SET_DATA(handle, data, NULL, struct example_privates, return -1);
|
||||
|
||||
return SMB_VFS_NEXT_CONNECT(handle,conn,service,user);
|
||||
}
|
||||
|
||||
static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||
{
|
||||
struct example_privates *data = NULL;
|
||||
|
||||
/* get the pointer to our private data
|
||||
* return -1 if something failed
|
||||
*/
|
||||
SMB_VFS_HANDLE_GET_DATA(handle, data, struct example_privates, return -1);
|
||||
|
||||
/* do something here...*/
|
||||
DEBUG(0,("some_string: %s\n",data->some_string));
|
||||
|
||||
return SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
|
||||
}
|
||||
</programlisting>
|
||||
second way of doing it:
|
||||
<programlisting>
|
||||
static void free_example_privates(void **datap)
|
||||
{
|
||||
struct example_privates *data = (struct example_privates *)*datap;
|
||||
|
||||
SAFE_FREE(data->some_string);
|
||||
SAFE_FREE(data);
|
||||
|
||||
*datap = NULL;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static int example_connect(vfs_handle_struct *handle,
|
||||
connection_struct *conn, const char *service,
|
||||
const char* user)
|
||||
{
|
||||
struct example_privates *data = NULL;
|
||||
|
||||
/* alloc our private data */
|
||||
data = (struct example_privates *)malloc(sizeof(struct example_privates));
|
||||
if (!data) {
|
||||
DEBUG(0,("malloc() failed\n"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* init out private data */
|
||||
data->some_string = strdup("test");
|
||||
if (!data->some_string) {
|
||||
DEBUG(0,("strdup() failed\n"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
data->db_connection = open_db_conn();
|
||||
|
||||
/* and now store the private data pointer in handle->data
|
||||
* we need to specify a free_function because we used malloc() and strdup().
|
||||
* (return -1 if something failed.)
|
||||
*/
|
||||
SMB_VFS_HANDLE_SET_DATA(handle, data, free_example_privates, struct example_privates, return -1);
|
||||
|
||||
return SMB_VFS_NEXT_CONNECT(handle,conn,service,user);
|
||||
}
|
||||
|
||||
static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||
{
|
||||
struct example_privates *data = NULL;
|
||||
|
||||
/* get the pointer to our private data
|
||||
* return -1 if something failed
|
||||
*/
|
||||
SMB_VFS_HANDLE_GET_DATA(handle, data, struct example_privates, return -1);
|
||||
|
||||
/* do something here...*/
|
||||
DEBUG(0,("some_string: %s\n",data->some_string));
|
||||
|
||||
return SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
|
||||
}
|
||||
</programlisting>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
To make it easy to build 3rd party modules it would be usefull to provide
|
||||
configure.in, (configure), install.sh and Makefile.in with the module.
|
||||
(Take a look at the example in <filename>examples/VFS</filename>.)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The configure script accepts <option>--with-samba-source</option> to specify
|
||||
the path to the samba source tree.
|
||||
It also accept <option>--enable-developer</option> which lets the compiler
|
||||
give you more warnings.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The idea is that you can extend this
|
||||
<filename>configure.in</filename> and <filename>Makefile.in</filename> scripts
|
||||
for your module.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Compiling & Testing...
|
||||
<simplelist>
|
||||
<member><userinput>./configure <option>--enable-developer</option></userinput> ...</member>
|
||||
<member><userinput>make</userinput></member>
|
||||
<member>Try to fix all compiler warnings</member>
|
||||
<member><userinput>make</userinput></member>
|
||||
<member>Testing, Testing, Testing ...</member>
|
||||
</simplelist>
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Some Notes</title>
|
||||
|
||||
<sect2>
|
||||
<title>Implement TRANSPARENT functions</title>
|
||||
|
||||
<para>
|
||||
Avoid writing functions like this:
|
||||
|
||||
<programlisting>
|
||||
static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||
{
|
||||
return SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
|
||||
}
|
||||
</programlisting>
|
||||
|
||||
Overload only the functions you really need to!
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Implement OPAQUE functions</title>
|
||||
|
||||
<para>
|
||||
If you want to just implement a better version of a
|
||||
default samba opaque function
|
||||
(e.g. like a disk_free() function for a special filesystem)
|
||||
it's ok to just overload that specific function.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you want to implement a database filesystem or
|
||||
something different from a posix filesystem.
|
||||
Make sure that you overload every vfs operation!!!
|
||||
</para>
|
||||
<para>
|
||||
Functions your FS does not support should be overloaded by something like this:
|
||||
e.g. for a readonly filesystem.
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
static int example_rename(vfs_handle_struct *handle, connection_struct *conn,
|
||||
char *oldname, char *newname)
|
||||
{
|
||||
DEBUG(10,("function rename() not allowed on vfs 'example'\n"));
|
||||
errno = ENOSYS;
|
||||
return -1;
|
||||
}
|
||||
</programlisting>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,19 +0,0 @@
|
||||
<chapter id="windows-debug">
|
||||
<chapterinfo>
|
||||
&author.jelmer;
|
||||
&author.tridge;
|
||||
</chapterinfo>
|
||||
|
||||
<title>Finding useful information on windows</title>
|
||||
|
||||
<sect1><title>Netlogon debugging output</title>
|
||||
|
||||
<procedure>
|
||||
<step><para>stop netlogon service on PDC</para></step>
|
||||
<step><para>rename original netlogon.dll to netlogon.dll.original</para></step>
|
||||
<step><para>copy checked version of netlogon.dll to system32 directory</para></step>
|
||||
<step><para>set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag to 0x20000004</para></step>
|
||||
<step><para>start netlogon service on PDC</para></step>
|
||||
</procedure>
|
||||
</sect1>
|
||||
</chapter>
|
@ -1,79 +0,0 @@
|
||||
<chapter id="wins">
|
||||
<chapterinfo>
|
||||
<author>
|
||||
<firstname>Gerald</firstname><surname>Carter</surname>
|
||||
</author>
|
||||
<pubdate>October 2002</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
|
||||
<title>Samba WINS Internals</title>
|
||||
|
||||
|
||||
<sect1>
|
||||
<title>WINS Failover</title>
|
||||
|
||||
|
||||
<para>
|
||||
The current Samba codebase possesses the capability to use groups of WINS
|
||||
servers that share a common namespace for NetBIOS name registration and
|
||||
resolution. The formal parameter syntax is
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
WINS_SERVER_PARAM = SERVER [ SEPARATOR SERVER_LIST ]
|
||||
WINS_SERVER_PARAM = "wins server"
|
||||
SERVER = ADDR[:TAG]
|
||||
ADDR = ip_addr | fqdn
|
||||
TAG = string
|
||||
SEPARATOR = comma | \s+
|
||||
SERVER_LIST = SERVER [ SEPARATOR SERVER_LIST ]
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
A simple example of a valid wins server setting is
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
[global]
|
||||
wins server = 192.168.1.2 192.168.1.3
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
In the event that no TAG is defined in for a SERVER in the list, smbd assigns a default
|
||||
TAG of "*". A TAG is used to group servers of a shared NetBIOS namespace together. Upon
|
||||
startup, nmbd will attempt to register the netbios name value with one server in each
|
||||
tagged group.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
An example using tags to group WINS servers together is show here. Note that the use of
|
||||
interface names in the tags is only by convention and is not a technical requirement.
|
||||
</para>
|
||||
|
||||
|
||||
<para><programlisting>
|
||||
[global]
|
||||
wins server = 192.168.1.2:eth0 192.168.1.3:eth0 192.168.2.2:eth1
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
Using this configuration, nmbd would attempt to register the server's NetBIOS name
|
||||
with one WINS server in each group. Because the "eth0" group has two servers, the
|
||||
second server would only be used when a registration (or resolution) request to
|
||||
the first server in that group timed out.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
NetBIOS name resolution follows a similar pattern as name registration. When resolving
|
||||
a NetBIOS name via WINS, smbd and other Samba programs will attempt to query a single WINS
|
||||
server in a tagged group until either a positive response is obtained at least once or
|
||||
until a server from every tagged group has responded negatively to the name query request.
|
||||
If a timeout occurs when querying a specific WINS server, that server is marked as down to
|
||||
prevent further timeouts and the next server in the WINS group is contacted. Once marked as
|
||||
dead, Samba will not attempt to contact that server for name registration/resolution queries
|
||||
for a period of 10 minutes.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
</chapter>
|
@ -1,74 +0,0 @@
|
||||
!==
|
||||
!== docbook.txt for Samba 3.0
|
||||
!==
|
||||
!== Author: David Bannon, D.Bannon@latrobe.edu.au November, 2000
|
||||
!== Updates: Gerald (Jerry) Carter, jerry@samba.org, Feb. 2001
|
||||
!== Updates: Jelmer Vernooij, jelmer@samba.org, Aug, 2002
|
||||
!== Updates: Jelmer Vernooij, jelmer@samba.org, Jun, 2003
|
||||
|
||||
What are DocBook documents doing in the Samba Distribution ?
|
||||
-----------------------------------------------------------
|
||||
|
||||
We have converted all samba docs to XML/DocBook V4.2
|
||||
in order to make them easier to maintain and produce a nicer looking
|
||||
product.
|
||||
|
||||
This short note (strange isn't it how it always starts out as a short note
|
||||
and becomes a long one ?) will explain very briefly how and why we have
|
||||
done this.
|
||||
|
||||
|
||||
The format
|
||||
----------
|
||||
If you are new to xml, regard an xml file as 'source code'. You don't
|
||||
read it directly, but use it to create other formats (like the txt and html
|
||||
included in ../txtdocs and ../htmldocs).
|
||||
|
||||
Docbook is a particular XML style, particularly suited to producing
|
||||
technical manuals.
|
||||
|
||||
For more information on DocBook tags and format, see "DocBook: The
|
||||
Definitive Guide" by Walsh and Muellner, (c) O'Reilly Publishing.
|
||||
This book covers DocBook V4.2 and is available on-line
|
||||
at http://www.docbook.org/
|
||||
|
||||
The Output
|
||||
----------
|
||||
The current Samba CVS tree contains the XML/DocBook source files as well
|
||||
as the following autogenerated formats:
|
||||
|
||||
* man pages
|
||||
* HTML
|
||||
* PDF
|
||||
|
||||
The following formats are not available in CVS but can be generated by
|
||||
the build scripts:
|
||||
|
||||
* PostScript
|
||||
* DVI
|
||||
* LaTeX
|
||||
* ASCII text
|
||||
|
||||
The Tools
|
||||
---------
|
||||
|
||||
To generate the docs, you need to have the following packages installed:
|
||||
|
||||
* docbook-utils
|
||||
* xsltproc
|
||||
* pngtopnm and pnmtops (from the netpbm utilities)
|
||||
|
||||
For generating PDF (thru LaTeX):
|
||||
* pdflatex
|
||||
|
||||
For generating PostScript (thru LaTeX):
|
||||
* latex
|
||||
* dvips
|
||||
|
||||
For generating ASCII:
|
||||
* xmlto
|
||||
|
||||
This directory now contains a ./configure script and Makefile to
|
||||
support the automated building of man pages (including HTML versions), and
|
||||
the building of the Samba-HOWTO-Collection and the
|
||||
Samba Developers Guide (HTML,DVI,TeX,PDF,PS,Text versions).
|
@ -1,101 +0,0 @@
|
||||
<chapter id="FAQ-ClientApp">
|
||||
<title>Specific client application problems</title>
|
||||
|
||||
<sect1>
|
||||
<title>MS Office Setup reports "Cannot change properties of '\\MSOFFICE\\SETUP.INI'"</title>
|
||||
<para>
|
||||
When installing MS Office on a Samba drive for which you have admin
|
||||
user permissions, ie. admin users = username, you will find the
|
||||
setup program unable to complete the installation.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To get around this problem, do the installation without admin user
|
||||
permissions The problem is that MS Office Setup checks that a file is
|
||||
rdonly by trying to open it for writing.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Admin users can always open a file for writing, as they run as root.
|
||||
You just have to install as a non-admin user and then use "chown -R"
|
||||
to fix the owner.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>How to use a Samba share as an administrative share for MS Office, etc.</title>
|
||||
|
||||
<para>
|
||||
Microsoft Office products can be installed as an administrative installation
|
||||
from which the application can either be run off the administratively installed
|
||||
product that resides on a shared resource, or from which that product can be
|
||||
installed onto workstation clients.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The general mechanism for implementing an adminstrative installation involves
|
||||
running <command>X:\setup /A</command>, where X is the drive letter of either CDROM or floppy.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This installation process will NOT install the product for use per se, but
|
||||
rather results in unpacking of the compressed distribution files into a target
|
||||
shared folder. For this process you need write privilidge to the share and it
|
||||
is desirable to enable file locking and share mode operation during this
|
||||
process.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Subsequent installation of MS Office from this share will FAIL unless certain
|
||||
precautions are taken. This failure will be caused by share mode operation
|
||||
which will prevent the MS Office installation process from re-opening various
|
||||
dynamic link library files and will cause sporadic file not found problems.
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
As soon as the administrative installation (unpacking) has completed
|
||||
set the following parameters on the share containing it:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
[MSOP95]
|
||||
path = /where_you_put_it
|
||||
comment = Your comment
|
||||
volume = "The_CD_ROM_Label"
|
||||
read only = yes
|
||||
available = yes
|
||||
share modes = no
|
||||
locking = no
|
||||
browseable = yes
|
||||
public = yes
|
||||
</programlisting></para>
|
||||
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Now you are ready to run the setup program from the Microsoft Windows
|
||||
workstation as follows: <command>\\"Server_Name"\MSOP95\msoffice\setup</command>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Microsoft Access database opening errors</title>
|
||||
|
||||
<para>
|
||||
Here are some notes on running MS-Access on a Samba drive from <ulink url="stefank@esi.com.au">Stefan Kjellberg</ulink>
|
||||
</para>
|
||||
|
||||
<para><simplelist>
|
||||
<member>Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open.</member>
|
||||
<member>Make sure that you open the database as 'shared' and to 'lock modified records'</member>
|
||||
<member>Of course locking must be enabled for the particular share (smb.conf)</member>
|
||||
</simplelist>
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
</chapter>
|
@ -1,101 +0,0 @@
|
||||
<chapter id="FAQ-errors">
|
||||
|
||||
<title>Common errors</title>
|
||||
|
||||
<sect1>
|
||||
<title>Not listening for calling name</title>
|
||||
|
||||
<para>
|
||||
<programlisting>
|
||||
Session request failed (131,129) with myname=HOBBES destname=CALVIN
|
||||
Not listening for calling name
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you get this when talking to a Samba box then it means that your
|
||||
global "hosts allow" or "hosts deny" settings are causing the Samba
|
||||
server to refuse the connection.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Look carefully at your "hosts allow" and "hosts deny" lines in the
|
||||
global section of smb.conf.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It can also be a problem with reverse DNS lookups not functioning
|
||||
correctly, leading to the remote host identity not being able to
|
||||
be confirmed, but that is less likely.
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>System Error 1240</title>
|
||||
|
||||
<para>
|
||||
System error 1240 means that the client is refusing to talk
|
||||
to a non-encrypting server. Microsoft changed WinNT in service
|
||||
pack 3 to refuse to connect to servers that do not support
|
||||
SMB password encryption.
|
||||
</para>
|
||||
|
||||
<para>There are two main solutions:
|
||||
<simplelist>
|
||||
<member>enable SMB password encryption in Samba. See the encryption part of
|
||||
the samba HOWTO Collection</member>
|
||||
|
||||
<member>disable this behaviour in NT. See the section about
|
||||
Windows NT in the chapter "Portability" of the samba HOWTO collection
|
||||
</member>
|
||||
</simplelist>
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>smbclient ignores -N !</title>
|
||||
|
||||
<para>
|
||||
<quote>When getting the list of shares available on a host using the command
|
||||
<command>smbclient -N -L</command>
|
||||
the program always prompts for the password if the server is a Samba server.
|
||||
It also ignores the "-N" argument when querying some (but not all) of our
|
||||
NT servers.
|
||||
</quote>
|
||||
</para>
|
||||
<para>
|
||||
No, it does not ignore -N, it is just that your server rejected the
|
||||
null password in the connection, so smbclient prompts for a password
|
||||
to try again.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To get the behaviour that you probably want use <command>smbclient -L host -U%</command>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This will set both the username and password to null, which is
|
||||
an anonymous login for SMB. Using -N would only set the password
|
||||
to null, and this is not accepted as an anonymous login for most
|
||||
SMB servers.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>The data on the CD-Drive I've shared seems to be corrupted!</title>
|
||||
|
||||
<para>
|
||||
Some OSes (notably Linux) default to auto detection of file type on
|
||||
cdroms and do cr/lf translation. This is a very bad idea when use with
|
||||
Samba. It causes all sorts of stuff ups.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To overcome this problem use conv=binary when mounting the cdrom
|
||||
before exporting it with Samba.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,314 +0,0 @@
|
||||
<chapter id="FAQ-features">
|
||||
|
||||
<title>Features</title>
|
||||
|
||||
<sect1>
|
||||
<title>How can I use samba as a fax server?</title>
|
||||
|
||||
<para>Contributor: <ulink url="mailto:zuber@berlin.snafu.de">Gerhard Zuber</ulink></para>
|
||||
|
||||
<para>Requirements:
|
||||
<simplelist>
|
||||
<member>UNIX box (Linux preferred) with SAMBA and a faxmodem</member>
|
||||
<member>ghostscript package</member>
|
||||
<member>mgetty+sendfax package</member>
|
||||
<member>pbm package (portable bitmap tools)</member>
|
||||
</simplelist>
|
||||
</para>
|
||||
|
||||
<para>First, install and configure the required packages. Be sure to read the mgetty+sendfax
|
||||
manual carefully.</para>
|
||||
|
||||
<sect2>
|
||||
<title>Tools for printing faxes</title>
|
||||
|
||||
<para>Your incomed faxes are in:
|
||||
<filename>/var/spool/fax/incoming</filename>. Print it with:</para>
|
||||
|
||||
<para><programlisting>
|
||||
for i in *
|
||||
do
|
||||
g3cat $i | g3tolj | lpr -P hp
|
||||
done
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
g3cat is in the tools-section, g3tolj is in the contrib-section
|
||||
for printing to HP lasers.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you want to produce files for displaying and printing with Windows, use
|
||||
some tools from the pbm-package like the following command: <command>g3cat $i | g3topbm - | ppmtopcx - >$i.pcx</command>
|
||||
and view it with your favourite Windows tool (maybe paintbrush)
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Making the fax-server</title>
|
||||
|
||||
<para>fetch the file <filename>mgetty+sendfax/frontends/winword/faxfilter</filename> and place it in <filename>/usr/local/etc/mgetty+sendfax/</filename>(replace /usr/local/ with whatever place you installed mgetty+sendfax)</para>
|
||||
|
||||
<para>prepare your faxspool file as mentioned in this file
|
||||
edit fax/faxspool.in and reinstall or change the final
|
||||
/usr/local/bin/faxspool too.
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
if [ "$user" = "root" -o "$user" = "fax" -o \
|
||||
"$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ]
|
||||
</programlisting></para>
|
||||
|
||||
<para>find the first line and change it to the second.</para>
|
||||
|
||||
<para>
|
||||
make sure you have pbmtext (from the pbm-package). This is
|
||||
needed for creating the small header line on each page.
|
||||
</para>
|
||||
|
||||
<para>Prepare your faxheader <filename>/usr/local/etc/mgetty+sendfax/faxheader</filename></para>
|
||||
|
||||
<para>
|
||||
Edit your /etc/printcap file:
|
||||
<programlisting>
|
||||
# FAX
|
||||
lp3|fax:\
|
||||
:lp=/dev/null:\
|
||||
:sd=/usr/spool/lp3:\
|
||||
:if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\
|
||||
:lf=/usr/spool/lp3/fax-log:
|
||||
</programlisting></para>
|
||||
|
||||
<para>Now, edit your <filename>smb.conf</filename> so you have a smb based printer named "fax"</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Installing the client drivers</title>
|
||||
|
||||
<para>
|
||||
Now you have a printer called "fax" which can be used via
|
||||
TCP/IP-printing (lpd-system) or via SAMBA (windows printing).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
On every system you are able to produce postscript-files you
|
||||
are ready to fax.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
On Windows 3.1 95 and NT:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Install a printer wich produces postscript output,
|
||||
e.g. apple laserwriter
|
||||
</para>
|
||||
|
||||
<para>Connect the "fax" to your printer.</para>
|
||||
|
||||
<para>
|
||||
Now write your first fax. Use your favourite wordprocessor,
|
||||
write, winword, notepad or whatever you want, and start
|
||||
with the headerpage.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Usually each fax has a header page. It carries your name,
|
||||
your address, your phone/fax-number.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It carries also the recipient, his address and his *** fax
|
||||
number ***. Now here is the trick:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Use the text:
|
||||
<programlisting>
|
||||
Fax-Nr: 123456789
|
||||
</programlisting>
|
||||
as the recipients fax-number. Make sure this text does not
|
||||
occur in regular text ! Make sure this text is not broken
|
||||
by formatting information, e.g. format it as a single entity.
|
||||
(Windows Write and Win95 Wordpad are functional, maybe newer
|
||||
versions of Winword are breaking formatting information).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The trick is that postscript output is human readable and
|
||||
the faxfilter program scans the text for this pattern and
|
||||
uses the found number as the fax-destination-number.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Now print your fax through the fax-printer and it will be
|
||||
queued for later transmission. Use faxrunq for sending the
|
||||
queue out.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Example smb.conf</title>
|
||||
|
||||
<para><programlisting>
|
||||
[global]
|
||||
printcap name = /etc/printcap
|
||||
print command = /usr/bin/lpr -r -P %p %s
|
||||
lpq command = /usr/bin/lpq -P %p
|
||||
lprm command = /usr/bin/lprm -P %p %j
|
||||
|
||||
[fax]
|
||||
comment = FAX (mgetty+sendfax)
|
||||
path = /tmp
|
||||
printable = yes
|
||||
public = yes
|
||||
writable = no
|
||||
create mode = 0700
|
||||
browseable = yes
|
||||
guest ok = no
|
||||
</programlisting></para>
|
||||
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Samba doesn't work well together with DHCP!</title>
|
||||
|
||||
<para>
|
||||
We wish to help those folks who wish to use the ISC DHCP Server and provide
|
||||
sample configuration settings. Most operating systems today come ship with
|
||||
the ISC DHCP Server. ISC DHCP is available from:
|
||||
<ulink url="ftp://ftp.isc.org/isc/dhcp">ftp://ftp.isc.org/isc/dhcp</ulink>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Incorrect configuration of MS Windows clients (Windows9X, Windows ME, Windows
|
||||
NT/2000) will lead to problems with browsing and with general network
|
||||
operation. Windows 9X/ME users often report problems where the TCP/IP and related
|
||||
network settings will inadvertantly become reset at machine start-up resulting
|
||||
in loss of configuration settings. This results in increased maintenance
|
||||
overheads as well as serious user frustration.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In recent times users on one mailing list incorrectly attributed the cause of
|
||||
network operating problems to incorrect configuration of Samba.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
One user insisted that the only way to provent Windows95 from periodically
|
||||
performing a full system reset and hardware detection process on start-up was
|
||||
to install the NetBEUI protocol in addition to TCP/IP. This assertion is not
|
||||
correct.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In the first place, there is NO need for NetBEUI. All Microsoft Windows clients
|
||||
natively run NetBIOS over TCP/IP, and that is the only protocol that is
|
||||
recognised by Samba. Installation of NetBEUI and/or NetBIOS over IPX will
|
||||
cause problems with browse list operation on most networks. Even Windows NT
|
||||
networks experience these problems when incorrectly configured Windows95
|
||||
systems share the same name space. It is important that only those protocols
|
||||
that are strictly needed for site specific reasons should EVER be installed.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Secondly, and totally against common opinion, DHCP is NOT an evil design but is
|
||||
an extension of the BOOTP protocol that has been in use in Unix environments
|
||||
for many years without any of the melt-down problems that some sensationalists
|
||||
would have us believe can be experienced with DHCP. In fact, DHCP in covered by
|
||||
rfc1541 and is a very safe method of keeping an MS Windows desktop environment
|
||||
under control and for ensuring stable network operation.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Please note that MS Windows systems as of MS Windows NT 3.1 and MS Windows 95
|
||||
store all network configuration settings a registry. There are a few reports
|
||||
from MS Windows network administrators that warrant mention here. It would appear
|
||||
that when one sets certain MS TCP/IP protocol settings (either directly or via
|
||||
DHCP) that these do get written to the registry. Even though a subsequent
|
||||
change of setting may occur the old value may persist in the registry. This
|
||||
has been known to create serious networking problems.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
An example of this occurs when a manual TCP/IP environment is configured to
|
||||
include a NetBIOS Scope. In this event, when the administrator then changes the
|
||||
configuration of the MS TCP/IP protocol stack, without first deleting the
|
||||
current settings, by simply checking the box to configure the MS TCP/IP stack
|
||||
via DHCP then the NetBIOS Scope that is still persistent in the registry WILL be
|
||||
applied to the resulting DHCP offered settings UNLESS the DHCP server also sets
|
||||
a NetBIOS Scope. It may therefore be prudent to forcibly apply a NULL NetBIOS
|
||||
Scope from your DHCP server. The can be done in the dhcpd.conf file with the
|
||||
parameter:
|
||||
<command>option netbios-scope "";</command>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
While it is true that the Microsoft DHCP server that comes with Windows NT
|
||||
Server provides only a sub-set of rfc1533 functionality this is hardly an issue
|
||||
in those sites that already have a large investment and commitment to Unix
|
||||
systems and technologies. The current state of the art of the DHCP Server
|
||||
specification in covered in rfc2132.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>How can I assign NetBIOS names to clients with DHCP?</title>
|
||||
|
||||
<para>
|
||||
SMB network clients need to be configured so that all standard TCP/IP name to
|
||||
address resolution works correctly. Once this has been achieved the SMB
|
||||
environment provides additional tools and services that act as helper agents in
|
||||
the translation of SMB (NetBIOS) names to their appropriate IP Addresses. One
|
||||
such helper agent is the NetBIOS Name Server (NBNS) or as Microsoft called it
|
||||
in their Windows NT Server implementation WINS (Windows Internet Name Server).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A client needs to be configured so that it has a unique Machine (Computer)
|
||||
Name.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This can be done, but needs a few NT registry hacks and you need to be able to
|
||||
speak UNICODE, which is of course no problem for a True Wizzard(tm) :)
|
||||
Instructions on how to do this (including a small util for less capable
|
||||
Wizzards) can be found at
|
||||
</para>
|
||||
|
||||
<para><ulink url="http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html">http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html</ulink></para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>How do I convert between unix and dos text formats?</title>
|
||||
|
||||
<para>
|
||||
Jim barry has written an <ulink url="http://samba.org/samba/ftp/contributed/fixcrlf.zip">
|
||||
excellent drag-and-drop cr/lf converter for
|
||||
windows</ulink>. Just drag your file onto the icon and it converts the file.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The utilities unix2dos and dos2unix(in the mtools package) should do
|
||||
the job under unix.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Does samba have wins replication support?</title>
|
||||
|
||||
<para>
|
||||
At the time of writing there is currently being worked on a wins replication implementation(wrepld).
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,124 +0,0 @@
|
||||
<chapter id="FAQ-general">
|
||||
<title>General Information</title>
|
||||
|
||||
<sect1>
|
||||
<title>What do the version numbers mean?</title>
|
||||
<para>
|
||||
It is not recommended that you run a version of Samba with the word
|
||||
"alpha" in its name unless you know what you are doing and are willing
|
||||
to do some debugging. Many, many people just get the latest
|
||||
recommended stable release version and are happy. If you are brave, by
|
||||
all means take the plunge and help with the testing and development -
|
||||
but don't install it on your departmental server. Samba is typically
|
||||
very stable and safe, and this is mostly due to the policy of many
|
||||
public releases.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
How the scheme works:
|
||||
<simplelist>
|
||||
<member>When major changes are made the version number is increased. For
|
||||
example, the transition from 1.9.15 to 1.9.16. However, this version
|
||||
number will not appear immediately and people should continue to use
|
||||
1.9.15 for production systems (see next point.)</member>
|
||||
|
||||
<member>Just after major changes are made the software is considered
|
||||
unstable, and a series of alpha releases are distributed, for example
|
||||
1.9.16alpha1. These are for testing by those who know what they are
|
||||
doing. The "alpha" in the filename will hopefully scare off those who
|
||||
are just looking for the latest version to install.</member>
|
||||
|
||||
<member>When the release manager, currently Jerry, thinks that the alphas have stabilised to the point
|
||||
where he would recommend new users install it, he renames it to the
|
||||
same version number without the alpha, for example 1.9.16.</member>
|
||||
|
||||
<member>Inevitably bugs are found in the "stable" releases and minor patch
|
||||
levels are released which give us the pXX series, for example 1.9.16p2.</member>
|
||||
</simplelist>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
So the progression goes:
|
||||
|
||||
<programlisting>
|
||||
1.9.15p7 (production)
|
||||
1.9.15p8 (production)
|
||||
1.9.16alpha1 (test sites only)
|
||||
:
|
||||
1.9.16alpha20 (test sites only)
|
||||
1.9.16 (production)
|
||||
1.9.16p1 (production)
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The above system means that whenever someone looks at the samba ftp
|
||||
site they will be able to grab the highest numbered release without an
|
||||
alpha in the name and be sure of getting the current recommended
|
||||
version.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>What platforms are supported?</title>
|
||||
<para>
|
||||
Many different platforms have run Samba successfully. The platforms
|
||||
most widely used and thus best tested are Linux and SunOS.</para>
|
||||
|
||||
<para>
|
||||
At time of writing, there is support (or has been support for in earlier
|
||||
versions):
|
||||
</para>
|
||||
|
||||
<simplelist>
|
||||
<member>A/UX 3.0</member>
|
||||
<member>AIX</member>
|
||||
<member>Altos Series 386/1000</member>
|
||||
<member>Amiga</member>
|
||||
<member>Apollo Domain/OS sr10.3</member>
|
||||
<member>BSDI </member>
|
||||
<member>B.O.S. (Bull Operating System)</member>
|
||||
<member>Cray, Unicos 8.0</member>
|
||||
<member>Convex</member>
|
||||
<member>DGUX. </member>
|
||||
<member>DNIX.</member>
|
||||
<member>FreeBSD</member>
|
||||
<member>HP-UX</member>
|
||||
<member>Intergraph. </member>
|
||||
<member>Linux with/without shadow passwords and quota</member>
|
||||
<member>LYNX 2.3.0</member>
|
||||
<member>MachTen (a unix like system for Macintoshes)</member>
|
||||
<member>Motorola 88xxx/9xx range of machines</member>
|
||||
<member>NetBSD</member>
|
||||
<member>NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</member>
|
||||
<member>OS/2 using EMX 0.9b</member>
|
||||
<member>OSF1</member>
|
||||
<member>QNX 4.22</member>
|
||||
<member>RiscIX. </member>
|
||||
<member>RISCOs 5.0B</member>
|
||||
<member>SEQUENT. </member>
|
||||
<member>SCO (including: 3.2v2, European dist., OpenServer 5)</member>
|
||||
<member>SGI.</member>
|
||||
<member>SMP_DC.OSx v1.1-94c079 on Pyramid S series</member>
|
||||
<member>SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</member>
|
||||
<member>SUNOS 4</member>
|
||||
<member>SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</member>
|
||||
<member>Sunsoft ISC SVR3V4</member>
|
||||
<member>SVR4</member>
|
||||
<member>System V with some berkely extensions (Motorola 88k R32V3.2).</member>
|
||||
<member>ULTRIX.</member>
|
||||
<member>UNIXWARE</member>
|
||||
<member>UXP/DS</member>
|
||||
</simplelist>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>How do I subscribe to the Samba Mailing Lists?</title>
|
||||
<para>
|
||||
Look at <ulink url="http://samba.org/samba/archives.html">the samba mailing list page</ulink>
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,117 +0,0 @@
|
||||
<chapter id="FAQ-Install">
|
||||
<title>Compiling and installing Samba on a Unix host</title>
|
||||
|
||||
<sect1>
|
||||
<title>My client reports "cannot locate specified share name" or similar</title>
|
||||
<para>
|
||||
This message indicates that your client CAN locate the specified
|
||||
server, which is a good start, but that it cannot find a service of
|
||||
the name you gave.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The first step is to check the exact name of the service you are
|
||||
trying to connect to (consult your system administrator). Assuming it
|
||||
exists and you specified it correctly (read your client's docs on how
|
||||
to specify a service name correctly), read on:
|
||||
</para>
|
||||
|
||||
<simplelist>
|
||||
<member>Many clients cannot accept or use service names longer than eight characters.</member>
|
||||
<member>Many clients cannot accept or use service names containing spaces.</member>
|
||||
<member>Some servers (not Samba though) are case sensitive with service names.</member>
|
||||
<member>Some clients force service names into upper case.</member>
|
||||
</simplelist>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Why are my file's timestamps off by an hour, or by a few hours?</title>
|
||||
<para>
|
||||
This is from Paul Eggert eggert@twinsun.com.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Most likely it's a problem with your time zone settings.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Internally, Samba maintains time in traditional Unix format,
|
||||
namely, the number of seconds since 1970-01-01 00:00:00 Universal Time
|
||||
(or ``GMT''), not counting leap seconds.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
On the server side, Samba uses the Unix TZ variable to convert
|
||||
internal timestamps to and from local time. So on the server side, there are
|
||||
two things to get right.
|
||||
<simplelist>
|
||||
<member>The Unix system clock must have the correct Universal time. Use the shell command "sh -c 'TZ=UTC0 date'" to check this.</member>
|
||||
<member>The TZ environment variable must be set on the server before Samba is invoked. The details of this depend on the server OS, but typically you must edit a file whose name is /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'.</member>
|
||||
</simplelist>
|
||||
</para>
|
||||
|
||||
<para>TZ must have the correct value.</para>
|
||||
|
||||
<para>
|
||||
If possible, use geographical time zone settings
|
||||
(e.g. TZ='America/Los_Angeles' or perhaps
|
||||
TZ=':US/Pacific'). These are supported by most
|
||||
popular Unix OSes, are easier to get right, and are
|
||||
more accurate for historical timestamps. If your
|
||||
operating system has out-of-date tables, you should be
|
||||
able to update them from the public domain time zone
|
||||
tables at <ulink url="ftp://elsie.nci.nih.gov/pub/">ftp://elsie.nci.nih.gov/pub/</ulink>.
|
||||
</para>
|
||||
|
||||
<para>If your system does not support geographical timezone
|
||||
settings, you must use a Posix-style TZ strings, e.g.
|
||||
TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time.
|
||||
Posix TZ strings can take the following form (with optional
|
||||
items in brackets):
|
||||
<programlisting>
|
||||
StdOffset[Dst[Offset],Date/Time,Date/Time]
|
||||
</programlisting>
|
||||
where:
|
||||
</para>
|
||||
|
||||
<para><simplelist>
|
||||
<member>`Std' is the standard time designation (e.g. `PST').</member>
|
||||
<member>`Offset' is the number of hours behind UTC (e.g. `8').
|
||||
Prepend a `-' if you are ahead of UTC, and
|
||||
append `:30' if you are at a half-hour offset.
|
||||
Omit all the remaining items if you do not use
|
||||
daylight-saving time.</member>
|
||||
|
||||
<member>`Dst' is the daylight-saving time designation
|
||||
(e.g. `PDT').</member>
|
||||
|
||||
<member>The optional second `Offset' is the number of
|
||||
hours that daylight-saving time is behind UTC.
|
||||
The default is 1 hour ahead of standard time.
|
||||
</member>
|
||||
|
||||
<member>`Date/Time,Date/Time' specify when daylight-saving
|
||||
time starts and ends. The format for a date is
|
||||
`Mm.n.d', which specifies the dth day (0 is Sunday)
|
||||
of the nth week of the mth month, where week 5 means
|
||||
the last such day in the month. The format for a
|
||||
time is [h]h[:mm[:ss]], using a 24-hour clock.
|
||||
</member>
|
||||
|
||||
</simplelist>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Other Posix string formats are allowed but you don't want
|
||||
to know about them.</para>
|
||||
|
||||
<para>
|
||||
On the client side, you must make sure that your client's clock and
|
||||
time zone is also set appropriately. [[I don't know how to do this.]]
|
||||
Samba traditionally has had many problems dealing with time zones, due
|
||||
to the bizarre ways that Microsoft network protocols handle time
|
||||
zones.
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,39 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY general SYSTEM "general.xml">
|
||||
<!ENTITY install SYSTEM "install.xml">
|
||||
<!ENTITY errors SYSTEM "errors.xml">
|
||||
<!ENTITY clientapp SYSTEM "clientapp.xml">
|
||||
<!ENTITY features SYSTEM "features.xml">
|
||||
]>
|
||||
|
||||
<book id="Samba-FAQ">
|
||||
<title>Samba FAQ</title>
|
||||
|
||||
<bookinfo>
|
||||
<author><surname>Samba Team</surname></author>
|
||||
<pubdate>October 2002</pubdate>
|
||||
</bookinfo>
|
||||
|
||||
<dedication>
|
||||
<para>
|
||||
This is the Frequently Asked Questions (FAQ) document for
|
||||
Samba, the free and very popular SMB server product. An SMB server
|
||||
allows file and printer connections from clients such as Windows,
|
||||
OS/2, Linux and others. Current to version 3.0. Please send any
|
||||
corrections to the samba documentation mailinglist at
|
||||
<ulink url="mailto:samba-docs@samba.org">samba-docs@samba.org</ulink>.
|
||||
This FAQ was based on the old Samba FAQ by Dan Shearer and Paul Blackman,
|
||||
and the old samba text documents which were mostly written by John Terpstra.
|
||||
</para>
|
||||
</dedication>
|
||||
|
||||
<toc/>
|
||||
|
||||
&general;
|
||||
&install;
|
||||
&clientapp;
|
||||
&errors;
|
||||
&features;
|
||||
</book>
|
@ -1,571 +0,0 @@
|
||||
<!-- Global Entities File -->
|
||||
|
||||
|
||||
<!-- Email Address' -->
|
||||
<!ENTITY email.dbannon 'D.Bannon@latrobe.edu.au'>
|
||||
<!ENTITY email.jmoore 'jmoore@php.net'>
|
||||
<!ENTITY email.jerry 'jerry@samba.org'>
|
||||
<!ENTITY email.patches 'samba-patches@samba.org'>
|
||||
<!ENTITY email.jelmer 'jelmer@samba.org'>
|
||||
<!ENTITY email.jht 'jht@samba.org'>
|
||||
|
||||
|
||||
<!-- Author entities -->
|
||||
<!ENTITY person.jelmer '
|
||||
<firstname>Jelmer</firstname><othername>R.</othername><surname>Vernooij</surname><othername>R.</othername>
|
||||
<affiliation>
|
||||
<orgname>The Samba Team</orgname>
|
||||
<address><email>jelmer@samba.org</email></address>
|
||||
</affiliation>'>
|
||||
|
||||
<!ENTITY author.jelmer '<author>&person.jelmer;</author>'>
|
||||
|
||||
<!ENTITY person.jerry '
|
||||
<firstname>Gerald</firstname><surname>Carter</surname><othername>(Jerry)</othername>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>jerry@samba.org</email></address>
|
||||
</affiliation>'>
|
||||
|
||||
<!ENTITY author.jerry '<author>&person.jerry;</author>'>
|
||||
|
||||
<!ENTITY author.jeremy '
|
||||
<author>
|
||||
<firstname>Jeremy</firstname><surname>Allison</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>jra@samba.org</email></address>
|
||||
</affiliation>
|
||||
</author>'>
|
||||
|
||||
<!ENTITY person.jht '
|
||||
<firstname>John</firstname><surname>Terpstra</surname><othername>H.</othername>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>jht@samba.org</email></address>
|
||||
</affiliation>
|
||||
'>
|
||||
|
||||
<!ENTITY author.jht '<author>&person.jht;</author>'>
|
||||
|
||||
<!ENTITY person.gd '
|
||||
<firstname>Guenther</firstname><surname>Deschner</surname>
|
||||
<affiliation>
|
||||
<orgname>SuSE</orgname>
|
||||
<address><email>gd@suse.de</email></address>
|
||||
</affiliation>
|
||||
'>
|
||||
|
||||
<!ENTITY author.gd '<author>&person.gd;</author>'>
|
||||
|
||||
<!ENTITY person.kauer '
|
||||
<firstname>Karl</firstname><surname>Auer</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>kauer@biplane.com.au</email></address>
|
||||
</affiliation>
|
||||
'>
|
||||
|
||||
<!ENTITY author.kauer '<author>&person.kauer;</author>'>
|
||||
|
||||
<!ENTITY person.danshearer '
|
||||
<firstname>Dan</firstname><surname>Shearer</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>dan@samba.org</email></address>
|
||||
</affiliation>
|
||||
'>
|
||||
|
||||
<!ENTITY author.danshearer '<author>&person.danshearer;</author>'>
|
||||
|
||||
<!ENTITY person.tpot '
|
||||
<firstname>Tim</firstname><surname>Potter</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>tpot@samba.org</email></address>
|
||||
</affiliation>
|
||||
'>
|
||||
|
||||
<!ENTITY author.tpot '<author>&person.tpot;</author>'>
|
||||
|
||||
<!ENTITY author.tridge '
|
||||
<author>
|
||||
<firstname>Andrew</firstname><surname>Tridgell</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>tridge@samba.org</email></address>
|
||||
</affiliation>
|
||||
</author>'>
|
||||
|
||||
<!ENTITY person.jmcd '
|
||||
<firstname>Jim</firstname><surname>McDonough</surname>
|
||||
<affiliation>
|
||||
<orgname>IBM</orgname>
|
||||
<address><email>jmcd@us.ibm.com</email></address>
|
||||
</affiliation>'>
|
||||
|
||||
<!ENTITY author.jmcd '<author>&person.jmcd;</author>'>
|
||||
|
||||
<!ENTITY author.vl '
|
||||
<author>
|
||||
<firstname>Volker</firstname><surname>Lendecke</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>Volker.Lendecke@SerNet.DE</email></address>
|
||||
</affiliation>
|
||||
</author>'>
|
||||
|
||||
<!ENTITY author.dbannon '
|
||||
<author>
|
||||
<firstname>David</firstname><surname>Bannon</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>dbannon@samba.org</email></address>
|
||||
</affiliation>
|
||||
</author>'>
|
||||
|
||||
<!ENTITY author.mimir '
|
||||
<author>
|
||||
<firstname>Rafal</firstname><surname>Szczesniak</surname>
|
||||
<affiliation>
|
||||
<orgname>Samba Team</orgname>
|
||||
<address><email>mimir@samba.org</email></address>
|
||||
</affiliation>
|
||||
</author>'>
|
||||
|
||||
<!ENTITY author.dlechnyr '
|
||||
<author>
|
||||
<firstname>David</firstname><surname>Lechnyr</surname>
|
||||
<affiliation>
|
||||
<orgname>Unofficial HOWTO</orgname>
|
||||
<address><email>david@lechnyr.com</email></address>
|
||||
</affiliation>
|
||||
</author>'>
|
||||
|
||||
<!ENTITY author.eroseme '
|
||||
<author>
|
||||
<firstname>Eric</firstname><surname>Roseme</surname>
|
||||
<affiliation>
|
||||
<orgname>HP Oplocks Usage Recommendations Whitepaper</orgname>
|
||||
<address><email>eric.roseme@hp.com</email></address>
|
||||
</affiliation>
|
||||
</author>'>
|
||||
|
||||
|
||||
<!-- URL's -->
|
||||
<!ENTITY url.samba.cvsinfo 'http://pserver.samba.org/samba/cvs.html'>
|
||||
<!ENTITY url.pdc-howto.local 'samba-pdc-howto.html'>
|
||||
<!ENTITY url.samba-tng 'http://www.samba-tng.org'>
|
||||
<!ENTITY url.samba.doc 'http://bioserve.latrobe.edu.au/samba/'>
|
||||
<!ENTITY url.ultraedit 'http://www.ultraedit.com'>
|
||||
<!ENTITY url.vi-windows 'http://home.snafu.de/ramo/WinViEn.htm'>
|
||||
<!ENTITY url.pfe 'http://www.lancs.ac.uk/people/cpaap/pfe/'>
|
||||
<!ENTITY url.server-tools.win95 'ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE'>
|
||||
<!ENTITY url.server-tools.winnt 'ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE'>
|
||||
<!ENTITY url.tcpdump 'http://www.tcpdump.org/'>
|
||||
<!ENTITY url.samba 'http://samba.org'>
|
||||
<!ENTITY url.samba-ldap-howto 'http://www.unav.es/cti/ldap-smb-howto.html'>
|
||||
<!ENTITY url.samba-tng.home 'http://www.kneschke.de/projekte/samba_tng/'>
|
||||
<!ENTITY url.samba.mailinglist.ntdom 'http://lists.samba.org/mailman/samba-ntdom'>
|
||||
<!ENTITY url.samba.cifs 'http://samba.org/cifs/'>
|
||||
<!ENTITY url.ntdomains-for-unix 'http://mailhost.cb1.com/~lkcl/ntdom/'>
|
||||
<!ENTITY url.samba.specs.old 'ftp://ftp.microsoft.com/developr/drg/CIFS/'>
|
||||
<!ENTITY url.rfc.1001 'http://ds.internic.net/rfc/rfc1001.txt'>
|
||||
<!ENTITY url.rfc.1002 'http://ds.internic.net/rfc/rfc1002.txt'>
|
||||
|
||||
<!-- Misc -->
|
||||
<!ENTITY samba.pub.cvshost 'pserver.samba.org'>
|
||||
|
||||
<!ENTITY stdarg.debug '
|
||||
<varlistentry>
|
||||
<term>-d|--debug=debuglevel</term>
|
||||
<listitem>
|
||||
<para><replaceable>debuglevel</replaceable> is an integer
|
||||
from 0 to 10. The default value if this parameter is
|
||||
not specified is zero.</para>
|
||||
|
||||
<para>The higher this value, the more detail will be
|
||||
logged to the log files about the activities of the
|
||||
server. At level 0, only critical errors and serious
|
||||
warnings will be logged. Level 1 is a reasonable level for
|
||||
day-to-day running - it generates a small amount of
|
||||
information about operations carried out.</para>
|
||||
|
||||
<para>Levels above 1 will generate considerable
|
||||
amounts of log data, and should only be used when
|
||||
investigating a problem. Levels above 3 are designed for
|
||||
use only by developers and generate HUGE amounts of log
|
||||
data, most of which is extremely cryptic.</para>
|
||||
|
||||
<para>Note that specifying this parameter here will
|
||||
override the <smbconfoption><name>log level</name></smbconfoption> parameter
|
||||
in the &smb.conf; file.</para>
|
||||
</listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<!ENTITY stdarg.configfile '
|
||||
<varlistentry>
|
||||
<term>-s <configuration file></term>
|
||||
<listitem><para>The file specified contains the
|
||||
configuration details required by the server. The
|
||||
information in this file includes server-specific
|
||||
information such as what printcap file to use, as well
|
||||
as descriptions of all the services that the server is
|
||||
to provide. See &smb.conf; for more information.
|
||||
The default configuration file name is determined at
|
||||
compile time.</para></listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<!ENTITY stdarg.version '
|
||||
<varlistentry>
|
||||
<term>-V</term>
|
||||
<listitem><para>Prints the program version number.
|
||||
</para></listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<!ENTITY stdarg.logfile '
|
||||
<varlistentry>
|
||||
<term>-l|--logfile=logbasename</term>
|
||||
<listitem><para>File name for log/debug files. The extension
|
||||
<constant>".client"</constant> will be appended. The log file is
|
||||
never removed by the client.
|
||||
</para></listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<!ENTITY popt.common.samba '
|
||||
&stdarg.version;
|
||||
&stdarg.configfile;
|
||||
&stdarg.debug;
|
||||
&stdarg.logfile;
|
||||
'>
|
||||
|
||||
<!ENTITY stdarg.resolve.order '
|
||||
<varlistentry>
|
||||
<term>-R <name resolve order></term>
|
||||
<listitem><para>This option is used to determine what naming
|
||||
services and in what order to resolve
|
||||
host names to IP addresses. The option takes a space-separated
|
||||
string of different name resolution options.</para>
|
||||
|
||||
<para>The options are: "lmhosts", "host", "wins" and "bcast".
|
||||
They cause names to be resolved as follows :</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><constant>lmhosts</constant>:
|
||||
Lookup an IP address in the Samba lmhosts file. If the
|
||||
line in lmhosts has no name type attached to the
|
||||
NetBIOS name
|
||||
(see the <citerefentry><refentrytitle>lmhosts</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for details)
|
||||
then any name type matches for lookup.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><constant>host</constant>:
|
||||
Do a standard host name to IP address resolution, using
|
||||
the system <filename>/etc/hosts</filename>, NIS, or DNS
|
||||
lookups. This method of name resolution is operating
|
||||
system dependent, for instance on IRIX or Solaris this
|
||||
may be controlled by the <filename>/etc/nsswitch.conf
|
||||
</filename> file). Note that this method is only used
|
||||
if the NetBIOS name type being queried is the 0x20
|
||||
(server) name type, otherwise it is ignored.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><constant>wins</constant>:
|
||||
Query a name with the IP address listed in the
|
||||
<parameter>wins server</parameter> parameter. If no
|
||||
WINS server has been specified this method will be
|
||||
ignored.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><constant>bcast</constant>:
|
||||
Do a broadcast on each of the known local interfaces
|
||||
listed in the <parameter>interfaces</parameter>
|
||||
parameter. This is the least reliable of the name
|
||||
resolution methods as it depends on the target host
|
||||
being on a locally connected subnet.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>If this parameter is not set then the name resolve order
|
||||
defined in the &smb.conf; file parameter
|
||||
(<smbconfoption><name>name resolve order</name></smbconfoption>) will be used.
|
||||
</para>
|
||||
|
||||
<para>The default order is lmhosts, host, wins, bcast. Without
|
||||
this parameter or any entry in the <smbconfoption><name>name resolve order</name></smbconfoption> parameter of the &smb.conf; file, the name
|
||||
resolution methods will be attempted in this order. </para></listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<!ENTITY stdarg.netbios.name '
|
||||
<varlistentry>
|
||||
<term>-n <primary NetBIOS name></term>
|
||||
<listitem><para>This option allows you to override
|
||||
the NetBIOS name that Samba uses for itself. This is identical
|
||||
to setting the <smbconfoption><name>netbios name</name></smbconfoption> parameter in the &smb.conf; file.
|
||||
However, a command
|
||||
line setting will take precedence over settings in
|
||||
&smb.conf;.</para></listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<!ENTITY stdarg.scope '
|
||||
<varlistentry>
|
||||
<term>-i <scope></term>
|
||||
<listitem><para>This specifies a NetBIOS scope that
|
||||
<command>nmblookup</command> will use to communicate with when
|
||||
generating NetBIOS names. For details on the use of NetBIOS
|
||||
scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are
|
||||
<emphasis>very</emphasis> rarely used, only set this parameter
|
||||
if you are the system administrator in charge of all the
|
||||
NetBIOS systems you communicate with.</para></listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<!ENTITY stdarg.workgroup '
|
||||
<varlistentry>
|
||||
<term>-W|--workgroup=domain</term>
|
||||
<listitem><para>Set the SMB domain of the username. This
|
||||
overrides the default domain which is the domain defined in
|
||||
smb.conf. If the domain specified is the same as the servers
|
||||
NetBIOS name, it causes the client to log on using the servers local
|
||||
SAM (as opposed to the Domain SAM). </para></listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<!ENTITY stdarg.socket.options '
|
||||
<varlistentry>
|
||||
<term>-O socket options</term>
|
||||
<listitem><para>TCP socket options to set on the client
|
||||
socket. See the socket options parameter in
|
||||
the &smb.conf; manual page for the list of valid
|
||||
options. </para></listitem>
|
||||
</varlistentry>
|
||||
'>
|
||||
|
||||
<!ENTITY popt.common.connection '
|
||||
&stdarg.netbios.name;
|
||||
&stdarg.scope;
|
||||
&stdarg.workgroup;
|
||||
&stdarg.socket.options;
|
||||
'>
|
||||
|
||||
<!ENTITY stdarg.nopass '
|
||||
<varlistentry>
|
||||
<term>-N</term>
|
||||
<listitem><para>If specified, this parameter suppresses the normal
|
||||
password prompt from the client to the user. This is useful when
|
||||
accessing a service that does not require a password. </para>
|
||||
|
||||
<para>Unless a password is specified on the command line or
|
||||
this parameter is specified, the client will request a
|
||||
password.</para></listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<!ENTITY pct "%">
|
||||
|
||||
<!ENTITY stdarg.username '
|
||||
<varlistentry>
|
||||
<term>-U|--user=username[&pct;password]</term>
|
||||
<listitem><para>Sets the SMB username or username and password. </para>
|
||||
|
||||
<para>If &pct;password is not specified, the user will be prompted. The
|
||||
client will first check the <envar>USER</envar> environment variable, then the
|
||||
<envar>LOGNAME</envar> variable and if either exists, the
|
||||
string is uppercased. If these environmental variables are not
|
||||
found, the username <constant>GUEST</constant> is used. </para>
|
||||
|
||||
<para>A third option is to use a credentials file which
|
||||
contains the plaintext of the username and password. This
|
||||
option is mainly provided for scripts where the admin does not
|
||||
wish to pass the credentials on the command line or via environment
|
||||
variables. If this method is used, make certain that the permissions
|
||||
on the file restrict access from unwanted users. See the
|
||||
<parameter>-A</parameter> for more details. </para>
|
||||
|
||||
<para>Be cautious about including passwords in scripts. Also, on
|
||||
many systems the command line of a running process may be seen
|
||||
via the <command>ps</command> command. To be safe always allow
|
||||
<command>rpcclient</command> to prompt for a password and type
|
||||
it in directly. </para></listitem>
|
||||
</varlistentry>
|
||||
'>
|
||||
|
||||
<!ENTITY stdarg.authfile '
|
||||
<varlistentry>
|
||||
<term>-A|--authfile=filename</term>
|
||||
<listitem><para>This option allows
|
||||
you to specify a file from which to read the username and
|
||||
password used in the connection. The format of the file is
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
username = <value>
|
||||
password = <value>
|
||||
domain = <value>
|
||||
</programlisting></para>
|
||||
|
||||
<para>Make certain that the permissions on the file restrict
|
||||
access from unwanted users. </para></listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<!ENTITY stdarg.kerberos '
|
||||
<varlistentry>
|
||||
<term>-k</term>
|
||||
<listitem><para>
|
||||
Try to authenticate with kerberos. Only useful in
|
||||
an Active Directory environment.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
'>
|
||||
|
||||
|
||||
<!ENTITY stdarg.help '
|
||||
<varlistentry>
|
||||
<term>-h|--help</term>
|
||||
<listitem><para>Print a summary of command line options.
|
||||
</para></listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<!ENTITY popt.common.credentials '
|
||||
&stdarg.nopass;
|
||||
&stdarg.kerberos;
|
||||
&stdarg.authfile;
|
||||
&stdarg.username;
|
||||
'>
|
||||
|
||||
<!-- Entities for the various programs -->
|
||||
<!ENTITY smbd '<application>smbd</application>'>
|
||||
<!ENTITY nmbd '<application>nmbd</application>'>
|
||||
<!ENTITY testparm '<application>testparm</application>'>
|
||||
<!ENTITY smb.conf '<filename>smb.conf</filename>'>
|
||||
<!ENTITY smbclient '<application>smbclient</application>'>
|
||||
<!ENTITY winbindd '<application>winbindd</application>'>
|
||||
<!ENTITY net '<application>net</application>'>
|
||||
|
||||
<!-- We only need this for SGML, and not for XML... -->
|
||||
<!-- <!ENTITY percnt '%'> -->
|
||||
|
||||
<!-- IDs for various Samba documentation sections -->
|
||||
|
||||
<!ENTITY ID-UNIX-INSTALL SYSTEM "install">
|
||||
<!ENTITY ID-ENCRYPTION SYSTEM "pwencrypt">
|
||||
<!ENTITY ID-MS-Dfs-Setup SYSTEM "msdfs">
|
||||
<!ENTITY ID-PRINTER-DRIVER2 SYSTEM "printing">
|
||||
<!ENTITY ID-DOMAIN-MEMBER SYSTEM "domain-security">
|
||||
<!ENTITY ID-WINBIND SYSTEM "winbind">
|
||||
<!ENTITY ID-NT-Security SYSTEM "unix-permissions">
|
||||
<!ENTITY ID-Samba-PDC-HOWTO SYSTEM "samba-pdc">
|
||||
<!ENTITY ID-Samba-BDC-HOWTO SYSTEM "samba-bdc">
|
||||
<!ENTITY ID-CVS-Access SYSTEM "cvs-access">
|
||||
<!ENTITY ID-IntegratingWithWindows SYSTEM "integrate-ms-networks">
|
||||
<!ENTITY ID-Samba-PAM SYSTEM "pam">
|
||||
<!ENTITY ID-Samba-LDAP SYSTEM "samba-ldap-howto">
|
||||
<!ENTITY ID-Diagnosis SYSTEM "diagnosis">
|
||||
<!ENTITY ID-BUGS SYSTEM "bugreport">
|
||||
<!ENTITY ID-StandAloneServer SYSTEM "standaloneserver">
|
||||
<!ENTITY ID-SPEED SYSTEM "speed">
|
||||
<!ENTITY ID-NetworkBrowsing SYSTEM "network-browsing">
|
||||
<!ENTITY ID-GROUP-MAPPING-HOWTO SYSTEM "groupmapping">
|
||||
<!ENTITY ID-Portability SYSTEM "Portability">
|
||||
<!ENTITY ID-Other-Clients SYSTEM "Other-Clients">
|
||||
<!ENTITY ID-pdb-mysql SYSTEM "pdb-mysql">
|
||||
<!ENTITY ID-pdb-xml SYSTEM "pdb-xml">
|
||||
<!ENTITY ID-VFS SYSTEM "VFS">
|
||||
<!ENTITY ID-Further-Resources SYSTEM "further-resources">
|
||||
|
||||
<!ENTITY MANUALPAGES SYSTEM "manpages/manuals.xml">
|
||||
<!ENTITY MAN-FINDSMB SYSTEM "manpages/findsmb.1.xml">
|
||||
<!ENTITY MAN-NMBLOOKUP SYSTEM "manpages/nmblookup.1.xml">
|
||||
<!ENTITY MAN-RPCCLIENT SYSTEM "manpages/rpcclient.1.xml">
|
||||
<!ENTITY MAN-SMBCACLS SYSTEM "manpages/smbcacls.1.xml">
|
||||
<!ENTITY MAN-SMBCLIENT SYSTEM "manpages/smbclient.1.xml">
|
||||
<!ENTITY MAN-SMBCONTROL SYSTEM "manpages/smbcontrol.1.xml">
|
||||
<!ENTITY MAN-LMHOSTS SYSTEM "manpages/lmhosts.5.xml">
|
||||
<!ENTITY MAN-SMBCONF SYSTEM "smbdotconf/smb.conf.5.xml">
|
||||
<!ENTITY MAN-SAMBA SYSTEM "manpages/samba.7.xml">
|
||||
<!ENTITY MAN-NET SYSTEM "manpages/net.8.xml">
|
||||
<!ENTITY MAN-NMBD SYSTEM "manpages/nmbd.8.xml">
|
||||
<!ENTITY MAN-PDBEDIT SYSTEM "manpages/pdbedit.8.xml">
|
||||
<!ENTITY MAN-SMBD SYSTEM "manpages/smbd.8.xml">
|
||||
<!ENTITY MAN-SMBMOUNT SYSTEM "manpages/smbmount.8.xml">
|
||||
<!ENTITY MAN-SMBMNT SYSTEM "manpages/smbmnt.8.xml">
|
||||
<!ENTITY MAN-SMBPASSWDCONF SYSTEM "manpages/smbpasswd.5.xml">
|
||||
<!ENTITY MAN-SMBPASSWD SYSTEM "manpages/smbpasswd.8.xml">
|
||||
<!ENTITY MAN-SMBSH SYSTEM "manpages/smbsh.1.xml">
|
||||
<!ENTITY MAN-SMBTAR SYSTEM "manpages/smbtar.1.xml">
|
||||
<!ENTITY MAN-SMBTREE SYSTEM "manpages/smbtree.1.xml">
|
||||
<!ENTITY MAN-SMBCQUOTAS SYSTEM "manpages/smbcquotas.1.xml">
|
||||
<!ENTITY MAN-SMBSPOOL SYSTEM "manpages/smbspool.8.xml">
|
||||
<!ENTITY MAN-SMBSTATUS SYSTEM "manpages/smbstatus.1.xml">
|
||||
<!ENTITY MAN-SMBUMOUNT SYSTEM "manpages/smbumount.8.xml">
|
||||
<!ENTITY MAN-SWAT SYSTEM "manpages/swat.8.xml">
|
||||
<!ENTITY MAN-TDBBACKUP SYSTEM "manpages/tdbbackup.8.xml">
|
||||
<!ENTITY MAN-TESTPARM SYSTEM "manpages/testparm.1.xml">
|
||||
<!ENTITY MAN-TESTPRNS SYSTEM "manpages/testprns.1.xml">
|
||||
<!ENTITY MAN-VFSTEST SYSTEM "manpages/vfstest.1.xml">
|
||||
<!ENTITY MAN-WBINFO SYSTEM "manpages/wbinfo.1.xml">
|
||||
<!ENTITY MAN-WINBINDD SYSTEM "manpages/winbindd.8.xml">
|
||||
|
||||
|
||||
<!ENTITY AccessControls SYSTEM "projdoc/AccessControls.xml">
|
||||
<!ENTITY AdvancedNetworkAdmin SYSTEM "projdoc/AdvancedNetworkAdmin.xml">
|
||||
<!ENTITY BUGS SYSTEM "projdoc/Bugs.xml">
|
||||
<!ENTITY Backup SYSTEM "projdoc/Backup.xml">
|
||||
<!ENTITY CUPS SYSTEM "projdoc/CUPS-printing.xml">
|
||||
<!ENTITY CVS-Access SYSTEM "projdoc/CVS-Access.xml">
|
||||
<!ENTITY Compiling SYSTEM "projdoc/Compiling.xml">
|
||||
<!ENTITY DNS-DHCP-Configuration SYSTEM "projdoc/DNS-DHCP-Configuration.xml">
|
||||
<!ENTITY DOMAIN-MEMBER SYSTEM "projdoc/DOMAIN_MEMBER.xml">
|
||||
<!ENTITY Diagnosis SYSTEM "projdoc/Diagnosis.xml">
|
||||
<!ENTITY ENCRYPTION SYSTEM "projdoc/ENCRYPTION.xml">
|
||||
<!ENTITY FastStart SYSTEM "projdoc/FastStart.xml">
|
||||
<!ENTITY Further-Resources SYSTEM "projdoc/Further-Resources.xml">
|
||||
<!ENTITY Further-Resources SYSTEM "projdoc/Further-Resources.xml">
|
||||
<!ENTITY GROUP-MAPPING-HOWTO SYSTEM "projdoc/GROUP-MAPPING-HOWTO.xml">
|
||||
<!ENTITY HighAvailability SYSTEM "projdoc/HighAvailability.xml">
|
||||
<!ENTITY IntegratingWithWindows SYSTEM "projdoc/Integrating-with-Windows.xml">
|
||||
<!ENTITY IntroSMB SYSTEM "projdoc/IntroSMB.xml">
|
||||
<!ENTITY MS-Dfs-Setup SYSTEM "projdoc/msdfs_setup.xml">
|
||||
<!ENTITY NT4Migration SYSTEM "projdoc/NT4Migration.xml">
|
||||
<!ENTITY NetworkBrowsing SYSTEM "projdoc/NetworkBrowsing.xml">
|
||||
<!ENTITY Other-Clients SYSTEM "projdoc/Other-Clients.xml">
|
||||
<!ENTITY PRINTER-DRIVER2 SYSTEM "projdoc/printer_driver2.xml">
|
||||
<!ENTITY Passdb SYSTEM "projdoc/passdb.xml">
|
||||
<!ENTITY PolicyMgmt SYSTEM "projdoc/PolicyMgmt.xml">
|
||||
<!ENTITY Portability SYSTEM "projdoc/Portability.xml">
|
||||
<!ENTITY ProfileMgmt SYSTEM "projdoc/ProfileMgmt.xml">
|
||||
<!ENTITY SPEED SYSTEM "projdoc/Speed.xml">
|
||||
<!ENTITY SWAT SYSTEM "projdoc/SWAT.xml">
|
||||
<!ENTITY Samba-BDC-HOWTO SYSTEM "projdoc/Samba-BDC-HOWTO.xml">
|
||||
<!ENTITY Samba-LDAP SYSTEM "projdoc/Samba-LDAP-HOWTO.xml">
|
||||
<!ENTITY Samba-PAM SYSTEM "projdoc/PAM-Authentication-And-Samba.xml">
|
||||
<!ENTITY Samba-PDC-HOWTO SYSTEM "projdoc/Samba-PDC-HOWTO.xml">
|
||||
<!ENTITY SecuringSamba SYSTEM "projdoc/securing-samba.xml">
|
||||
<!ENTITY ServerType SYSTEM "projdoc/ServerType.xml">
|
||||
<!ENTITY StandAloneServer SYSTEM "projdoc/StandAloneServer.xml">
|
||||
<!ENTITY Trusts SYSTEM "projdoc/InterdomainTrusts.xml">
|
||||
<!ENTITY UNIX-INSTALL SYSTEM "projdoc/UNIX_INSTALL.xml">
|
||||
<!ENTITY upgrading SYSTEM "projdoc/upgrading-to-3.0.xml">
|
||||
<!ENTITY VFS SYSTEM "projdoc/VFS.xml">
|
||||
<!ENTITY WINBIND SYSTEM "projdoc/winbind.xml">
|
||||
<!ENTITY ClientConfig SYSTEM "projdoc/WindowsClientConfig.xml">
|
||||
<!ENTITY locking SYSTEM "projdoc/locking.xml">
|
||||
<!ENTITY problems SYSTEM "projdoc/Problems.xml">
|
||||
<!ENTITY unicode SYSTEM "projdoc/unicode.xml">
|
||||
<!ENTITY attributions SYSTEM "projdoc/attributions.xml">
|
||||
<!ENTITY attributions-dev SYSTEM "devdoc/attributions.xml">
|
||||
<!ENTITY glossary SYSTEM "projdoc/glossary.xml">
|
||||
<!ENTITY foreword-tridge SYSTEM "projdoc/foreword-tridge.xml">
|
||||
|
||||
<!ENTITY not.implemented "<note><para>Currently NOT implemented.</para></note>">
|
||||
<!ENTITY rootprompt "<prompt>root# </prompt>">
|
||||
<!ENTITY prompt "<prompt>$ </prompt>">
|
||||
<!ENTITY dosprompt "<prompt>C:\> </prompt>">
|
||||
|
||||
<!ENTITY example.workgroup "MIDEARTH">
|
||||
<!ENTITY example.server.samba "GANDALF">
|
||||
<!ENTITY example.server.windows "SARUMAN">
|
||||
<!ENTITY example.workstation.windows "FRODO">
|
||||
<!ENTITY example.workstation.samba "BILBO">
|
||||
<!ENTITY example.pdc.samba "SAURON">
|
||||
<!ENTITY example.server.wins "noldor">
|
||||
|
||||
<!ENTITY smbmdash "<?latex --- ?>">
|
@ -1 +0,0 @@
|
||||
smb.conf.5.xml
|
@ -1,87 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="editreg.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>editreg</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>editreg</refname>
|
||||
<refpurpose>A utility to report and change SIDs in registry files
|
||||
</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>editreg</command>
|
||||
<arg choice="opt">-v</arg>
|
||||
<arg choice="opt">-c file</arg>
|
||||
<arg choice="req">file</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>editreg</command> is a utility that
|
||||
can visualize windows registry files (currently only NT4) and apply
|
||||
so-called commandfiles to them.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>registry_file</term>
|
||||
<listitem><para>Registry file to view or edit. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-v,--verbose</term>
|
||||
<listitem><para>Increases verbosity of messages.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-c commandfile</term>
|
||||
<listitem><para>Read commands to execute on <filename>registry_file</filename> from <filename>commandfile</filename>. Currently not yet supported!
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.help;
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba
|
||||
suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The editreg man page was written by Jelmer Vernooij. </para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,152 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="findsmb.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>findsmb</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>findsmb</refname>
|
||||
<refpurpose>list info about machines that respond to SMB
|
||||
name queries on a subnet</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>findsmb</command>
|
||||
<arg choice="opt">subnet broadcast address</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This perl script is part of the <citerefentry>
|
||||
<refentrytitle>Samba</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
suite.</para>
|
||||
|
||||
<para><command>findsmb</command> is a perl script that
|
||||
prints out several pieces of information about machines
|
||||
on a subnet that respond to SMB name query requests.
|
||||
It uses <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
and <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
to obtain this information.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-r</term>
|
||||
<listitem><para>Controls whether <command>findsmb</command> takes
|
||||
bugs in Windows95 into account when trying to find a Netbios name
|
||||
registered of the remote machine. This option is disabled by default
|
||||
because it is specific to Windows 95 and Windows 95 machines only.
|
||||
If set, <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
will be called with <constant>-B</constant> option.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>subnet broadcast address</term>
|
||||
<listitem><para>Without this option, <command>findsmb
|
||||
</command> will probe the subnet of the machine where
|
||||
<citerefentry><refentrytitle>findsmb</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
is run. This value is passed to
|
||||
<citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
as part of the <constant>-B</constant> option.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>EXAMPLES</title>
|
||||
|
||||
<para>The output of <command>findsmb</command> lists the following
|
||||
information for all machines that respond to the initial
|
||||
<command>nmblookup</command> for any name: IP address, NetBIOS name,
|
||||
Workgroup name, operating system, and SMB server version.</para>
|
||||
|
||||
<para>There will be a '+' in front of the workgroup name for
|
||||
machines that are local master browsers for that workgroup. There
|
||||
will be an '*' in front of the workgroup name for
|
||||
machines that are the domain master browser for that workgroup.
|
||||
Machines that are running Windows, Windows 95 or Windows 98 will
|
||||
not show any information about the operating system or server
|
||||
version.</para>
|
||||
|
||||
<para>The command with <constant>-r</constant> option
|
||||
must be run on a system without <citerefentry>
|
||||
<refentrytitle>nmbd</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry> running.
|
||||
|
||||
If <command>nmbd</command> is running on the system, you will
|
||||
only get the IP address and the DNS name of the machine. To
|
||||
get proper responses from Windows 95 and Windows 98 machines,
|
||||
the command must be run as root and with <constant>-r</constant>
|
||||
option on a machine without <command>nmbd</command> running.</para>
|
||||
|
||||
<para>For example, running <command>findsmb</command>
|
||||
without <constant>-r</constant> option set would yield output similar
|
||||
to the following</para>
|
||||
|
||||
<screen>
|
||||
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
|
||||
---------------------------------------------------------------------
|
||||
192.168.35.10 MINESET-TEST1 [DMVENGR]
|
||||
192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6]
|
||||
192.168.35.56 HERBNT2 [HERB-NT]
|
||||
192.168.35.63 GANDALF [MVENGR] [Unix] [Samba 2.0.5a for IRIX]
|
||||
192.168.35.65 SAUNA [WORKGROUP] [Unix] [Samba 1.9.18p10]
|
||||
192.168.35.71 FROGSTAR [ENGR] [Unix] [Samba 2.0.0 for IRIX]
|
||||
192.168.35.78 HERBDHCP1 +[HERB]
|
||||
192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
|
||||
192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
|
||||
192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
|
||||
</screen>
|
||||
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry>
|
||||
<refentrytitle>nmbd</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
<citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
|
||||
</citerefentry>, and <citerefentry><refentrytitle>nmblookup</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink
|
||||
url="ftp://ftp.icce.rug.nl/pub/unix/">ftp://ftp.icce.rug.nl/pub/unix/</ulink>)
|
||||
and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
|
||||
XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,119 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="lmhosts.5">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>lmhosts</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>lmhosts</refname>
|
||||
<refpurpose>The Samba NetBIOS hosts file</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<para><filename>lmhosts</filename> is the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> NetBIOS name to IP address mapping file.</para>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This file is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><filename>lmhosts</filename> is the <emphasis>Samba
|
||||
</emphasis> NetBIOS name to IP address mapping file. It
|
||||
is very similar to the <filename>/etc/hosts</filename> file
|
||||
format, except that the hostname component must correspond
|
||||
to the NetBIOS naming format.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>FILE FORMAT</title>
|
||||
<para>It is an ASCII file containing one line for NetBIOS name.
|
||||
The two fields on each line are separated from each other by
|
||||
white space. Any entry beginning with '#' is ignored. Each line
|
||||
in the lmhosts file contains the following information:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>IP Address - in dotted decimal format.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem><para>NetBIOS Name - This name format is a
|
||||
maximum fifteen character host name, with an optional
|
||||
trailing '#' character followed by the NetBIOS name type
|
||||
as two hexadecimal digits.</para>
|
||||
|
||||
<para>If the trailing '#' is omitted then the given IP
|
||||
address will be returned for all names that match the given
|
||||
name, whatever the NetBIOS name type in the lookup.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>An example follows:</para>
|
||||
|
||||
<programlisting>
|
||||
#
|
||||
# Sample Samba lmhosts file.
|
||||
#
|
||||
192.9.200.1 TESTPC
|
||||
192.9.200.20 NTSERVER#20
|
||||
192.9.200.21 SAMBASERVER
|
||||
</programlisting>
|
||||
|
||||
<para>Contains three IP to NetBIOS name mappings. The first
|
||||
and third will be returned for any queries for the names "TESTPC"
|
||||
and "SAMBASERVER" respectively, whatever the type component of
|
||||
the NetBIOS name requested.</para>
|
||||
|
||||
<para>The second mapping will be returned only when the "0x20" name
|
||||
type for a name "NTSERVER" is queried. Any other name type will not
|
||||
be resolved.</para>
|
||||
|
||||
<para>The default location of the <filename>lmhosts</filename> file
|
||||
is in the same directory as the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file.</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry>
|
||||
<refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
|
||||
</citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry>, and <citerefentry><refentrytitle>smbpasswd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at
|
||||
<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
|
||||
XML 4.2 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,138 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="log2pcap.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>log2pcap</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>log2pcap</refname>
|
||||
<refpurpose>Extract network traces from Samba log files</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>log2pcap</command>
|
||||
<arg choice="opt">-h</arg>
|
||||
<arg choice="opt">-q</arg>
|
||||
<arg choice="opt">logfile</arg>
|
||||
<arg choice="opt">pcap_file</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>log2pcap</command> reads in a
|
||||
samba log file and generates a pcap file (readable
|
||||
by most sniffers, such as ethereal or tcpdump) based on the packet
|
||||
dumps in the log file.</para>
|
||||
|
||||
<para>The log file must have a <parameter>log level</parameter>
|
||||
of at least <constant>5</constant> to get the SMB header/parameters
|
||||
right, <constant>10</constant> to get the first 512 data bytes of the
|
||||
packet and <constant>50</constant> to get the whole packet.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-h</term>
|
||||
<listitem><para>If this parameter is
|
||||
specified the output file will be a
|
||||
hex dump, in a format that is readable
|
||||
by the <application>text2pcap</application> utility.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-q</term>
|
||||
<listitem><para>Be quiet. No warning messages about missing
|
||||
or incomplete data will be given.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>logfile</term>
|
||||
<listitem><para>
|
||||
Samba log file. log2pcap will try to read the log from stdin
|
||||
if the log file is not specified.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>pcap_file</term>
|
||||
<listitem><para>
|
||||
Name of the output file to write the pcap (or hexdump) data to.
|
||||
If this argument is not specified, output data will be written
|
||||
to stdout.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.help;
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>EXAMPLES</title>
|
||||
|
||||
<para>Extract all network traffic from all samba log files:</para>
|
||||
|
||||
<para><screen>
|
||||
<prompt>$</prompt> cat /var/log/* | log2pcap > trace.pcap
|
||||
</screen></para>
|
||||
|
||||
<para>Convert to pcap using text2pcap:</para>
|
||||
|
||||
<para><screen>
|
||||
<prompt>$</prompt> log2pcap -h samba.log | text2pcap -T 139,139 - trace.pcap
|
||||
</screen></para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>BUGS</title>
|
||||
|
||||
<para>Only SMB data is extracted from the samba logs, no LDAP,
|
||||
NetBIOS lookup or other data.</para>
|
||||
|
||||
<para>The generated TCP and IP headers don't contain a valid
|
||||
checksum.</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>text2pcap</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>ethereal</refentrytitle><manvolnum>1</manvolnum></citerefentry></para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>This manpage was written by Jelmer Vernooij.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,302 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="mount.cifs.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>mount.cifs</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>mount.cifs</refname>
|
||||
<refpurpose>mount using the Common Internet File System (CIFS)</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
|
||||
<command>mount.cifs</command>
|
||||
<arg choice="req">service</arg>
|
||||
<arg choice="req">mount-point</arg>
|
||||
<arg choice="opt">-o options</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para>mount.cifs mounts a Linux CIFS filesystem. It
|
||||
is usually invoked indirectly by
|
||||
the <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> command when using the
|
||||
"-t cifs" option. This command only works in Linux, and the kernel must
|
||||
support the cifs filesystem. The CIFS protocol is the successor to the
|
||||
SMB protocol and is supported by most Windows servers and many other
|
||||
commercial servers and Network Attached Storage appliances as well as
|
||||
by the popular Open Source server Samba.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The mount.cifs utility attaches the UNC name (exported network resource) to
|
||||
the local directory <emphasis>mount-point</emphasis>. It is possible to set the mode for mount.cifs to
|
||||
setuid root to allow non-root users to mount shares to directories for which they
|
||||
have write permission.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Options to <emphasis>mount.cifs</emphasis> are specified as a comma-separated
|
||||
list of key=value pairs. It is possible to send options other
|
||||
than those listed here, assuming that cifs supports them. If
|
||||
you get mount failures, check your kernel log for errors on
|
||||
unknown options.
|
||||
</para>
|
||||
|
||||
<para><emphasis>mount.cifs</emphasis> is a daemon. After mounting it keeps running until
|
||||
the mounted resource is unmounted (usually via the umount utility)
|
||||
</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
<variablelist>
|
||||
<varlistentry><term>username=<replaceable>arg</replaceable></term>
|
||||
|
||||
<listitem><para>specifies the username to connect as. If
|
||||
this is not given, then the environment variable <emphasis>USER</emphasis> is used. This option can also take the
|
||||
form "user%password" or "user/workgroup" or
|
||||
"user/workgroup%password" to allow the password and workgroup
|
||||
to be specified as part of the username.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>password=<replaceable>arg</replaceable></term>
|
||||
|
||||
<listitem><para>specifies the CIFS password. If this
|
||||
option is not given then the environment variable
|
||||
<emphasis>PASSWD</emphasis> is used. If it can find
|
||||
no password <emphasis>mount.cifs</emphasis> will prompt
|
||||
for a passeword, unless the guest option is
|
||||
given.
|
||||
</para>
|
||||
|
||||
<para>Note that password which contain the arguement delimiter
|
||||
character (i.e. a comma ',') will failed to be parsed correctly
|
||||
on the command line. However, the same password defined
|
||||
in the PASSWD environment variable or a credentials file (see
|
||||
below) will be read correctly.
|
||||
</para>
|
||||
</listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>credentials=<replaceable>filename</replaceable></term>
|
||||
|
||||
<listitem><para>
|
||||
specifies a file that contains a username
|
||||
and/or password. The format of the file is:
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
.nf
|
||||
username = <replaceable>value</replaceable>
|
||||
password = <replaceable>value</replaceable>
|
||||
.fi
|
||||
</programlisting>
|
||||
|
||||
<para>
|
||||
This is preferred over having passwords in plaintext in a
|
||||
shared file, such as <filename>/etc/fstab</filename>. Be sure to protect any
|
||||
credentials file properly.
|
||||
</para>
|
||||
</listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>uid=<replaceable>arg</replaceable></term>
|
||||
|
||||
<listitem><para>sets the uid that will own all files on
|
||||
the mounted filesystem.
|
||||
It may be specified as either a username or a numeric uid.
|
||||
This parameter is ignored when the target server supports
|
||||
the CIFS Unix extensions.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>gid=<replaceable>arg</replaceable></term>
|
||||
|
||||
<listitem><para>sets the gid that will own all files on
|
||||
the mounted filesystem.
|
||||
It may be specified as either a groupname or a numeric
|
||||
gid. This parameter is ignored when the target server supports
|
||||
the CIFS Unix extensions.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>port=<replaceable>arg</replaceable></term>
|
||||
|
||||
<listitem><para>sets the port number on the server to attempt to contact to negotiate
|
||||
CIFS support. If the CIFS server is not listening on this port or
|
||||
if it is not specified, the default ports will be tried i.e.
|
||||
port 445 is tried and if no response then port 139 is tried.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>file_mode=<replaceable>arg</replaceable></term>
|
||||
|
||||
<listitem><para>If the server does not support the CIFS Unix extensions this
|
||||
overrides default file mode which will be used locally.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>dir_mode=<replaceable>arg</replaceable></term>
|
||||
|
||||
<listitem><para>If the server does not support the CIFS Unix extensions this
|
||||
overrides the default mode for directories. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>ip=<replaceable>arg</replaceable></term>
|
||||
|
||||
<listitem><para>sets the destination host or IP address.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>domain=<replaceable>arg</replaceable></term>
|
||||
|
||||
<listitem><para>sets the domain (workgroup) of the user </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>guest</term>
|
||||
|
||||
<listitem><para>don't prompt for a password </para></listitem>
|
||||
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>ro</term>
|
||||
|
||||
<listitem><para>mount read-only</para></listitem>
|
||||
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>rw</term>
|
||||
<listitem><para>mount read-write</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>rsize</term>
|
||||
<listitem><para>default network read size</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>wsize</term>
|
||||
|
||||
<listitem><para>default network write size</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>ENVIRONMENT VARIABLES</title>
|
||||
|
||||
<para>
|
||||
The variable <emphasis>USER</emphasis> may contain the username of the
|
||||
person using the client. This information is used only if the
|
||||
protocol level is high enough to support session-level
|
||||
passwords. The variable can be used to set both username and
|
||||
password by using the format username%password.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The variable <emphasis>PASSWD</emphasis> may contain the password of the
|
||||
person using the client. This information is used only if the
|
||||
protocol level is high enough to support session-level
|
||||
passwords.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The variable <emphasis>PASSWD_FILE</emphasis> may contain the pathname
|
||||
of a file to read the password from. A single line of input is
|
||||
read and used as the password.
|
||||
</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>NOTES</title>
|
||||
|
||||
<para>This command may be used only by root.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>CONFIGURATION</title>
|
||||
<para>
|
||||
The primary mechanism for making configuration changes and for reading
|
||||
debug information for the cifs vfs is via the Linux /proc filesystem.
|
||||
In the directory /proc/fs/cifs are various configuration files and
|
||||
pseudo files which can display debug information. For more
|
||||
information see the kernel file fs/cifs/README
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>BUGS</title>
|
||||
|
||||
<para>Passwords and other options containing , can not be handled.
|
||||
For passwords an alternative way of passing them is in a credentials
|
||||
file or in the PASSWD environment.</para>
|
||||
|
||||
<para>The credentials file does not handle usernames or passwords with
|
||||
leading space.</para>
|
||||
|
||||
<para>
|
||||
Note that the typical response to a bug report is suggestion
|
||||
to try the latest version first. So please try doing that first,
|
||||
and always include which versions you use of relevant software
|
||||
when reporting bugs (minimum: samba, kernel, distribution)
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para>
|
||||
Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel
|
||||
source tree may contain additional options and information.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>Steve French</para>
|
||||
|
||||
<para>The syntax and manpage were loosely based on that of smbmount. It
|
||||
was converted to Docbook/XML by Jelmer Vernooij.</para>
|
||||
|
||||
<para>The current maintainer of the Linux cifs vfs and the userspace
|
||||
tool <emphasis>mount.cifs</emphasis> is <ulink url="mailto:sfrench@samba.org">Steve French</ulink>.
|
||||
The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink>
|
||||
is the preferred place to ask questions regarding these programs.
|
||||
</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,905 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="net.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>net</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>net</refname>
|
||||
<refpurpose>Tool for administration of Samba and remote
|
||||
CIFS servers.
|
||||
</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>net</command>
|
||||
<arg choice="req"><ads|rap|rpc></arg>
|
||||
<arg choice="opt">-h</arg>
|
||||
<arg choice="opt">-w workgroup</arg>
|
||||
<arg choice="opt">-W myworkgroup</arg>
|
||||
<arg choice="opt">-U user</arg>
|
||||
<arg choice="opt">-I ip-address</arg>
|
||||
<arg choice="opt">-p port</arg>
|
||||
<arg choice="opt">-n myname</arg>
|
||||
<arg choice="opt">-s conffile</arg>
|
||||
<arg choice="opt">-S server</arg>
|
||||
<arg choice="opt">-l</arg>
|
||||
<arg choice="opt">-P</arg>
|
||||
<arg choice="opt">-D debuglevel</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para>The samba net utility is meant to work just like the net utility
|
||||
available for windows and DOS. The first argument should be used
|
||||
to specify the protocol to use when executing a certain command.
|
||||
ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3)
|
||||
clients and RPC can be used for NT4 and Windows 2000. If this
|
||||
argument is omitted, net will try to determine it automatically.
|
||||
Not all commands are available on all protocols.
|
||||
</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
&stdarg.help;
|
||||
|
||||
<varlistentry>
|
||||
<term>-w target-workgroup</term>
|
||||
<listitem><para>
|
||||
Sets target workgroup or domain. You have to specify
|
||||
either this option or the IP address or the name of a server.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-W workgroup</term>
|
||||
<listitem><para>
|
||||
Sets client workgroup or domain
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-U user</term>
|
||||
<listitem><para>
|
||||
User name to use
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-I ip-address</term>
|
||||
<listitem><para>
|
||||
IP address of target server to use. You have to
|
||||
specify either this option or a target workgroup or
|
||||
a target server.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-p port</term>
|
||||
<listitem><para>
|
||||
Port on the target server to connect to (usually 139 or 445).
|
||||
Defaults to trying 445 first, then 139.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.netbios.name;
|
||||
&stdarg.configfile;
|
||||
|
||||
<varlistentry>
|
||||
<term>-S server</term>
|
||||
<listitem><para>
|
||||
Name of target server. You should specify either
|
||||
this option or a target workgroup or a target IP address.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-l</term>
|
||||
<listitem><para>
|
||||
When listing data, give more information on each item.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-P</term>
|
||||
<listitem><para>
|
||||
Make queries to the external server using the machine account of the local server.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.debug;
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>COMMANDS</title>
|
||||
|
||||
<refsect2>
|
||||
<title>CHANGESECRETPW</title>
|
||||
|
||||
<para>This command allows the Samba machine account password to be set from an external application
|
||||
to a machine account password that has already been stored in Active Directory. DO NOT USE this command
|
||||
unless you know exactly what you are doing. The use of this command requires that the force flag (-f)
|
||||
be used also. There will be NO command prompt. Whatever information is piped into stdin, either by
|
||||
typing at the command line or otherwise, will be stored as the literal machine password. Do NOT use
|
||||
this without care and attention as it will overwrite a legitimate machine password without warning.
|
||||
YOU HAVE BEEN WARNED.
|
||||
</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>TIME</title>
|
||||
|
||||
<para>The <command>NET TIME</command> command allows you to view the time on a remote server
|
||||
or synchronise the time on the local server with the time on the remote server.</para>
|
||||
|
||||
<refsect3>
|
||||
<title>TIME</title>
|
||||
|
||||
<para>Without any options, the <command>NET TIME</command> command
|
||||
displays the time on the remote server.
|
||||
</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>TIME SYSTEM</title>
|
||||
|
||||
<para>Displays the time on the remote server in a format ready for <command>/bin/date</command></para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>TIME SET</title>
|
||||
<para>Tries to set the date and time of the local server to that on
|
||||
the remote server using <command>/bin/date</command>. </para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>TIME ZONE</title>
|
||||
|
||||
<para>Displays the timezone in hours from GMT on the remote computer.</para>
|
||||
|
||||
</refsect3>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options]</title>
|
||||
|
||||
<para>
|
||||
Join a domain. If the account already exists on the server, and
|
||||
[TYPE] is MEMBER, the machine will attempt to join automatically.
|
||||
(Assuming that the machine has been created in server manager)
|
||||
Otherwise, a password will be prompted for, and a new account may
|
||||
be created.</para>
|
||||
|
||||
<para>
|
||||
[TYPE] may be PDC, BDC or MEMBER to specify the type of server
|
||||
joining the domain.
|
||||
</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>[RPC] OLDJOIN [options]</title>
|
||||
|
||||
<para>Join a domain. Use the OLDJOIN option to join the domain
|
||||
using the old style of domain joining - you need to create a trust
|
||||
account in server manager first.</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>[RPC|ADS] USER</title>
|
||||
|
||||
<refsect3>
|
||||
<title>[RPC|ADS] USER DELETE <replaceable>target</replaceable></title>
|
||||
|
||||
<para>Delete specified user</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>[RPC|ADS] USER LIST</title>
|
||||
|
||||
<para>List all users</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>[RPC|ADS] USER INFO <replaceable>target</replaceable></title>
|
||||
|
||||
<para>List the domain groups of a the specified user.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>[RPC|ADS] USER ADD <replaceable>name</replaceable> [password] [-F user flags] [-C comment]</title>
|
||||
|
||||
<para>Add specified user.</para>
|
||||
</refsect3>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>[RPC|ADS] GROUP</title>
|
||||
|
||||
<refsect3>
|
||||
<title>[RPC|ADS] GROUP [misc options] [targets]</title>
|
||||
<para>List user groups.</para>
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>[RPC|ADS] GROUP DELETE <replaceable>name</replaceable> [misc. options]</title>
|
||||
|
||||
<para>Delete specified group.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>[RPC|ADS] GROUP ADD <replaceable>name</replaceable> [-C comment]</title>
|
||||
|
||||
<para>Create specified group.</para>
|
||||
|
||||
</refsect3>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>[RAP|RPC] SHARE</title>
|
||||
|
||||
<refsect3>
|
||||
<title>[RAP|RPC] SHARE [misc. options] [targets]</title>
|
||||
|
||||
<para>Enumerates all exported resources (network shares) on target server.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>[RAP|RPC] SHARE ADD <replaceable>name=serverpath</replaceable> [-C comment] [-M maxusers] [targets]</title>
|
||||
|
||||
<para>Adds a share from a server (makes the export active). Maxusers
|
||||
specifies the number of users that can be connected to the
|
||||
share simultaneously.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>SHARE DELETE <replaceable>sharenam</replaceable></title>
|
||||
|
||||
<para>Delete specified share.</para>
|
||||
</refsect3>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>[RPC|RAP] FILE</title>
|
||||
|
||||
<refsect3>
|
||||
<title>[RPC|RAP] FILE</title>
|
||||
|
||||
<para>List all open files on remote server.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>[RPC|RAP] FILE CLOSE <replaceable>fileid</replaceable></title>
|
||||
|
||||
<para>Close file with specified <replaceable>fileid</replaceable> on
|
||||
remote server.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>[RPC|RAP] FILE INFO <replaceable>fileid</replaceable></title>
|
||||
|
||||
<para>
|
||||
Print information on specified <replaceable>fileid</replaceable>.
|
||||
Currently listed are: file-id, username, locks, path, permissions.
|
||||
</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>[RAP|RPC] FILE USER</title>
|
||||
|
||||
¬.implemented;
|
||||
|
||||
</refsect3>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>SESSION</title>
|
||||
|
||||
<refsect3>
|
||||
<title>RAP SESSION</title>
|
||||
|
||||
<para>Without any other options, SESSION enumerates all active SMB/CIFS
|
||||
sessions on the target server.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>RAP SESSION DELETE|CLOSE <replaceable>CLIENT_NAME</replaceable></title>
|
||||
|
||||
<para>Close the specified sessions.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>RAP SESSION INFO <replaceable>CLIENT_NAME</replaceable></title>
|
||||
|
||||
<para>Give a list with all the open files in specified session.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RAP SERVER <replaceable>DOMAIN</replaceable></title>
|
||||
|
||||
<para>List all servers in specified domain or workgroup. Defaults
|
||||
to local domain.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RAP DOMAIN</title>
|
||||
|
||||
<para>Lists all domains and workgroups visible on the
|
||||
current network.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RAP PRINTQ</title>
|
||||
|
||||
<refsect3>
|
||||
<title>RAP PRINTQ LIST <replaceable>QUEUE_NAME</replaceable></title>
|
||||
|
||||
<para>Lists the specified print queue and print jobs on the server.
|
||||
If the <replaceable>QUEUE_NAME</replaceable> is omitted, all
|
||||
queues are listed.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>RAP PRINTQ DELETE <replaceable>JOBID</replaceable></title>
|
||||
|
||||
<para>Delete job with specified id.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RAP VALIDATE <replaceable>user</replaceable> [<replaceable>password</replaceable>]</title>
|
||||
|
||||
<para>
|
||||
Validate whether the specified user can log in to the
|
||||
remote server. If the password is not specified on the commandline, it
|
||||
will be prompted.
|
||||
</para>
|
||||
|
||||
¬.implemented;
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RAP GROUPMEMBER</title>
|
||||
|
||||
<refsect3>
|
||||
<title>RAP GROUPMEMBER LIST <replaceable>GROUP</replaceable></title>
|
||||
|
||||
<para>List all members of the specified group.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>RAP GROUPMEMBER DELETE <replaceable>GROUP</replaceable> <replaceable>USER</replaceable></title>
|
||||
|
||||
<para>Delete member from group.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>RAP GROUPMEMBER ADD <replaceable>GROUP</replaceable> <replaceable>USER</replaceable></title>
|
||||
|
||||
<para>Add member to group.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RAP ADMIN <replaceable>command</replaceable></title>
|
||||
|
||||
<para>Execute the specified <replaceable>command</replaceable> on
|
||||
the remote server. Only works with OS/2 servers.
|
||||
</para>
|
||||
|
||||
¬.implemented;
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RAP SERVICE</title>
|
||||
|
||||
<refsect3>
|
||||
<title>RAP SERVICE START <replaceable>NAME</replaceable> [arguments...]</title>
|
||||
|
||||
<para>Start the specified service on the remote server. Not implemented yet.</para>
|
||||
|
||||
¬.implemented;
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>RAP SERVICE STOP</title>
|
||||
|
||||
<para>Stop the specified service on the remote server.</para>
|
||||
|
||||
¬.implemented;
|
||||
|
||||
</refsect3>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RAP PASSWORD <replaceable>USER</replaceable> <replaceable>OLDPASS</replaceable> <replaceable>NEWPASS</replaceable></title>
|
||||
|
||||
<para>
|
||||
Change password of <replaceable>USER</replaceable> from <replaceable>OLDPASS</replaceable> to <replaceable>NEWPASS</replaceable>.
|
||||
</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>LOOKUP</title>
|
||||
|
||||
<refsect3>
|
||||
<title>LOOKUP HOST <replaceable>HOSTNAME</replaceable> [<replaceable>TYPE</replaceable>]</title>
|
||||
|
||||
<para>
|
||||
Lookup the IP address of the given host with the specified type (netbios suffix).
|
||||
The type defaults to 0x20 (workstation).
|
||||
</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>LOOKUP LDAP [<replaceable>DOMAIN</replaceable></title>
|
||||
|
||||
<para>Give IP address of LDAP server of specified <replaceable>DOMAIN</replaceable>. Defaults to local domain.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>LOOKUP KDC [<replaceable>REALM</replaceable>]</title>
|
||||
|
||||
<para>Give IP address of KDC for the specified <replaceable>REALM</replaceable>.
|
||||
Defaults to local realm.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>LOOKUP DC [<replaceable>DOMAIN</replaceable>]</title>
|
||||
|
||||
<para>Give IP's of Domain Controllers for specified <replaceable>
|
||||
DOMAIN</replaceable>. Defaults to local domain.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>LOOKUP MASTER <replaceable>DOMAIN</replaceable></title>
|
||||
|
||||
<para>Give IP of master browser for specified <replaceable>DOMAIN</replaceable>
|
||||
or workgroup. Defaults to local domain.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>CACHE</title>
|
||||
|
||||
<para>Samba uses a general caching interface called 'gencache'. It
|
||||
can be controlled using 'NET CACHE'.</para>
|
||||
|
||||
<para>All the timeout parameters support the suffixes:
|
||||
|
||||
<simplelist>
|
||||
<member>s - Seconds</member>
|
||||
<member>m - Minutes</member>
|
||||
<member>h - Hours</member>
|
||||
<member>d - Days</member>
|
||||
<member>w - Weeks</member>
|
||||
</simplelist>
|
||||
|
||||
</para>
|
||||
|
||||
<refsect3>
|
||||
<title>CACHE ADD <replaceable>key</replaceable> <replaceable>data</replaceable> <replaceable>time-out</replaceable></title>
|
||||
|
||||
<para>Add specified key+data to the cache with the given timeout.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>CACHE DEL <replaceable>key</replaceable></title>
|
||||
|
||||
<para>Delete key from the cache.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>CACHE SET <replaceable>key</replaceable> <replaceable>data</replaceable> <replaceable>time-out</replaceable></title>
|
||||
|
||||
<para>Update data of existing cache entry.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>CACHE SEARCH <replaceable>PATTERN</replaceable></title>
|
||||
|
||||
<para>Search for the specified pattern in the cache data.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>CACHE LIST</title>
|
||||
|
||||
<para>
|
||||
List all current items in the cache.
|
||||
</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>CACHE FLUSH</title>
|
||||
|
||||
<para>Remove all the current items from the cache.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>GETLOCALSID [DOMAIN]</title>
|
||||
|
||||
<para>Print the SID of the specified domain, or if the parameter is
|
||||
omitted, the SID of the domain the local server is in.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>SETLOCALSID S-1-5-21-x-y-z</title>
|
||||
|
||||
<para>Sets domain sid for the local server to the specified SID.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>GROUPMAP</title>
|
||||
|
||||
<para>Manage the mappings between Windows group SIDs and UNIX groups.
|
||||
Parameters take the for "parameter=value". Common options include:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>unixgroup - Name of the UNIX group</para></listitem>
|
||||
<listitem><para>ntgroup - Name of the Windows NT group (must be
|
||||
resolvable to a SID</para></listitem>
|
||||
<listitem><para>rid - Unsigned 32-bit integer</para></listitem>
|
||||
<listitem><para>sid - Full SID in the form of "S-1-..."</para></listitem>
|
||||
<listitem><para>type - Type of the group; either 'domain', 'local',
|
||||
or 'builtin'</para></listitem>
|
||||
<listitem><para>comment - Freeform text description of the group</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<refsect3>
|
||||
<title>GROUPMAP ADD</title>
|
||||
|
||||
<para>Add a new group mapping entry</para>
|
||||
|
||||
<para>net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local|builtin}] [ntgroup=string] [comment=string]</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>GROUPMAP DELETE</title>
|
||||
|
||||
<para>Delete a group mapping entry</para>
|
||||
|
||||
<para>net groupmap delete {ntgroup=string|sid=SID}</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>GROUPMAP MODIFY</title>
|
||||
|
||||
<para>Update en existing group entry</para>
|
||||
|
||||
<para>net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [comment=string] [type={domain|local}</para>
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>GROUPMAP LIST</title>
|
||||
|
||||
<para>List existing group mapping entries</para>
|
||||
|
||||
<para>net groupmap list [verbose] [ntgroup=string] [sid=SID]</para>
|
||||
|
||||
</refsect3>
|
||||
</refsect2>
|
||||
|
||||
|
||||
|
||||
<refsect2>
|
||||
<title>MAXRID</title>
|
||||
|
||||
<para>Prints out the highest RID currently in use on the local
|
||||
server (by the active 'passdb backend').
|
||||
</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RPC INFO</title>
|
||||
|
||||
<para>Print information about the domain of the remote server,
|
||||
such as domain name, domain sid and number of users and groups.
|
||||
</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>[RPC|ADS] TESTJOIN</title>
|
||||
|
||||
<para>Check whether participation in a domain is still valid.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>[RPC|ADS] CHANGETRUSTPW</title>
|
||||
|
||||
<para>Force change of domain trust password.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RPC TRUSTDOM</title>
|
||||
|
||||
<refsect3>
|
||||
<title>RPC TRUSTDOM ADD <replaceable>DOMAIN</replaceable></title>
|
||||
|
||||
<para>Add a interdomain trust account for
|
||||
<replaceable>DOMAIN</replaceable> to the remote server.
|
||||
</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>RPC TRUSTDOM DEL <replaceable>DOMAIM</replaceable></title>
|
||||
|
||||
<para>Remove interdomain trust account for
|
||||
<replaceable>DOMAIN</replaceable> from the remote server.
|
||||
</para>
|
||||
|
||||
¬.implemented;
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>RPC TRUSTDOM ESTABLISH <replaceable>DOMAIN</replaceable></title>
|
||||
|
||||
<para>
|
||||
Establish a trust relationship to a trusting domain.
|
||||
Interdomain account must already be created on the remote PDC.
|
||||
</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>RPC TRUSTDOM REVOKE <replaceable>DOMAIN</replaceable></title>
|
||||
<para>Abandon relationship to trusted domain</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>RPC TRUSTDOM LIST</title>
|
||||
|
||||
<para>List all current interdomain trust relationships.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>RPC ABORTSHUTDOWN</title>
|
||||
|
||||
<para>Abort the shutdown of a remote server.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>SHUTDOWN [-t timeout] [-r] [-f] [-C message]</title>
|
||||
|
||||
<para>Shut down the remote server.</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-r</term>
|
||||
<listitem><para>
|
||||
Reboot after shutdown.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-f</term>
|
||||
<listitem><para>
|
||||
Force shutting down all applications.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-t timeout</term>
|
||||
<listitem><para>
|
||||
Timeout before system will be shut down. An interactive
|
||||
user of the system can use this time to cancel the shutdown.
|
||||
</para></listitem>
|
||||
</varlistentry>'>
|
||||
|
||||
<varlistentry>
|
||||
<term>-C message</term>
|
||||
<listitem><para>Display the specified message on the screen to
|
||||
announce the shutdown.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>SAMDUMP</title>
|
||||
|
||||
<para>Print out sam database of remote server. You need
|
||||
to run this on either a BDC. <!--
|
||||
Is that correct? - Jelmer --></para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>VAMPIRE</title>
|
||||
|
||||
<para>Export users, aliases and groups from remote server to
|
||||
local server. Can only be run an a BDC.
|
||||
</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>GETSID</title>
|
||||
|
||||
<para>Fetch domain SID and store it in the local <filename>secrets.tdb</filename>. </para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>ADS LEAVE</title>
|
||||
|
||||
<para>Make the remote host leave the domain it is part of. </para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>ADS STATUS</title>
|
||||
|
||||
<para>Print out status of machine account of the local machine in ADS.
|
||||
Prints out quite some debug info. Aimed at developers, regular
|
||||
users should use <command>NET ADS TESTJOIN</command>.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>ADS PRINTER</title>
|
||||
|
||||
<refsect3>
|
||||
<title>ADS PRINTER INFO [<replaceable>PRINTER</replaceable>] [<replaceable>SERVER</replaceable>]</title>
|
||||
|
||||
<para>
|
||||
Lookup info for <replaceable>PRINTER</replaceable> on <replaceable>SERVER</replaceable>. The printer name defaults to "*", the
|
||||
server name defaults to the local host.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>ADS PRINTER PUBLISH <replaceable>PRINTER</replaceable></title>
|
||||
|
||||
<para>Publish specified printer using ADS.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
<refsect3>
|
||||
<title>ADS PRINTER REMOVE <replaceable>PRINTER</replaceable></title>
|
||||
|
||||
<para>Remove specified printer from ADS directory.</para>
|
||||
|
||||
</refsect3>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>ADS SEARCH <replaceable>EXPRESSION</replaceable> <replaceable>ATTRIBUTES...</replaceable></title>
|
||||
|
||||
<para>Perform a raw LDAP search on a ADS server and dump the results. The
|
||||
expression is a standard LDAP search expression, and the
|
||||
attributes are a list of LDAP fields to show in the results.</para>
|
||||
|
||||
<para>Example: <userinput>net ads search '(objectCategory=group)' sAMAccountName</userinput>
|
||||
</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>ADS DN <replaceable>DN</replaceable> <replaceable>(attributes)</replaceable></title>
|
||||
|
||||
<para>
|
||||
Perform a raw LDAP search on a ADS server and dump the results. The
|
||||
DN standard LDAP DN, and the attributes are a list of LDAP fields
|
||||
to show in the result.
|
||||
</para>
|
||||
|
||||
<para>Example: <userinput>net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName</userinput></para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>WORKGROUP</title>
|
||||
|
||||
<para>Print out workgroup name for specified kerberos realm.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
|
||||
<refsect2>
|
||||
<title>HELP [COMMAND]</title>
|
||||
|
||||
<para>Gives usage information for the specified command.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is complete for version 3.0 of the Samba
|
||||
suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The net manpage was written by Jelmer Vernooij.</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,294 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="nmbd.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>nmbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>nmbd</refname>
|
||||
<refpurpose>NetBIOS name server to provide NetBIOS
|
||||
over IP naming services to clients</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nmbd</command>
|
||||
<arg choice="opt">-D</arg>
|
||||
<arg choice="opt">-F</arg>
|
||||
<arg choice="opt">-S</arg>
|
||||
<arg choice="opt">-a</arg>
|
||||
<arg choice="opt">-i</arg>
|
||||
<arg choice="opt">-o</arg>
|
||||
<arg choice="opt">-h</arg>
|
||||
<arg choice="opt">-V</arg>
|
||||
<arg choice="opt">-d <debug level></arg>
|
||||
<arg choice="opt">-H <lmhosts file></arg>
|
||||
<arg choice="opt">-l <log directory></arg>
|
||||
<arg choice="opt">-n <primary netbios name></arg>
|
||||
<arg choice="opt">-p <port number></arg>
|
||||
<arg choice="opt">-s <configuration file></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
<para>This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>nmbd</command> is a server that understands
|
||||
and can reply to NetBIOS over IP name service requests, like
|
||||
those produced by SMB/CIFS clients such as Windows 95/98/ME,
|
||||
Windows NT, Windows 2000, Windows XP and LanManager clients. It also
|
||||
participates in the browsing protocols which make up the
|
||||
Windows "Network Neighborhood" view.</para>
|
||||
|
||||
<para>SMB/CIFS clients, when they start up, may wish to
|
||||
locate an SMB/CIFS server. That is, they wish to know what
|
||||
IP number a specified host is using.</para>
|
||||
|
||||
<para>Amongst other services, <command>nmbd</command> will
|
||||
listen for such requests, and if its own NetBIOS name is
|
||||
specified it will respond with the IP number of the host it
|
||||
is running on. Its "own NetBIOS name" is by
|
||||
default the primary DNS name of the host it is running on,
|
||||
but this can be overridden with the <emphasis>-n</emphasis>
|
||||
option (see OPTIONS below). Thus <command>nmbd</command> will
|
||||
reply to broadcast queries for its own name(s). Additional
|
||||
names for <command>nmbd</command> to respond on can be set
|
||||
via parameters in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> configuration file.</para>
|
||||
|
||||
<para><command>nmbd</command> can also be used as a WINS
|
||||
(Windows Internet Name Server) server. What this basically means
|
||||
is that it will act as a WINS database server, creating a
|
||||
database from name registration requests that it receives and
|
||||
replying to queries from clients for these names.</para>
|
||||
|
||||
<para>In addition, <command>nmbd</command> can act as a WINS
|
||||
proxy, relaying broadcast queries from clients that do
|
||||
not understand how to talk the WINS protocol to a WINS
|
||||
server.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-D</term>
|
||||
<listitem><para>If specified, this parameter causes
|
||||
<command>nmbd</command> to operate as a daemon. That is,
|
||||
it detaches itself and runs in the background, fielding
|
||||
requests on the appropriate port. By default, <command>nmbd</command>
|
||||
will operate as a daemon if launched from a command shell.
|
||||
nmbd can also be operated from the <command>inetd</command>
|
||||
meta-daemon, although this is not recommended.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-F</term>
|
||||
<listitem><para>If specified, this parameter causes
|
||||
the main <command>nmbd</command> process to not daemonize,
|
||||
i.e. double-fork and disassociate with the terminal.
|
||||
Child processes are still created as normal to service
|
||||
each connection request, but the main process does not
|
||||
exit. This operation mode is suitable for running
|
||||
<command>nmbd</command> under process supervisors such
|
||||
as <command>supervise</command> and <command>svscan</command>
|
||||
from Daniel J. Bernstein's <command>daemontools</command>
|
||||
package, or the AIX process monitor.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-S</term>
|
||||
<listitem><para>If specified, this parameter causes
|
||||
<command>nmbd</command> to log to standard output rather
|
||||
than a file.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-i</term>
|
||||
<listitem><para>If this parameter is specified it causes the
|
||||
server to run "interactively", not as a daemon, even if the
|
||||
server is executed on the command line of a shell. Setting this
|
||||
parameter negates the implicit daemon mode when run from the
|
||||
command line. <command>nmbd</command> also logs to standard
|
||||
output, as if the <constant>-S</constant> parameter had been
|
||||
given. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.help;
|
||||
|
||||
<varlistentry>
|
||||
<term>-H <filename></term>
|
||||
<listitem><para>NetBIOS lmhosts file. The lmhosts
|
||||
file is a list of NetBIOS names to IP addresses that
|
||||
is loaded by the nmbd server and used via the name
|
||||
resolution mechanism <smbconfoption><name>name resolve order</name></smbconfoption> described in <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> to resolve any
|
||||
NetBIOS name queries needed by the server. Note
|
||||
that the contents of this file are <emphasis>NOT</emphasis>
|
||||
used by <command>nmbd</command> to answer any name queries.
|
||||
Adding a line to this file affects name NetBIOS resolution
|
||||
from this host <emphasis>ONLY</emphasis>.</para>
|
||||
|
||||
<para>The default path to this file is compiled into
|
||||
Samba as part of the build process. Common defaults
|
||||
are <filename>/usr/local/samba/lib/lmhosts</filename>,
|
||||
<filename>/usr/samba/lib/lmhosts</filename> or
|
||||
<filename>/etc/samba/lmhosts</filename>. See the <citerefentry><refentrytitle>lmhosts</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> man page for details on the contents of this file.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&popt.common.samba;
|
||||
|
||||
<varlistentry>
|
||||
<term>-p <UDP port number></term>
|
||||
<listitem><para>UDP port number is a positive integer value.
|
||||
This option changes the default UDP port number (normally 137)
|
||||
that <command>nmbd</command> responds to name queries on. Don't
|
||||
use this option unless you are an expert, in which case you
|
||||
won't need help!</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>FILES</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><filename>/etc/inetd.conf</filename></term>
|
||||
<listitem><para>If the server is to be run by the
|
||||
<command>inetd</command> meta-daemon, this file
|
||||
must contain suitable startup information for the
|
||||
meta-daemon.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>/etc/rc</filename></term>
|
||||
<listitem><para>or whatever initialization script your
|
||||
system uses).</para>
|
||||
|
||||
<para>If running the server as a daemon at startup,
|
||||
this file will need to contain an appropriate startup
|
||||
sequence for the server.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>/etc/services</filename></term>
|
||||
<listitem><para>If running the server via the
|
||||
meta-daemon <command>inetd</command>, this file
|
||||
must contain a mapping of service name (e.g., netbios-ssn)
|
||||
to service port (e.g., 139) and protocol type (e.g., tcp).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>/usr/local/samba/lib/smb.conf</filename></term>
|
||||
<listitem><para>This is the default location of
|
||||
the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> server
|
||||
configuration file. Other common places that systems
|
||||
install this file are <filename>/usr/samba/lib/smb.conf</filename>
|
||||
and <filename>/etc/samba/smb.conf</filename>.</para>
|
||||
|
||||
<para>When run as a WINS server (see the
|
||||
<smbconfoption><name>wins support</name></smbconfoption>
|
||||
parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> man page),
|
||||
<command>nmbd</command>
|
||||
will store the WINS database in the file <filename>wins.dat</filename>
|
||||
in the <filename>var/locks</filename> directory configured under
|
||||
wherever Samba was configured to install itself.</para>
|
||||
|
||||
<para>If <command>nmbd</command> is acting as a <emphasis>
|
||||
browse master</emphasis> (see the <smbconfoption><name>local master</name></smbconfoption>
|
||||
parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> man page, <command>nmbd</command>
|
||||
will store the browsing database in the file <filename>browse.dat
|
||||
</filename> in the <filename>var/locks</filename> directory
|
||||
configured under wherever Samba was configured to install itself.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SIGNALS</title>
|
||||
|
||||
<para>To shut down an <command>nmbd</command> process it is recommended
|
||||
that SIGKILL (-9) <emphasis>NOT</emphasis> be used, except as a last
|
||||
resort, as this may leave the name database in an inconsistent state.
|
||||
The correct way to terminate <command>nmbd</command> is to send it
|
||||
a SIGTERM (-15) signal and wait for it to die on its own.</para>
|
||||
|
||||
<para><command>nmbd</command> will accept SIGHUP, which will cause
|
||||
it to dump out its namelists into the file <filename>namelist.debug
|
||||
</filename> in the <filename>/usr/local/samba/var/locks</filename>
|
||||
directory (or the <filename>var/locks</filename> directory configured
|
||||
under wherever Samba was configured to install itself). This will also
|
||||
cause <command>nmbd</command> to dump out its server database in
|
||||
the <filename>log.nmb</filename> file.</para>
|
||||
|
||||
<para>The debug log level of nmbd may be raised or lowered
|
||||
using <citerefentry><refentrytitle>smbcontrol</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry> (SIGUSR[1|2] signals
|
||||
are no longer used since Samba 2.2). This is to allow
|
||||
transient problems to be diagnosed, whilst still running
|
||||
at a normally low log level.</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para>
|
||||
<citerefentry><refentrytitle>inetd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>, and the Internet
|
||||
RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>.
|
||||
In addition the CIFS (formerly SMB) specification is available
|
||||
as a link from the Web page <ulink noescape="1" url="http://samba.org/cifs/">
|
||||
http://samba.org/cifs/</ulink>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
|
||||
XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,223 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="nmblookup">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>nmblookup</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>nmblookup</refname>
|
||||
<refpurpose>NetBIOS over TCP/IP client used to lookup NetBIOS
|
||||
names</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nmblookup</command>
|
||||
<arg choice="opt">-M</arg>
|
||||
<arg choice="opt">-R</arg>
|
||||
<arg choice="opt">-S</arg>
|
||||
<arg choice="opt">-r</arg>
|
||||
<arg choice="opt">-A</arg>
|
||||
<arg choice="opt">-h</arg>
|
||||
<arg choice="opt">-B <broadcast address></arg>
|
||||
<arg choice="opt">-U <unicast address></arg>
|
||||
<arg choice="opt">-d <debug level></arg>
|
||||
<arg choice="opt">-s <smb config file></arg>
|
||||
<arg choice="opt">-i <NetBIOS scope></arg>
|
||||
<arg choice="opt">-T</arg>
|
||||
<arg choice="opt">-f</arg>
|
||||
<arg choice="req">name</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>nmblookup</command> is used to query NetBIOS names
|
||||
and map them to IP addresses in a network using NetBIOS over TCP/IP
|
||||
queries. The options allow the name queries to be directed at a
|
||||
particular IP broadcast area or to a particular machine. All queries
|
||||
are done over UDP.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-M</term>
|
||||
<listitem><para>Searches for a master browser by looking
|
||||
up the NetBIOS name <replaceable>name</replaceable> with a
|
||||
type of <constant>0x1d</constant>. If <replaceable>
|
||||
name</replaceable> is "-" then it does a lookup on the special name
|
||||
<constant>__MSBROWSE__</constant>. Please note that in order to
|
||||
use the name "-", you need to make sure "-" isn't parsed as an
|
||||
argument, e.g. use :
|
||||
<userinput>nmblookup -M -- -</userinput>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-R</term>
|
||||
<listitem><para>Set the recursion desired bit in the packet
|
||||
to do a recursive lookup. This is used when sending a name
|
||||
query to a machine running a WINS server and the user wishes
|
||||
to query the names in the WINS server. If this bit is unset
|
||||
the normal (broadcast responding) NetBIOS processing code
|
||||
on a machine is used instead. See RFC1001, RFC1002 for details.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-S</term>
|
||||
<listitem><para>Once the name query has returned an IP
|
||||
address then do a node status query as well. A node status
|
||||
query returns the NetBIOS names registered by a host.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-r</term>
|
||||
<listitem><para>Try and bind to UDP port 137 to send and receive UDP
|
||||
datagrams. The reason for this option is a bug in Windows 95
|
||||
where it ignores the source port of the requesting packet
|
||||
and only replies to UDP port 137. Unfortunately, on most UNIX
|
||||
systems root privilege is needed to bind to this port, and
|
||||
in addition, if the <citerefentry><refentrytitle>nmbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> daemon is running on this machine it also binds to this port.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-A</term>
|
||||
<listitem><para>Interpret <replaceable>name</replaceable> as
|
||||
an IP Address and do a node status query on this address.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
&popt.common.connection;
|
||||
&stdarg.help;
|
||||
|
||||
<varlistentry>
|
||||
<term>-B <broadcast address></term>
|
||||
<listitem><para>Send the query to the given broadcast address. Without
|
||||
this option the default behavior of nmblookup is to send the
|
||||
query to the broadcast address of the network interfaces as
|
||||
either auto-detected or defined in the <ulink
|
||||
url="smb.conf.5.html#INTERFACES"><parameter>interfaces</parameter>
|
||||
</ulink> parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-U <unicast address></term>
|
||||
<listitem><para>Do a unicast query to the specified address or
|
||||
host <replaceable>unicast address</replaceable>. This option
|
||||
(along with the <parameter>-R</parameter> option) is needed to
|
||||
query a WINS server.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
&popt.common.samba;
|
||||
|
||||
<varlistentry>
|
||||
<term>-T</term>
|
||||
<listitem><para>This causes any IP addresses found in the
|
||||
lookup to be looked up via a reverse DNS lookup into a
|
||||
DNS name, and printed out before each</para>
|
||||
|
||||
<para><emphasis>IP address .... NetBIOS name</emphasis></para>
|
||||
|
||||
<para> pair that is the normal output.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-f</term>
|
||||
<listitem><para>
|
||||
Show which flags apply to the name that has been looked up. Possible
|
||||
answers are zero or more of: Response, Authoritative,
|
||||
Truncated, Recursion_Desired, Recursion_Available, Broadcast.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>name</term>
|
||||
<listitem><para>This is the NetBIOS name being queried. Depending
|
||||
upon the previous options this may be a NetBIOS name or IP address.
|
||||
If a NetBIOS name then the different name types may be specified
|
||||
by appending '#<type>' to the name. This name may also be
|
||||
'*', which will return all registered names within a broadcast
|
||||
area.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>EXAMPLES</title>
|
||||
|
||||
<para><command>nmblookup</command> can be used to query
|
||||
a WINS server (in the same way <command>nslookup</command> is
|
||||
used to query DNS servers). To query a WINS server, <command>nmblookup</command>
|
||||
must be called like this:</para>
|
||||
|
||||
<para><command>nmblookup -U server -R 'name'</command></para>
|
||||
|
||||
<para>For example, running :</para>
|
||||
|
||||
<para><command>nmblookup -U samba.org -R 'IRIX#1B'</command></para>
|
||||
|
||||
<para>would query the WINS server samba.org for the domain
|
||||
master browser (1B name type) for the IRIX workgroup.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>nmbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>, and <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
|
||||
XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,233 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="ntlm-auth.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>ntlm_auth</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>ntlm_auth</refname>
|
||||
<refpurpose>tool to allow external access to Winbind's NTLM authentication function</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>ntlm_auth</command>
|
||||
<arg choice="opt">-d debuglevel</arg>
|
||||
<arg choice="opt">-l logfile</arg>
|
||||
<arg choice="opt">-s <smb config file></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>ntlm_auth</command> is a helper utility that authenticates
|
||||
users using NT/LM authentication. It returns 0 if the users is authenticated
|
||||
successfully and 1 if access was denied. ntlm_auth uses winbind to access
|
||||
the user and authentication data for a domain. This utility
|
||||
is only indended to be used by other programs (currently squid).
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPERATIONAL REQUIREMENTS</title>
|
||||
|
||||
<para>
|
||||
The <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> daemon must be operational
|
||||
for many of these commands to function.</para>
|
||||
|
||||
<para>Some of these commands also require access to the directory
|
||||
<filename>winbindd_privileged</filename> in
|
||||
<filename>$LOCKDIR</filename>. This should be done either by running
|
||||
this command as root or providing group access
|
||||
to the <filename>winbindd_privileged</filename> directory. For
|
||||
security reasons, this directory should not be world-accessable. </para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>--helper-protocol=PROTO</term>
|
||||
<listitem><para>
|
||||
Operate as a stdio-based helper. Valid helper protocols are:
|
||||
</para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>squid-2.4-basic</term>
|
||||
<listitem><para>
|
||||
Server-side helper for use with Squid 2.4's basic (plaintext)
|
||||
authentication. </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>squid-2.5-basic</term>
|
||||
<listitem><para>
|
||||
Server-side helper for use with Squid 2.5's basic (plaintext)
|
||||
authentication. </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>squid-2.5-ntlmssp</term>
|
||||
<listitem><para>
|
||||
Server-side helper for use with Squid 2.5's NTLMSSP
|
||||
authentication. </para>
|
||||
<para>Requires access to the directory
|
||||
<filename>winbindd_privileged</filename> in
|
||||
<filename>$LOCKDIR</filename>. The protocol used is
|
||||
described here: <ulink
|
||||
url="http://devel.squid-cache.org/ntlm/squid_helper_protocol.html">http://devel.squid-cache.org/ntlm/squid_helper_protocol.html</ulink>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>gss-spengo</term>
|
||||
<listitem><para>
|
||||
Server-side helper that implements GSS-SPNEGO. This
|
||||
also uses the same as
|
||||
<command>squid-2.5-ntlmssp</command> and is described
|
||||
here:
|
||||
<ulink
|
||||
url="http://devel.squid-cache.org/ntlm/squid_helper_protocol.html">http://devel.squid-cache.org/ntlm/squid_helper_protocol.html</ulink>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>gss-spengo-client</term>
|
||||
<listitem><para>
|
||||
Client-side helper that implements GSS-SPNEGO. This
|
||||
also uses a protocol similar to the above helpers, but
|
||||
is currently undocumented.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--username=USERNAME</term>
|
||||
<listitem><para>
|
||||
Specify username of user to authenticate
|
||||
</para></listitem>
|
||||
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--domain=DOMAIN</term>
|
||||
<listitem><para>
|
||||
Specify domain of user to authenticate
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--workstation=WORKSTATION</term>
|
||||
<listitem><para>
|
||||
Specify the workstation the user authenticated from
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--challenge=STRING</term>
|
||||
<listitem><para>NTLM challenge (in HEXADECIMAL)</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--lm-response=RESPONSE</term>
|
||||
<listitem><para>LM Response to the challenge (in HEXADECIMAL)</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--nt-response=RESPONSE</term>
|
||||
<listitem><para>NT or NTLMv2 Response to the challenge (in HEXADECIMAL)</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--password=PASSWORD</term>
|
||||
<listitem><para>User's plaintext password</para><para>If
|
||||
not specified on the command line, this is prompted for when
|
||||
required. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--request-lm-key</term>
|
||||
<listitem><para>Retreive LM session key</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--request-nt-key</term>
|
||||
<listitem><para>Request NT key</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--diagnostics</term>
|
||||
<listitem><para>Perform Diagnostics on the authentication
|
||||
chain. Uses the password from <command>--password</command>
|
||||
or prompts for one.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
&popt.common.samba;
|
||||
&stdarg.help;
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>EXAMPLE SETUP</title>
|
||||
|
||||
<para>To setup ntlm_auth for use by squid 2.5, with both basic and
|
||||
NTLMSSP authentication, the following
|
||||
should be placed in the <filename>squid.conf</filename> file.
|
||||
<programlisting>
|
||||
auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp
|
||||
auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic
|
||||
auth_param basic children 5
|
||||
auth_param basic realm Squid proxy-caching web server
|
||||
auth_param basic credentialsttl 2 hours
|
||||
</programlisting></para>
|
||||
|
||||
<note><para>This example assumes that ntlm_auth has been installed into your
|
||||
path, and that the group permissions on
|
||||
<filename>winbindd_privileged</filename> are as described above.</para></note>
|
||||
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba
|
||||
suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The ntlm_auth manpage was written by Jelmer Vernooij and
|
||||
Andrew Bartlett.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,398 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="pdbedit.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>pdbedit</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>pdbedit</refname>
|
||||
<refpurpose>manage the SAM database</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>pdbedit</command>
|
||||
<arg choice="opt">-L</arg>
|
||||
<arg choice="opt">-v</arg>
|
||||
<arg choice="opt">-w</arg>
|
||||
<arg choice="opt">-u username</arg>
|
||||
<arg choice="opt">-f fullname</arg>
|
||||
<arg choice="opt">-h homedir</arg>
|
||||
<arg choice="opt">-D drive</arg>
|
||||
<arg choice="opt">-S script</arg>
|
||||
<arg choice="opt">-p profile</arg>
|
||||
<arg choice="opt">-a</arg>
|
||||
<arg choice="opt">-m</arg>
|
||||
<arg choice="opt">-r</arg>
|
||||
<arg choice="opt">-x</arg>
|
||||
<arg choice="opt">-i passdb-backend</arg>
|
||||
<arg choice="opt">-e passdb-backend</arg>
|
||||
<arg choice="opt">-b passdb-backend</arg>
|
||||
<arg choice="opt">-g</arg>
|
||||
<arg choice="opt">-d debuglevel</arg>
|
||||
<arg choice="opt">-s configfile</arg>
|
||||
<arg choice="opt">-P account-policy</arg>
|
||||
<arg choice="opt">-C value</arg>
|
||||
<arg choice="opt">-c account-control</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para>The pdbedit program is used to manage the users accounts
|
||||
stored in the sam database and can only be run by root.</para>
|
||||
|
||||
<para>The pdbedit tool uses the passdb modular interface and is
|
||||
independent from the kind of users database used (currently there
|
||||
are smbpasswd, ldap, nis+ and tdb based and more can be added
|
||||
without changing the tool).</para>
|
||||
|
||||
<para>There are five main ways to use pdbedit: adding a user account,
|
||||
removing a user account, modifing a user account, listing user
|
||||
accounts, importing users accounts.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-L</term>
|
||||
<listitem><para>This option lists all the user accounts
|
||||
present in the users database.
|
||||
This option prints a list of user/uid pairs separated by
|
||||
the ':' character.</para>
|
||||
<para>Example: <command>pdbedit -L</command></para>
|
||||
<para><screen>
|
||||
sorce:500:Simo Sorce
|
||||
samba:45:Test User
|
||||
</screen></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-v</term>
|
||||
<listitem><para>This option enables the verbose listing format.
|
||||
It causes pdbedit to list the users in the database, printing
|
||||
out the account fields in a descriptive format.</para>
|
||||
|
||||
<para>Example: <command>pdbedit -L -v</command></para>
|
||||
<para><screen>
|
||||
---------------
|
||||
username: sorce
|
||||
user ID/Group: 500/500
|
||||
user RID/GRID: 2000/2001
|
||||
Full Name: Simo Sorce
|
||||
Home Directory: \\BERSERKER\sorce
|
||||
HomeDir Drive: H:
|
||||
Logon Script: \\BERSERKER\netlogon\sorce.bat
|
||||
Profile Path: \\BERSERKER\profile
|
||||
---------------
|
||||
username: samba
|
||||
user ID/Group: 45/45
|
||||
user RID/GRID: 1090/1091
|
||||
Full Name: Test User
|
||||
Home Directory: \\BERSERKER\samba
|
||||
HomeDir Drive:
|
||||
Logon Script:
|
||||
Profile Path: \\BERSERKER\profile
|
||||
</screen></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-w</term>
|
||||
<listitem><para>This option sets the "smbpasswd" listing format.
|
||||
It will make pdbedit list the users in the database, printing
|
||||
out the account fields in a format compatible with the
|
||||
<filename>smbpasswd</filename> file format. (see the
|
||||
<citerefentry><refentrytitle>smbpasswd</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for details)</para>
|
||||
|
||||
<para>Example: <command>pdbedit -L -w</command></para>
|
||||
<screen>
|
||||
sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000:
|
||||
samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D:
|
||||
</screen>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-u username</term>
|
||||
<listitem><para>This option specifies the username to be
|
||||
used for the operation requested (listing, adding, removing).
|
||||
It is <emphasis>required</emphasis> in add, remove and modify
|
||||
operations and <emphasis>optional</emphasis> in list
|
||||
operations.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-f fullname</term>
|
||||
<listitem><para>This option can be used while adding or
|
||||
modifing a user account. It will specify the user's full
|
||||
name. </para>
|
||||
|
||||
<para>Example: <command>-f "Simo Sorce"</command></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-h homedir</term>
|
||||
<listitem><para>This option can be used while adding or
|
||||
modifing a user account. It will specify the user's home
|
||||
directory network path.</para>
|
||||
|
||||
<para>Example: <command>-h "\\\\BERSERKER\\sorce"</command>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-D drive</term>
|
||||
<listitem><para>This option can be used while adding or
|
||||
modifing a user account. It will specify the windows drive
|
||||
letter to be used to map the home directory.</para>
|
||||
|
||||
<para>Example: <command>-d "H:"</command>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-S script</term>
|
||||
<listitem><para>This option can be used while adding or
|
||||
modifing a user account. It will specify the user's logon
|
||||
script path.</para>
|
||||
|
||||
<para>Example: <command>-s "\\\\BERSERKER\\netlogon\\sorce.bat"</command>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-p profile</term>
|
||||
<listitem><para>This option can be used while adding or
|
||||
modifing a user account. It will specify the user's profile
|
||||
directory.</para>
|
||||
|
||||
<para>Example: <command>-p "\\\\BERSERKER\\netlogon"</command>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-G SID|rid</term>
|
||||
<listitem><para>
|
||||
This option can be used while adding or modifying a user account. It
|
||||
will specify the users' new primary group SID (Security Identifier) or
|
||||
rid. </para>
|
||||
|
||||
<para>Example: <command>-G S-1-5-21-2447931902-1787058256-3961074038-1201</command></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-U SID|rid</term>
|
||||
<listitem><para>
|
||||
This option can be used while adding or modifying a user account. It
|
||||
will specify the users' new SID (Security Identifier) or
|
||||
rid. </para>
|
||||
|
||||
<para>Example: <command>-U S-1-5-21-2447931902-1787058256-3961074038-5004</command></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-c account-control</term>
|
||||
<listitem><para>This option can be used while adding or modifying a user
|
||||
account. It will specify the users' account control property. Possible
|
||||
flags that can be set are: N, D, H, L, X.
|
||||
</para>
|
||||
|
||||
<para>Example: <command>-c "[X ]"</command></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-a</term>
|
||||
<listitem><para>This option is used to add a user into the
|
||||
database. This command needs a user name specified with
|
||||
the -u switch. When adding a new user, pdbedit will also
|
||||
ask for the password to be used.</para>
|
||||
|
||||
<para>Example: <command>pdbedit -a -u sorce</command>
|
||||
<programlisting>new password:
|
||||
retype new password
|
||||
</programlisting>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-r</term>
|
||||
<listitem><para>This option is used to modify an existing user
|
||||
in the database. This command needs a user name specified with the -u
|
||||
switch. Other options can be specified to modify the properties of
|
||||
the specified user. This flag is kept for backwards compatibility, but
|
||||
it is no longer necessary to specify it.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-m</term>
|
||||
<listitem><para>This option may only be used in conjunction
|
||||
with the <parameter>-a</parameter> option. It will make
|
||||
pdbedit to add a machine trust account instead of a user
|
||||
account (-u username will provide the machine name).</para>
|
||||
|
||||
<para>Example: <command>pdbedit -a -m -u w2k-wks</command>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-x</term>
|
||||
<listitem><para>This option causes pdbedit to delete an account
|
||||
from the database. It needs a username specified with the
|
||||
-u switch.</para>
|
||||
|
||||
<para>Example: <command>pdbedit -x -u bob</command></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-i passdb-backend</term>
|
||||
<listitem><para>Use a different passdb backend to retrieve users
|
||||
than the one specified in smb.conf. Can be used to import data into
|
||||
your local user database.</para>
|
||||
|
||||
<para>This option will ease migration from one passdb backend to
|
||||
another.</para>
|
||||
|
||||
<para>Example: <command>pdbedit -i smbpasswd:/etc/smbpasswd.old
|
||||
</command></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-e passdb-backend</term>
|
||||
<listitem><para>Exports all currently available users to the
|
||||
specified password database backend.</para>
|
||||
|
||||
<para>This option will ease migration from one passdb backend to
|
||||
another and will ease backing up.</para>
|
||||
|
||||
<para>Example: <command>pdbedit -e smbpasswd:/root/samba-users.backup</command></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-g</term>
|
||||
<listitem><para>If you specify <parameter>-g</parameter>,
|
||||
then <parameter>-i in-backend -e out-backend</parameter>
|
||||
applies to the group mapping instead of the user database.</para>
|
||||
|
||||
<para>This option will ease migration from one passdb backend to
|
||||
another and will ease backing up.</para>
|
||||
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-b passdb-backend</term>
|
||||
<listitem><para>Use a different default passdb backend. </para>
|
||||
|
||||
<para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-P account-policy</term>
|
||||
<listitem><para>Display an account policy</para>
|
||||
<para>Valid policies are: minimum password age, reset count minutes, disconnect time,
|
||||
user must logon to change password, password history, lockout duration, min password length,
|
||||
maximum password age and bad lockout attempt.</para>
|
||||
|
||||
<para>Example: <command>pdbedit -P "bad lockout attempt"</command></para>
|
||||
<para><programlisting>
|
||||
account policy value for bad lockout attempt is 0
|
||||
</programlisting></para>
|
||||
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-C account-policy-value</term>
|
||||
<listitem><para>Sets an account policy to a specified value.
|
||||
This option may only be used in conjunction
|
||||
with the <parameter>-P</parameter> option.
|
||||
</para>
|
||||
|
||||
<para>Example: <command>pdbedit -P "bad lockout attempt" -C 3</command></para>
|
||||
<para><programlisting>
|
||||
account policy value for bad lockout attempt was 0
|
||||
account policy value for bad lockout attempt is now 3
|
||||
</programlisting></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.help;
|
||||
&popt.common.samba;
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>NOTES</title>
|
||||
|
||||
<para>This command may be used only by root.</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>smbpasswd</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry></para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,88 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="profiles.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>profiles</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>profiles</refname>
|
||||
<refpurpose>A utility to report and change SIDs in registry files
|
||||
</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>profiles</command>
|
||||
<arg choice="opt">-v</arg>
|
||||
<arg choice="opt">-c SID</arg>
|
||||
<arg choice="opt">-n SID</arg>
|
||||
<arg choice="req">file</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>profiles</command> is a utility that
|
||||
reports and changes SIDs in windows registry files. It currently only
|
||||
supports NT.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>file</term>
|
||||
<listitem><para>Registry file to view or edit. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-v,--verbose</term>
|
||||
<listitem><para>Increases verbosity of messages.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-c SID1 -n SID2</term>
|
||||
<listitem><para>Change all occurences of SID1 in <filename>file</filename> by SID2.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.help;
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba
|
||||
suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The profiles man page was written by Jelmer Vernooij. </para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,469 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="rpcclient.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>rpcclient</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>rpcclient</refname>
|
||||
<refpurpose>tool for executing client side
|
||||
MS-RPC functions</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>rpcclient</command>
|
||||
<arg choice="opt">-A authfile</arg>
|
||||
<arg choice="opt">-c <command string></arg>
|
||||
<arg choice="opt">-d debuglevel</arg>
|
||||
<arg choice="opt">-h</arg>
|
||||
<arg choice="opt">-l logfile</arg>
|
||||
<arg choice="opt">-N</arg>
|
||||
<arg choice="opt">-s <smb config file></arg>
|
||||
<arg choice="opt">-U username[%password]</arg>
|
||||
<arg choice="opt">-W workgroup</arg>
|
||||
<arg choice="opt">-N</arg>
|
||||
<arg choice="opt">-I destinationIP</arg>
|
||||
<arg choice="req">server</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>rpcclient</command> is a utility initially developed
|
||||
to test MS-RPC functionality in Samba itself. It has undergone
|
||||
several stages of development and stability. Many system administrators
|
||||
have now written scripts around it to manage Windows NT clients from
|
||||
their UNIX workstation. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>server</term>
|
||||
<listitem><para>NetBIOS name of Server to which to connect.
|
||||
The server can be any SMB/CIFS server. The name is
|
||||
resolved using the <smbconfoption><name>name resolve order</name></smbconfoption> line from <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-c|--command='command string'</term>
|
||||
<listitem><para>execute semicolon separated commands (listed
|
||||
below)) </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-I IP-address</term>
|
||||
<listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to.
|
||||
It should be specified in standard "a.b.c.d" notation. </para>
|
||||
|
||||
<para>Normally the client would attempt to locate a named
|
||||
SMB/CIFS server by looking it up via the NetBIOS name resolution
|
||||
mechanism described above in the <parameter>name resolve order</parameter>
|
||||
parameter above. Using this parameter will force the client
|
||||
to assume that the server is on the machine with the specified IP
|
||||
address and the NetBIOS name component of the resource being
|
||||
connected to will be ignored. </para>
|
||||
|
||||
<para>There is no default for this parameter. If not supplied,
|
||||
it will be determined automatically by the client as described
|
||||
above. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&popt.common.samba;
|
||||
&popt.common.credentials;
|
||||
&popt.common.connection;
|
||||
&stdarg.help;
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>COMMANDS</title>
|
||||
|
||||
<refsect2>
|
||||
<title>LSARPC</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry><term>lsaquery</term><listitem><para>Query info policy</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>lookupsids</term><listitem><para>Resolve a list
|
||||
of SIDs to usernames.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>lookupnames</term><listitem><para>Resolve a list
|
||||
of usernames to SIDs.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>enumtrusts</term><listitem><para>Enumerate trusted domains</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>enumprivs</term><listitem><para>Enumerate privileges</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>getdispname</term><listitem><para>Get the privilege name</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>lsaenumsid</term><listitem><para>Enumerate the LSA SIDS</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>lsaenumprivsaccount</term><listitem><para>Enumerate the privileges of an SID</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>lsaenumacctrights</term><listitem><para>Enumerate the rights of an SID</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>lsaenumacctwithright</term><listitem><para>Enumerate accounts with a right</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>lsaaddacctrights</term><listitem><para>Add rights to an account</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>lsaremoveacctrights</term><listitem><para>Remove rights from an account</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>lsalookupprivvalue</term><listitem><para>Get a privilege value given its name</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>lsaquerysecobj</term><listitem><para>Query LSA security object</para></listitem></varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>LSARPC-DS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry><term>dsroledominfo</term><listitem><para>Get Primary Domain Information</para></listitem></varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para> </para>
|
||||
|
||||
<para><emphasis>DFS</emphasis></para>
|
||||
<variablelist>
|
||||
<varlistentry><term>dfsexist</term><listitem><para>Query DFS support</para></listitem></varlistentry>
|
||||
<varlistentry><term>dfsadd</term><listitem><para>Add a DFS share</para></listitem></varlistentry>
|
||||
<varlistentry><term>dfsremove</term><listitem><para>Remove a DFS share</para></listitem></varlistentry>
|
||||
<varlistentry><term>dfsgetinfo</term><listitem><para>Query DFS share info</para></listitem></varlistentry>
|
||||
<varlistentry><term>dfsenum</term><listitem><para>Enumerate dfs shares</para></listitem></varlistentry>
|
||||
</variablelist>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>REG</title>
|
||||
<variablelist>
|
||||
<varlistentry><term>shutdown</term><listitem><para>Remote Shutdown</para></listitem></varlistentry>
|
||||
<varlistentry><term>abortshutdown</term><listitem><para>Abort Shutdown</para></listitem></varlistentry>
|
||||
</variablelist>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>SRVSVC</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry><term>srvinfo</term><listitem><para>Server query info</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>netshareenum</term><listitem><para>Enumerate shares</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>netfileenum</term><listitem><para>Enumerate open files</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>netremotetod</term><listitem><para>Fetch remote time of day</para></listitem></varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>SAMR</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry><term>queryuser</term><listitem><para>Query user info</para></listitem></varlistentry>
|
||||
<varlistentry><term>querygroup</term><listitem><para>Query group info</para></listitem></varlistentry>
|
||||
<varlistentry><term>queryusergroups</term><listitem><para>Query user groups</para></listitem></varlistentry>
|
||||
<varlistentry><term>querygroupmem</term><listitem><para>Query group membership</para></listitem></varlistentry>
|
||||
<varlistentry><term>queryaliasmem</term><listitem><para>Query alias membership</para></listitem></varlistentry>
|
||||
<varlistentry><term>querydispinfo</term><listitem><para>Query display info</para></listitem></varlistentry>
|
||||
<varlistentry><term>querydominfo</term><listitem><para>Query domain info</para></listitem></varlistentry>
|
||||
<varlistentry><term>enumdomusers</term><listitem><para>Enumerate domain users</para></listitem></varlistentry>
|
||||
<varlistentry><term>enumdomgroups</term><listitem><para>Enumerate domain groups</para></listitem></varlistentry>
|
||||
<varlistentry><term>enumalsgroups</term><listitem><para>Enumerate alias groups</para></listitem></varlistentry>
|
||||
<varlistentry><term>createdomuser</term><listitem><para>Create domain user</para></listitem></varlistentry>
|
||||
<varlistentry><term>samlookupnames</term><listitem><para>Look up names</para></listitem></varlistentry>
|
||||
<varlistentry><term>samlookuprids</term><listitem><para>Look up names</para></listitem></varlistentry>
|
||||
<varlistentry><term>deletedomuser</term><listitem><para>Delete domain user</para></listitem></varlistentry>
|
||||
<varlistentry><term>samquerysecobj</term><listitem><para>Query SAMR security object</para></listitem></varlistentry>
|
||||
<varlistentry><term>getdompwinfo</term><listitem><para>Retrieve domain password info</para></listitem></varlistentry>
|
||||
<varlistentry><term>lookupdomain</term><listitem><para>Look up domain</para></listitem></varlistentry>
|
||||
</variablelist>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>SPOOLSS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry><term>adddriver <arch> <config></term>
|
||||
<listitem><para>
|
||||
Execute an AddPrinterDriver() RPC to install the printer driver
|
||||
information on the server. Note that the driver files should
|
||||
already exist in the directory returned by
|
||||
<command>getdriverdir</command>. Possible values for
|
||||
<parameter>arch</parameter> are the same as those for
|
||||
the <command>getdriverdir</command> command.
|
||||
The <parameter>config</parameter> parameter is defined as
|
||||
follows: </para>
|
||||
|
||||
<para><programlisting>
|
||||
Long Printer Name:\
|
||||
Driver File Name:\
|
||||
Data File Name:\
|
||||
Config File Name:\
|
||||
Help File Name:\
|
||||
Language Monitor Name:\
|
||||
Default Data Type:\
|
||||
Comma Separated list of Files
|
||||
</programlisting></para>
|
||||
|
||||
<para>Any empty fields should be enter as the string "NULL". </para>
|
||||
|
||||
<para>Samba does not need to support the concept of Print Monitors
|
||||
since these only apply to local printers whose driver can make
|
||||
use of a bi-directional link for communication. This field should
|
||||
be "NULL". On a remote NT print server, the Print Monitor for a
|
||||
driver must already be installed prior to adding the driver or
|
||||
else the RPC will fail. </para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>addprinter <printername>
|
||||
<sharename> <drivername> <port></term>
|
||||
<listitem><para>
|
||||
Add a printer on the remote server. This printer
|
||||
will be automatically shared. Be aware that the printer driver
|
||||
must already be installed on the server (see <command>adddriver</command>)
|
||||
and the <parameter>port</parameter>must be a valid port name (see
|
||||
<command>enumports</command>.</para>
|
||||
</listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term>deldriver</term><listitem><para>Delete the
|
||||
specified printer driver for all architectures. This
|
||||
does not delete the actual driver files from the server,
|
||||
only the entry from the server's list of drivers.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>enumdata</term><listitem><para>Enumerate all
|
||||
printer setting data stored on the server. On Windows NT clients,
|
||||
these values are stored in the registry, while Samba servers
|
||||
store them in the printers TDB. This command corresponds
|
||||
to the MS Platform SDK GetPrinterData() function (* This
|
||||
command is currently unimplemented).</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>enumdataex</term><listitem><para>Enumerate printer data for a key</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>enumjobs <printer></term>
|
||||
<listitem><para>List the jobs and status of a given printer.
|
||||
This command corresponds to the MS Platform SDK EnumJobs()
|
||||
function</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>enumkey</term><listitem><para>Enumerate
|
||||
printer keys</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>enumports [level]</term>
|
||||
<listitem><para>
|
||||
Executes an EnumPorts() call using the specified
|
||||
info level. Currently only info levels 1 and 2 are supported.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry><term>enumdrivers [level]</term>
|
||||
<listitem><para>
|
||||
Execute an EnumPrinterDrivers() call. This lists the various installed
|
||||
printer drivers for all architectures. Refer to the MS Platform SDK
|
||||
documentation for more details of the various flags and calling
|
||||
options. Currently supported info levels are 1, 2, and 3.</para></listitem></varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry><term>enumprinters [level]</term>
|
||||
<listitem><para>Execute an EnumPrinters() call. This lists the various installed
|
||||
and share printers. Refer to the MS Platform SDK documentation for
|
||||
more details of the various flags and calling options. Currently
|
||||
supported info levels are 1, 2 and 5.</para></listitem></varlistentry>
|
||||
|
||||
|
||||
|
||||
|
||||
<varlistentry><term>getdata <printername> <valuename;></term>
|
||||
<listitem><para>Retrieve the data for a given printer setting. See
|
||||
the <command>enumdata</command> command for more information.
|
||||
This command corresponds to the GetPrinterData() MS Platform
|
||||
SDK function. </para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>getdataex</term><listitem><para>Get
|
||||
printer driver data with
|
||||
keyname</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term>getdriver <printername></term>
|
||||
<listitem><para>
|
||||
Retrieve the printer driver information (such as driver file,
|
||||
config file, dependent files, etc...) for
|
||||
the given printer. This command corresponds to the GetPrinterDriver()
|
||||
MS Platform SDK function. Currently info level 1, 2, and 3 are supported.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term>getdriverdir <arch></term>
|
||||
<listitem><para>
|
||||
Execute a GetPrinterDriverDirectory()
|
||||
RPC to retrieve the SMB share name and subdirectory for
|
||||
storing printer driver files for a given architecture. Possible
|
||||
values for <parameter>arch</parameter> are "Windows 4.0"
|
||||
(for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
|
||||
Alpha_AXP", and "Windows NT R4000". </para></listitem></varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry><term>getprinter <printername></term>
|
||||
<listitem><para>Retrieve the current printer information. This command
|
||||
corresponds to the GetPrinter() MS Platform SDK function.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>getprintprocdir</term><listitem><para>Get
|
||||
print processor
|
||||
directory</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>openprinter <printername></term>
|
||||
<listitem><para>Execute an OpenPrinterEx() and ClosePrinter() RPC
|
||||
against a given printer. </para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>setdriver <printername>
|
||||
<drivername></term>
|
||||
<listitem><para>Execute a SetPrinter() command to update the printer driver
|
||||
associated with an installed printer. The printer driver must
|
||||
already be correctly installed on the print server. </para>
|
||||
|
||||
<para>See also the <command>enumprinters</command> and
|
||||
<command>enumdrivers</command> commands for obtaining a list of
|
||||
of installed printers and drivers.</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>addform</term><listitem><para>Add form</para></listitem></varlistentry>
|
||||
<varlistentry><term>setform</term><listitem><para>Set form</para></listitem></varlistentry>
|
||||
<varlistentry><term>getform</term><listitem><para>Get form</para></listitem></varlistentry>
|
||||
<varlistentry><term>deleteform</term><listitem><para>Delete form</para></listitem></varlistentry>
|
||||
<varlistentry><term>enumforms</term><listitem><para>Enumerate form</para></listitem></varlistentry>
|
||||
<varlistentry><term>setprinter</term><listitem><para>Set printer comment</para></listitem></varlistentry>
|
||||
<varlistentry><term>setprinterdata</term><listitem><para>Set REG_SZ printer data</para></listitem></varlistentry>
|
||||
<varlistentry><term>rffpcnex</term><listitem><para>Rffpcnex test</para></listitem></varlistentry>
|
||||
|
||||
|
||||
</variablelist>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>NETLOGON</title>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry><term>logonctrl2</term>
|
||||
<listitem><para>Logon Control 2</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>logonctrl</term>
|
||||
<listitem><para>Logon Control</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>samsync</term>
|
||||
<listitem><para>Sam Synchronisation</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>samdeltas</term>
|
||||
<listitem><para>Query Sam Deltas</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term>samlogon</term>
|
||||
<listitem><para>Sam Logon</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>GENERAL COMMANDS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry><term>debuglevel</term><listitem><para>Set the current
|
||||
debug level used to log information.</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>help (?)</term><listitem><para>Print a listing of all
|
||||
known commands or extended help on a particular command.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry><term>quit (exit)</term><listitem><para>Exit <command>rpcclient
|
||||
</command>.</para></listitem></varlistentry>
|
||||
</variablelist>
|
||||
</refsect2>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>BUGS</title>
|
||||
|
||||
<para><command>rpcclient</command> is designed as a developer testing tool
|
||||
and may not be robust in certain areas (such as command line parsing).
|
||||
It has been known to generate a core dump upon failures when invalid
|
||||
parameters where passed to the interpreter. </para>
|
||||
|
||||
<para>From Luke Leighton's original rpcclient man page:</para>
|
||||
|
||||
<para><emphasis>WARNING!</emphasis> The MSRPC over SMB code has
|
||||
been developed from examining Network traces. No documentation is
|
||||
available from the original creators (Microsoft) on how MSRPC over
|
||||
SMB works, or how the individual MSRPC services work. Microsoft's
|
||||
implementation of these services has been demonstrated (and reported)
|
||||
to be... a bit flaky in places. </para>
|
||||
|
||||
<para>The development of Samba's implementation is also a bit rough,
|
||||
and as more of the services are understood, it can even result in
|
||||
versions of <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>rpcclient</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry> that are incompatible for some commands or services. Additionally,
|
||||
the developers are sending reports to Microsoft, and problems found
|
||||
or reported to Microsoft are fixed in Service Packs, which may
|
||||
result in incompatibilities.</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba
|
||||
suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original rpcclient man page was written by Matthew
|
||||
Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.
|
||||
The conversion to DocBook for Samba 2.2 was done by Gerald
|
||||
Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was
|
||||
done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,378 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="samba.7">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>samba</refname>
|
||||
<refpurpose>A Windows SMB/CIFS fileserver for UNIX</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis><command>Samba</command></cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>The Samba software suite is a collection of programs
|
||||
that implements the Server Message Block (commonly abbreviated
|
||||
as SMB) protocol for UNIX systems. This protocol is sometimes
|
||||
also referred to as the Common Internet File System (CIFS). For a
|
||||
more thorough description, see <ulink url="http://www.ubiqx.org/cifs/">
|
||||
http://www.ubiqx.org/cifs/</ulink>. Samba also implements the NetBIOS
|
||||
protocol in nmbd.</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>smbd</command> daemon provides the file and print services to
|
||||
SMB clients, such as Windows 95/98, Windows NT, Windows
|
||||
for Workgroups or LanManager. The configuration file
|
||||
for this daemon is described in <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>nmbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>nmbd</command>
|
||||
daemon provides NetBIOS nameservice and browsing
|
||||
support. The configuration file for this daemon
|
||||
is described in <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbclient</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>smbclient</command>
|
||||
program implements a simple ftp-like client. This
|
||||
is useful for accessing SMB shares on other compatible
|
||||
servers (such as Windows NT), and can also be used
|
||||
to allow a UNIX box to print to a printer attached to
|
||||
any SMB server (such as a PC running Windows NT).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>testparm</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>testparm</command>
|
||||
utility is a simple syntax checker for Samba's <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> configuration file.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>testprns</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>testprns</command>
|
||||
utility supports testing printer names defined
|
||||
in your <filename>printcap</filename> file used
|
||||
by Samba.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbstatus</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>smbstatus</command>
|
||||
tool provides access to information about the
|
||||
current connections to <command>smbd</command>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>nmblookup</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>nmblookup</command>
|
||||
tools allows NetBIOS name queries to be made
|
||||
from a UNIX host.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbgroupedit</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>smbgroupedit</command>
|
||||
tool allows for mapping unix groups to NT Builtin,
|
||||
Domain, or Local groups. Also it allows setting
|
||||
priviledges for that group, such as saAddUser, etc.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbpasswd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>smbpasswd</command>
|
||||
command is a tool for changing LanMan and Windows NT
|
||||
password hashes on Samba and Windows NT servers.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbcacls</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>smbcacls</command> command is
|
||||
a tool to set ACL's on remote CIFS servers. </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbsh</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>smbsh</command> command is
|
||||
a program that allows you to run a unix shell with
|
||||
with an overloaded VFS.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbtree</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>smbtree</command> command
|
||||
is a text-based network neighborhood tool.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbtar</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>smbtar</command> can make
|
||||
backups of data on CIFS/SMB servers.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbspool</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>smbspool</command> is a
|
||||
helper utility for printing on printers connected
|
||||
to CIFS servers. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbcontrol</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>smbcontrol</command> is a utility
|
||||
that can change the behaviour of running samba daemons.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>rpcclient</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>rpcclient</command> is a utility
|
||||
that can be used to execute RPC commands on remote
|
||||
CIFS servers.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>pdbedit</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>pdbedit</command> command
|
||||
can be used to maintain the local user database on
|
||||
a samba server.</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>findsmb</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>findsmb</command> command
|
||||
can be used to find SMB servers on the local network.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>net</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry></term>
|
||||
<listitem><para>The <command>net</command> command
|
||||
is supposed to work similar to the DOS/Windows
|
||||
NET.EXE command.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>swat</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>swat</command> is a web-based
|
||||
interface to configuring <filename>smb.conf</filename>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>winbindd</command> is a daemon
|
||||
that is used for integrating authentication and
|
||||
the user database into unix.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>wbinfo</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>wbinfo</command> is a utility
|
||||
that retrieves and stores information related to winbind.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>editreg</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>editreg</command> is a command-line
|
||||
utility that can edit windows registry files.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>profiles</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>profiles</command> is a command-line
|
||||
utility that can be used to replace all occurences of
|
||||
a certain SID with another SID.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>log2pcap</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>log2pcap</command> is a utility
|
||||
for generating pcap trace files from Samba log
|
||||
files.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>vfstest</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>vfstest</command> is a utility
|
||||
that can be used to test vfs modules.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>ntlm_auth</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>ntlm_auth</command> is a helper-utility
|
||||
for external programs wanting to do NTLM-authentication.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbmount</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbumount</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbmount</refentrytitle><manvolnum>8</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>smbmount</command>,<command>smbmnt</command> and <command>smbmnt</command> are commands that can be used to
|
||||
mount CIFS/SMB shares on Linux.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smbcquotas</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></term>
|
||||
<listitem><para><command>smbcquotas</command> is a tool that
|
||||
can set remote QUOTA's on server with NTFS 5. </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>COMPONENTS</title>
|
||||
|
||||
<para>The Samba suite is made up of several components. Each
|
||||
component is described in a separate manual page. It is strongly
|
||||
recommended that you read the documentation that comes with Samba
|
||||
and the manual pages of those components that you use. If the
|
||||
manual pages and documents aren't clear enough then please visit
|
||||
<ulink url="http://devel.samba.org/">http://devel.samba.org</ulink>
|
||||
for information on how to file a bug report or submit a patch.</para>
|
||||
|
||||
<para>If you require help, visit the Samba webpage at
|
||||
<ulink url="http://samba.org/">http://www.samba.org/</ulink> and
|
||||
explore the many option available to you.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AVAILABILITY</title>
|
||||
|
||||
<para>The Samba software suite is licensed under the
|
||||
GNU Public License(GPL). A copy of that license should
|
||||
have come with the package in the file COPYING. You are
|
||||
encouraged to distribute copies of the Samba suite, but
|
||||
please obey the terms of this license.</para>
|
||||
|
||||
<para>The latest version of the Samba suite can be
|
||||
obtained via anonymous ftp from samba.org in the
|
||||
directory pub/samba/. It is also available on several
|
||||
mirror sites worldwide.</para>
|
||||
|
||||
<para>You may also find useful information about Samba
|
||||
on the newsgroup <ulink url="news:comp.protocols.smb">
|
||||
comp.protocol.smb</ulink> and the Samba mailing
|
||||
list. Details on how to join the mailing list are given in
|
||||
the README file that comes with Samba.</para>
|
||||
|
||||
<para>If you have access to a WWW viewer (such as Mozilla
|
||||
or Konqueror) then you will also find lots of useful information,
|
||||
including back issues of the Samba mailing list, at
|
||||
<ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the
|
||||
Samba suite. </para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>CONTRIBUTIONS</title>
|
||||
|
||||
<para>If you wish to contribute to the Samba project,
|
||||
then I suggest you join the Samba mailing list at
|
||||
<ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.
|
||||
</para>
|
||||
|
||||
<para>If you have patches to submit, visit
|
||||
<ulink url="http://devel.samba.org/">http://devel.samba.org/</ulink>
|
||||
for information on how to do it properly. We prefer patches
|
||||
in <command>diff -u</command> format.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>CONTRIBUTORS</title>
|
||||
|
||||
<para>Contributors to the project are now too numerous
|
||||
to mention here but all deserve the thanks of all Samba
|
||||
users. To see a full list, look at the
|
||||
<filename>change-log</filename> in the source package
|
||||
for the pre-CVS changes and at <ulink
|
||||
url="http://cvs.samba.org/">
|
||||
http://cvs.samba.org/</ulink>
|
||||
for the contributors to Samba post-CVS. CVS is the Open Source
|
||||
source code control system used by the Samba Team to develop
|
||||
Samba. The project would have been unmanageable without it.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML
|
||||
4.2 for Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,263 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbcacls.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbcacls</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbcacls</refname>
|
||||
<refpurpose>Set or get ACLs on an NT file or directory names</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbcacls</command>
|
||||
<arg choice="req">//server/share</arg>
|
||||
<arg choice="req">filename</arg>
|
||||
<arg choice="opt">-D acls</arg>
|
||||
<arg choice="opt">-M acls</arg>
|
||||
<arg choice="opt">-a acls</arg>
|
||||
<arg choice="opt">-S acls</arg>
|
||||
<arg choice="opt">-C name</arg>
|
||||
<arg choice="opt">-G name</arg>
|
||||
<arg choice="opt">-n</arg>
|
||||
<arg choice="opt">-t</arg>
|
||||
<arg choice="opt">-U username</arg>
|
||||
<arg choice="opt">-h</arg>
|
||||
<arg choice="opt">-d</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para>The <command>smbcacls</command> program manipulates NT Access Control
|
||||
Lists (ACLs) on SMB file shares. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<para>The following options are available to the <command>smbcacls</command> program.
|
||||
The format of ACLs is described in the section ACL FORMAT </para>
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-a acls</term>
|
||||
<listitem><para>Add the ACLs specified to the ACL list. Existing
|
||||
access control entries are unchanged. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-M acls</term>
|
||||
<listitem><para>Modify the mask value (permissions) for the ACLs
|
||||
specified on the command line. An error will be printed for each
|
||||
ACL specified that was not already present in the ACL list
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-D acls</term>
|
||||
<listitem><para>Delete any ACLs specified on the command line.
|
||||
An error will be printed for each ACL specified that was not
|
||||
already present in the ACL list. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-S acls</term>
|
||||
<listitem><para>This command sets the ACLs on the file with
|
||||
only the ones specified on the command line. All other ACLs are
|
||||
erased. Note that the ACL specified must contain at least a revision,
|
||||
type, owner and group for the call to succeed. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-U username</term>
|
||||
<listitem><para>Specifies a username used to connect to the
|
||||
specified service. The username may be of the form "username" in
|
||||
which case the user is prompted to enter in a password and the
|
||||
workgroup specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file is
|
||||
used, or "username%password" or "DOMAIN\username%password" and the
|
||||
password and workgroup names are used as provided. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-C name</term>
|
||||
<listitem><para>The owner of a file or directory can be changed
|
||||
to the name given using the <parameter>-C</parameter> option.
|
||||
The name can be a sid in the form S-1-x-y-z or a name resolved
|
||||
against the server specified in the first argument. </para>
|
||||
|
||||
<para>This command is a shortcut for -M OWNER:name.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-G name</term>
|
||||
<listitem><para>The group owner of a file or directory can
|
||||
be changed to the name given using the <parameter>-G</parameter>
|
||||
option. The name can be a sid in the form S-1-x-y-z or a name
|
||||
resolved against the server specified n the first argument.
|
||||
</para>
|
||||
|
||||
<para>This command is a shortcut for -M GROUP:name.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-n</term>
|
||||
<listitem><para>This option displays all ACL information in numeric
|
||||
format. The default is to convert SIDs to names and ACE types
|
||||
and masks to a readable string format. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-t</term>
|
||||
<listitem><para>
|
||||
Don't actually do anything, only validate the correctness of
|
||||
the arguments.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.help;
|
||||
&popt.common.samba;
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>ACL FORMAT</title>
|
||||
|
||||
<para>The format of an ACL is one or more ACL entries separated by
|
||||
either commas or newlines. An ACL entry is one of the following: </para>
|
||||
|
||||
<para><programlisting>
|
||||
REVISION:<revision number>
|
||||
OWNER:<sid or name>
|
||||
GROUP:<sid or name>
|
||||
ACL:<sid or name>:<type>/<flags>/<mask>
|
||||
</programlisting></para>
|
||||
|
||||
|
||||
<para>The revision of the ACL specifies the internal Windows
|
||||
NT ACL revision for the security descriptor.
|
||||
If not specified it defaults to 1. Using values other than 1 may
|
||||
cause strange behaviour. </para>
|
||||
|
||||
<para>The owner and group specify the owner and group sids for the
|
||||
object. If a SID in the format CWS-1-x-y-z is specified this is used,
|
||||
otherwise the name specified is resolved using the server on which
|
||||
the file or directory resides. </para>
|
||||
|
||||
<para>ACLs specify permissions granted to the SID. This SID again
|
||||
can be specified in CWS-1-x-y-z format or as a name in which case
|
||||
it is resolved against the server on which the file or directory
|
||||
resides. The type, flags and mask values determine the type of
|
||||
access granted to the SID. </para>
|
||||
|
||||
<para>The type can be either 0 or 1 corresponding to ALLOWED or
|
||||
DENIED access to the SID. The flags values are generally
|
||||
zero for file ACLs and either 9 or 2 for directory ACLs. Some
|
||||
common flags are: </para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><constant>#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</constant></para></listitem>
|
||||
<listitem><para><constant>#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</constant></para></listitem>
|
||||
<listitem><para><constant>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4</constant></para></listitem>
|
||||
<listitem><para><constant>#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</constant></para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>At present flags can only be specified as decimal or
|
||||
hexadecimal values.</para>
|
||||
|
||||
<para>The mask is a value which expresses the access right
|
||||
granted to the SID. It can be given as a decimal or hexadecimal value,
|
||||
or by using one of the following text strings which map to the NT
|
||||
file permissions of the same name. </para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem>
|
||||
<listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem>
|
||||
<listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem>
|
||||
<listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem>
|
||||
<listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem>
|
||||
<listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
|
||||
<para>The following combined permissions can be specified:</para>
|
||||
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><emphasis>READ</emphasis> - Equivalent to 'RX'
|
||||
permissions</para></listitem>
|
||||
<listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions
|
||||
</para></listitem>
|
||||
<listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO'
|
||||
permissions</para></listitem>
|
||||
</itemizedlist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>EXIT STATUS</title>
|
||||
|
||||
<para>The <command>smbcacls</command> program sets the exit status
|
||||
depending on the success or otherwise of the operations performed.
|
||||
The exit status may be one of the following values. </para>
|
||||
|
||||
<para>If the operation succeeded, smbcacls returns and exit
|
||||
status of 0. If <command>smbcacls</command> couldn't connect to the specified server,
|
||||
or there was an error getting or setting the ACLs, an exit status
|
||||
of 1 is returned. If there was an error parsing any command line
|
||||
arguments, an exit status of 2 is returned. </para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para><command>smbcacls</command> was written by Andrew Tridgell
|
||||
and Tim Potter.</para>
|
||||
|
||||
<para>The conversion to DocBook for Samba 2.2 was done
|
||||
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done
|
||||
by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,940 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbclient.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbclient</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbclient</refname>
|
||||
<refpurpose>ftp-like client to access SMB/CIFS resources
|
||||
on servers</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbclient</command>
|
||||
<arg choice="req">servicename</arg>
|
||||
<arg choice="opt">password</arg>
|
||||
<arg choice="opt">-b <buffer size></arg>
|
||||
<arg choice="opt">-d debuglevel</arg>
|
||||
<arg choice="opt">-D Directory</arg>
|
||||
<arg choice="opt">-U username</arg>
|
||||
<arg choice="opt">-W workgroup</arg>
|
||||
<arg choice="opt">-M <netbios name></arg>
|
||||
<arg choice="opt">-m maxprotocol</arg>
|
||||
<arg choice="opt">-A authfile</arg>
|
||||
<arg choice="opt">-N</arg>
|
||||
<arg choice="opt">-l logfile</arg>
|
||||
<arg choice="opt">-L <netbios name></arg>
|
||||
<arg choice="opt">-I destinationIP</arg>
|
||||
<arg choice="opt">-E</arg>
|
||||
<arg choice="opt">-c <command string></arg>
|
||||
<arg choice="opt">-i scope</arg>
|
||||
<arg choice="opt">-O <socket options></arg>
|
||||
<arg choice="opt">-p port</arg>
|
||||
<arg choice="opt">-R <name resolve order></arg>
|
||||
<arg choice="opt">-s <smb config file></arg>
|
||||
<arg choice="opt">-T<c|x>IXFqgbNan</arg>
|
||||
<arg choice="opt">-k</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>smbclient</command> is a client that can
|
||||
'talk' to an SMB/CIFS server. It offers an interface
|
||||
similar to that of the ftp program (see <citerefentry><refentrytitle>ftp</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>).
|
||||
Operations include things like getting files from the server
|
||||
to the local machine, putting files from the local machine to
|
||||
the server, retrieving directory information from the server
|
||||
and so on. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>servicename</term>
|
||||
<listitem><para>servicename is the name of the service
|
||||
you want to use on the server. A service name takes the form
|
||||
<filename>//server/service</filename> where <parameter>server
|
||||
</parameter> is the NetBIOS name of the SMB/CIFS server
|
||||
offering the desired service and <parameter>service</parameter>
|
||||
is the name of the service offered. Thus to connect to
|
||||
the service "printer" on the SMB/CIFS server "smbserver",
|
||||
you would use the servicename <filename>//smbserver/printer
|
||||
</filename></para>
|
||||
|
||||
<para>Note that the server name required is NOT necessarily
|
||||
the IP (DNS) host name of the server ! The name required is
|
||||
a NetBIOS server name, which may or may not be the
|
||||
same as the IP hostname of the machine running the server.
|
||||
</para>
|
||||
|
||||
<para>The server name is looked up according to either
|
||||
the <parameter>-R</parameter> parameter to <command>smbclient</command> or
|
||||
using the name resolve order parameter in
|
||||
the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file,
|
||||
allowing an administrator to change the order and methods
|
||||
by which server names are looked up. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>password</term>
|
||||
<listitem><para>The password required to access the specified
|
||||
service on the specified server. If this parameter is
|
||||
supplied, the <parameter>-N</parameter> option (suppress
|
||||
password prompt) is assumed. </para>
|
||||
|
||||
<para>There is no default password. If no password is supplied
|
||||
on the command line (either by using this parameter or adding
|
||||
a password to the <parameter>-U</parameter> option (see
|
||||
below)) and the <parameter>-N</parameter> option is not
|
||||
specified, the client will prompt for a password, even if
|
||||
the desired service does not require one. (If no password is
|
||||
required, simply press ENTER to provide a null password.)
|
||||
</para>
|
||||
|
||||
<para>Note: Some servers (including OS/2 and Windows for
|
||||
Workgroups) insist on an uppercase password. Lowercase
|
||||
or mixed case passwords may be rejected by these servers.
|
||||
</para>
|
||||
|
||||
<para>Be cautious about including passwords in scripts.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-R <name resolve order></term>
|
||||
<listitem><para>This option is used by the programs in the Samba
|
||||
suite to determine what naming services and in what order to resolve
|
||||
host names to IP addresses. The option takes a space-separated
|
||||
string of different name resolution options.</para>
|
||||
|
||||
<para>The options are :"lmhosts", "host", "wins" and "bcast". They
|
||||
cause names to be resolved as follows:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><constant>lmhosts</constant>: Lookup an IP
|
||||
address in the Samba lmhosts file. If the line in lmhosts has
|
||||
no name type attached to the NetBIOS name (see
|
||||
the <citerefentry><refentrytitle>lmhosts</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for details) then
|
||||
any name type matches for lookup.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem><para><constant>host</constant>: Do a standard host
|
||||
name to IP address resolution, using the system <filename>/etc/hosts
|
||||
</filename>, NIS, or DNS lookups. This method of name resolution
|
||||
is operating system dependent, for instance on IRIX or Solaris this
|
||||
may be controlled by the <filename>/etc/nsswitch.conf</filename>
|
||||
file). Note that this method is only used if the NetBIOS name
|
||||
type being queried is the 0x20 (server) name type, otherwise
|
||||
it is ignored.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem><para><constant>wins</constant>: Query a name with
|
||||
the IP address listed in the <parameter>wins server</parameter>
|
||||
parameter. If no WINS server has
|
||||
been specified this method will be ignored.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem><para><constant>bcast</constant>: Do a broadcast on
|
||||
each of the known local interfaces listed in the
|
||||
<parameter>interfaces</parameter>
|
||||
parameter. This is the least reliable of the name resolution
|
||||
methods as it depends on the target host being on a locally
|
||||
connected subnet.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>If this parameter is not set then the name resolve order
|
||||
defined in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file parameter
|
||||
(name resolve order) will be used. </para>
|
||||
|
||||
<para>The default order is lmhosts, host, wins, bcast and without
|
||||
this parameter or any entry in the <parameter>name resolve order
|
||||
</parameter> parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file the name resolution
|
||||
methods will be attempted in this order. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-M NetBIOS name</term>
|
||||
<listitem><para>This options allows you to send messages, using
|
||||
the "WinPopup" protocol, to another computer. Once a connection is
|
||||
established you then type your message, pressing ^D (control-D) to
|
||||
end. </para>
|
||||
|
||||
<para>If the receiving computer is running WinPopup the user will
|
||||
receive the message and probably a beep. If they are not running
|
||||
WinPopup the message will be lost, and no error message will
|
||||
occur. </para>
|
||||
|
||||
<para>The message is also automatically truncated if the message
|
||||
is over 1600 bytes, as this is the limit of the protocol.
|
||||
</para>
|
||||
|
||||
<para>One useful trick is to cat the message through
|
||||
<command>smbclient</command>. For example: <command>
|
||||
cat mymessage.txt | smbclient -M FRED </command> will
|
||||
send the message in the file <filename>mymessage.txt</filename>
|
||||
to the machine FRED. </para>
|
||||
|
||||
<para>You may also find the <parameter>-U</parameter> and
|
||||
<parameter>-I</parameter> options useful, as they allow you to
|
||||
control the FROM and TO parts of the message. </para>
|
||||
|
||||
<para>See the <parameter>message command</parameter> parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for a description of how to handle incoming
|
||||
WinPopup messages in Samba. </para>
|
||||
|
||||
<para><emphasis>Note</emphasis>: Copy WinPopup into the startup group
|
||||
on your WfWg PCs if you want them to always be able to receive
|
||||
messages. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-p port</term>
|
||||
<listitem><para>This number is the TCP port number that will be used
|
||||
when making connections to the server. The standard (well-known)
|
||||
TCP port number for an SMB/CIFS server is 139, which is the
|
||||
default. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
&stdarg.help;
|
||||
|
||||
<varlistentry>
|
||||
<term>-I IP-address</term>
|
||||
<listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to.
|
||||
It should be specified in standard "a.b.c.d" notation. </para>
|
||||
|
||||
<para>Normally the client would attempt to locate a named
|
||||
SMB/CIFS server by looking it up via the NetBIOS name resolution
|
||||
mechanism described above in the <parameter>name resolve order</parameter>
|
||||
parameter above. Using this parameter will force the client
|
||||
to assume that the server is on the machine with the specified IP
|
||||
address and the NetBIOS name component of the resource being
|
||||
connected to will be ignored. </para>
|
||||
|
||||
<para>There is no default for this parameter. If not supplied,
|
||||
it will be determined automatically by the client as described
|
||||
above. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-E</term>
|
||||
<listitem><para>This parameter causes the client to write messages
|
||||
to the standard error stream (stderr) rather than to the standard
|
||||
output stream. </para>
|
||||
|
||||
<para>By default, the client writes messages to standard output
|
||||
- typically the user's tty. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-L</term>
|
||||
<listitem><para>This option allows you to look at what services
|
||||
are available on a server. You use it as <command>smbclient -L
|
||||
host</command> and a list should appear. The <parameter>-I
|
||||
</parameter> option may be useful if your NetBIOS names don't
|
||||
match your TCP/IP DNS host names or if you are trying to reach a
|
||||
host on another network. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-t terminal code</term>
|
||||
<listitem><para>This option tells <command>smbclient</command> how to interpret
|
||||
filenames coming from the remote server. Usually Asian language
|
||||
multibyte UNIX implementations use different character sets than
|
||||
SMB/CIFS servers (<emphasis>EUC</emphasis> instead of <emphasis>
|
||||
SJIS</emphasis> for example). Setting this parameter will let
|
||||
<command>smbclient</command> convert between the UNIX filenames and
|
||||
the SMB filenames correctly. This option has not been seriously tested
|
||||
and may have some problems. </para>
|
||||
|
||||
<para>The terminal codes include CWsjis, CWeuc, CWjis7, CWjis8,
|
||||
CWjunet, CWhex, CWcap. This is not a complete list, check the Samba
|
||||
source code for the complete list. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-b buffersize</term>
|
||||
<listitem><para>This option changes the transmit/send buffer
|
||||
size when getting or putting a file from/to the server. The default
|
||||
is 65520 bytes. Setting this value smaller (to 1200 bytes) has been
|
||||
observed to speed up file transfers to and from a Win9x server.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&popt.common.samba;
|
||||
&popt.common.credentials;
|
||||
&popt.common.connection;
|
||||
|
||||
<varlistentry>
|
||||
<term>-T tar options</term>
|
||||
<listitem><para>smbclient may be used to create <command>tar(1)
|
||||
</command> compatible backups of all the files on an SMB/CIFS
|
||||
share. The secondary tar flags that can be given to this option
|
||||
are : </para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><parameter>c</parameter> - Create a tar file on UNIX.
|
||||
Must be followed by the name of a tar file, tape device
|
||||
or "-" for standard output. If using standard output you must
|
||||
turn the log level to its lowest value -d0 to avoid corrupting
|
||||
your tar file. This flag is mutually exclusive with the
|
||||
<parameter>x</parameter> flag. </para></listitem>
|
||||
|
||||
<listitem><para><parameter>x</parameter> - Extract (restore) a local
|
||||
tar file back to a share. Unless the -D option is given, the tar
|
||||
files will be restored from the top level of the share. Must be
|
||||
followed by the name of the tar file, device or "-" for standard
|
||||
input. Mutually exclusive with the <parameter>c</parameter> flag.
|
||||
Restored files have their creation times (mtime) set to the
|
||||
date saved in the tar file. Directories currently do not get
|
||||
their creation dates restored properly. </para></listitem>
|
||||
|
||||
<listitem><para><parameter>I</parameter> - Include files and directories.
|
||||
Is the default behavior when filenames are specified above. Causes
|
||||
tar files to be included in an extract or create (and therefore
|
||||
everything else to be excluded). See example below. Filename globbing
|
||||
works in one of two ways. See r below. </para></listitem>
|
||||
|
||||
<listitem><para><parameter>X</parameter> - Exclude files and directories.
|
||||
Causes tar files to be excluded from an extract or create. See
|
||||
example below. Filename globbing works in one of two ways now.
|
||||
See <parameter>r</parameter> below. </para></listitem>
|
||||
|
||||
<listitem><para><parameter>b</parameter> - Blocksize. Must be followed
|
||||
by a valid (greater than zero) blocksize. Causes tar file to be
|
||||
written out in blocksize*TBLOCK (usually 512 byte) blocks.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><parameter>g</parameter> - Incremental. Only back up
|
||||
files that have the archive bit set. Useful only with the
|
||||
<parameter>c</parameter> flag. </para></listitem>
|
||||
|
||||
<listitem><para><parameter>q</parameter> - Quiet. Keeps tar from printing
|
||||
diagnostics as it works. This is the same as tarmode quiet.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><parameter>r</parameter> - Regular expression include
|
||||
or exclude. Uses regular expression matching for
|
||||
excluding or excluding files if compiled with HAVE_REGEX_H.
|
||||
However this mode can be very slow. If not compiled with
|
||||
HAVE_REGEX_H, does a limited wildcard match on '*' and '?'.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><parameter>N</parameter> - Newer than. Must be followed
|
||||
by the name of a file whose date is compared against files found
|
||||
on the share during a create. Only files newer than the file
|
||||
specified are backed up to the tar file. Useful only with the
|
||||
<parameter>c</parameter> flag. </para></listitem>
|
||||
|
||||
<listitem><para><parameter>a</parameter> - Set archive bit. Causes the
|
||||
archive bit to be reset when a file is backed up. Useful with the
|
||||
<parameter>g</parameter> and <parameter>c</parameter> flags.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para><emphasis>Tar Long File Names</emphasis></para>
|
||||
|
||||
<para><command>smbclient</command>'s tar option now supports long
|
||||
file names both on backup and restore. However, the full path
|
||||
name of the file must be less than 1024 bytes. Also, when
|
||||
a tar archive is created, <command>smbclient</command>'s tar option places all
|
||||
files in the archive with relative names, not absolute names.
|
||||
</para>
|
||||
|
||||
<para><emphasis>Tar Filenames</emphasis></para>
|
||||
|
||||
<para>All file names can be given as DOS path names (with '\\'
|
||||
as the component separator) or as UNIX path names (with '/' as
|
||||
the component separator). </para>
|
||||
|
||||
<para><emphasis>Examples</emphasis></para>
|
||||
|
||||
<para>Restore from tar file <filename>backup.tar</filename> into myshare on mypc
|
||||
(no password on share). </para>
|
||||
|
||||
<para><command>smbclient //mypc/yshare "" -N -Tx backup.tar
|
||||
</command></para>
|
||||
|
||||
<para>Restore everything except <filename>users/docs</filename>
|
||||
</para>
|
||||
|
||||
<para><command>smbclient //mypc/myshare "" -N -TXx backup.tar
|
||||
users/docs</command></para>
|
||||
|
||||
<para>Create a tar file of the files beneath <filename>
|
||||
users/docs</filename>. </para>
|
||||
|
||||
<para><command>smbclient //mypc/myshare "" -N -Tc
|
||||
backup.tar users/docs </command></para>
|
||||
|
||||
<para>Create the same tar file as above, but now use
|
||||
a DOS path name. </para>
|
||||
|
||||
<para><command>smbclient //mypc/myshare "" -N -tc backup.tar
|
||||
users\edocs </command></para>
|
||||
|
||||
<para>Create a tar file of all the files and directories in
|
||||
the share. </para>
|
||||
|
||||
<para><command>smbclient //mypc/myshare "" -N -Tc backup.tar *
|
||||
</command></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-D initial directory</term>
|
||||
<listitem><para>Change to initial directory before starting. Probably
|
||||
only of any use with the tar -T option. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-c command string</term>
|
||||
<listitem><para>command string is a semicolon-separated list of
|
||||
commands to be executed instead of prompting from stdin. <parameter>
|
||||
-N</parameter> is implied by <parameter>-c</parameter>.</para>
|
||||
|
||||
<para>This is particularly useful in scripts and for printing stdin
|
||||
to the server, e.g. <command>-c 'print -'</command>. </para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPERATIONS</title>
|
||||
|
||||
<para>Once the client is running, the user is presented with
|
||||
a prompt : </para>
|
||||
|
||||
<para><prompt>smb:\> </prompt></para>
|
||||
|
||||
<para>The backslash ("\\") indicates the current working directory
|
||||
on the server, and will change if the current working directory
|
||||
is changed. </para>
|
||||
|
||||
<para>The prompt indicates that the client is ready and waiting to
|
||||
carry out a user command. Each command is a single word, optionally
|
||||
followed by parameters specific to that command. Command and parameters
|
||||
are space-delimited unless these notes specifically
|
||||
state otherwise. All commands are case-insensitive. Parameters to
|
||||
commands may or may not be case sensitive, depending on the command.
|
||||
</para>
|
||||
|
||||
<para>You can specify file names which have spaces in them by quoting
|
||||
the name with double quotes, for example "a long file name". </para>
|
||||
|
||||
<para>Parameters shown in square brackets (e.g., "[parameter]") are
|
||||
optional. If not given, the command will use suitable defaults. Parameters
|
||||
shown in angle brackets (e.g., "<parameter>") are required.
|
||||
</para>
|
||||
|
||||
|
||||
<para>Note that all commands operating on the server are actually
|
||||
performed by issuing a request to the server. Thus the behavior may
|
||||
vary from server to server, depending on how the server was implemented.
|
||||
</para>
|
||||
|
||||
<para>The commands available are given here in alphabetical order. </para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>? [command]</term>
|
||||
<listitem><para>If <replaceable>command</replaceable> is specified, the ? command will display
|
||||
a brief informative message about the specified command. If no
|
||||
command is specified, a list of available commands will
|
||||
be displayed. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>! [shell command]</term>
|
||||
<listitem><para>If <replaceable>shell command</replaceable> is specified, the !
|
||||
command will execute a shell locally and run the specified shell
|
||||
command. If no command is specified, a local shell will be run.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>altname file</term>
|
||||
<listitem><para>The client will request that the server return
|
||||
the "alternate" name (the 8.3 name) for a file or directory.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>cancel jobid0 [jobid1] ... [jobidN]</term>
|
||||
<listitem><para>The client will request that the server cancel
|
||||
the printjobs identified by the given numeric print job ids.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>chmod file mode in octal</term>
|
||||
<listitem><para>This command depends on the server supporting the CIFS
|
||||
UNIX extensions and will fail if the server does not. The client requests that the server
|
||||
change the UNIX permissions to the given octal mode, in standard UNIX format.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>chown file uid gid</term>
|
||||
<listitem><para>This command depends on the server supporting the CIFS
|
||||
UNIX extensions and will fail if the server does not. The client requests that the server
|
||||
change the UNIX user and group ownership to the given decimal values. Note there is
|
||||
currently no way to remotely look up the UNIX uid and gid values for a given name.
|
||||
This may be addressed in future versions of the CIFS UNIX extensions.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>cd [directory name]</term>
|
||||
<listitem><para>If "directory name" is specified, the current
|
||||
working directory on the server will be changed to the directory
|
||||
specified. This operation will fail if for any reason the specified
|
||||
directory is inaccessible. </para>
|
||||
|
||||
<para>If no directory name is specified, the current working
|
||||
directory on the server will be reported. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>del <mask></term>
|
||||
<listitem><para>The client will request that the server attempt
|
||||
to delete all files matching <replaceable>mask</replaceable> from the current working
|
||||
directory on the server. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>dir <mask></term>
|
||||
<listitem><para>A list of the files matching <replaceable>mask</replaceable> in the current
|
||||
working directory on the server will be retrieved from the server
|
||||
and displayed. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>exit</term>
|
||||
<listitem><para>Terminate the connection with the server and exit
|
||||
from the program. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>get <remote file name> [local file name]</term>
|
||||
<listitem><para>Copy the file called <filename>remote file name</filename> from
|
||||
the server to the machine running the client. If specified, name
|
||||
the local copy <filename>local file name</filename>. Note that all transfers in
|
||||
<command>smbclient</command> are binary. See also the
|
||||
lowercase command. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>help [command]</term>
|
||||
<listitem><para>See the ? command above. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>lcd [directory name]</term>
|
||||
<listitem><para>If <replaceable>directory name</replaceable> is specified, the current
|
||||
working directory on the local machine will be changed to
|
||||
the directory specified. This operation will fail if for any
|
||||
reason the specified directory is inaccessible. </para>
|
||||
|
||||
<para>If no directory name is specified, the name of the
|
||||
current working directory on the local machine will be reported.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>link source destination</term>
|
||||
<listitem><para>This command depends on the server supporting the CIFS
|
||||
UNIX extensions and will fail if the server does not. The client requests that the server
|
||||
create a hard link between the source and destination files. The source file
|
||||
must not exist.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>lowercase</term>
|
||||
<listitem><para>Toggle lowercasing of filenames for the get and
|
||||
mget commands. </para>
|
||||
|
||||
<para>When lowercasing is toggled ON, local filenames are converted
|
||||
to lowercase when using the get and mget commands. This is
|
||||
often useful when copying (say) MSDOS files from a server, because
|
||||
lowercase filenames are the norm on UNIX systems. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>ls <mask></term>
|
||||
<listitem><para>See the dir command above. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>mask <mask></term>
|
||||
<listitem><para>This command allows the user to set up a mask
|
||||
which will be used during recursive operation of the mget and
|
||||
mput commands. </para>
|
||||
|
||||
<para>The masks specified to the mget and mput commands act as
|
||||
filters for directories rather than files when recursion is
|
||||
toggled ON. </para>
|
||||
|
||||
<para>The mask specified with the mask command is necessary
|
||||
to filter files within those directories. For example, if the
|
||||
mask specified in an mget command is "source*" and the mask
|
||||
specified with the mask command is "*.c" and recursion is
|
||||
toggled ON, the mget command will retrieve all files matching
|
||||
"*.c" in all directories below and including all directories
|
||||
matching "source*" in the current working directory. </para>
|
||||
|
||||
<para>Note that the value for mask defaults to blank (equivalent
|
||||
to "*") and remains so until the mask command is used to change it.
|
||||
It retains the most recently specified value indefinitely. To
|
||||
avoid unexpected results it would be wise to change the value of
|
||||
mask back to "*" after using the mget or mput commands. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>md <directory name></term>
|
||||
<listitem><para>See the mkdir command. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>mget <mask></term>
|
||||
<listitem><para>Copy all files matching <replaceable>mask</replaceable> from the server to
|
||||
the machine running the client. </para>
|
||||
|
||||
<para>Note that <replaceable>mask</replaceable> is interpreted differently during recursive
|
||||
operation and non-recursive operation - refer to the recurse and
|
||||
mask commands for more information. Note that all transfers in
|
||||
<command>smbclient</command> are binary. See also the lowercase command. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>mkdir <directory name></term>
|
||||
<listitem><para>Create a new directory on the server (user access
|
||||
privileges permitting) with the specified name. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>mput <mask></term>
|
||||
<listitem><para>Copy all files matching <replaceable>mask</replaceable> in the current working
|
||||
directory on the local machine to the current working directory on
|
||||
the server. </para>
|
||||
|
||||
<para>Note that <replaceable>mask</replaceable> is interpreted differently during recursive
|
||||
operation and non-recursive operation - refer to the recurse and mask
|
||||
commands for more information. Note that all transfers in <command>smbclient</command>
|
||||
are binary. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>print <file name></term>
|
||||
<listitem><para>Print the specified file from the local machine
|
||||
through a printable service on the server. </para>
|
||||
|
||||
<para>See also the printmode command.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>printmode <graphics or text></term>
|
||||
<listitem><para>Set the print mode to suit either binary data
|
||||
(such as graphical information) or text. Subsequent print
|
||||
commands will use the currently set print mode. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>prompt</term>
|
||||
<listitem><para>Toggle prompting for filenames during operation
|
||||
of the mget and mput commands. </para>
|
||||
|
||||
<para>When toggled ON, the user will be prompted to confirm
|
||||
the transfer of each file during these commands. When toggled
|
||||
OFF, all specified files will be transferred without prompting.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>put <local file name> [remote file name]</term>
|
||||
<listitem><para>Copy the file called <filename>local file name</filename> from the
|
||||
machine running the client to the server. If specified,
|
||||
name the remote copy <filename>remote file name</filename>. Note that all transfers
|
||||
in <command>smbclient</command> are binary. See also the lowercase command.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>queue</term>
|
||||
<listitem><para>Displays the print queue, showing the job id,
|
||||
name, size and current status. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>quit</term>
|
||||
<listitem><para>See the exit command. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>rd <directory name></term>
|
||||
<listitem><para>See the rmdir command. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>recurse</term>
|
||||
<listitem><para>Toggle directory recursion for the commands mget
|
||||
and mput. </para>
|
||||
|
||||
<para>When toggled ON, these commands will process all directories
|
||||
in the source directory (i.e., the directory they are copying
|
||||
from ) and will recurse into any that match the mask specified
|
||||
to the command. Only files that match the mask specified using
|
||||
the mask command will be retrieved. See also the mask command.
|
||||
</para>
|
||||
|
||||
<para>When recursion is toggled OFF, only files from the current
|
||||
working directory on the source machine that match the mask specified
|
||||
to the mget or mput commands will be copied, and any mask specified
|
||||
using the mask command will be ignored. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>rm <mask></term>
|
||||
<listitem><para>Remove all files matching <replaceable>mask</replaceable> from the current
|
||||
working directory on the server. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>rmdir <directory name></term>
|
||||
<listitem><para>Remove the specified directory (user access
|
||||
privileges permitting) from the server. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>setmode <filename> <perm=[+|\-]rsha></term>
|
||||
<listitem><para>A version of the DOS attrib command to set
|
||||
file permissions. For example: </para>
|
||||
|
||||
<para><command>setmode myfile +r </command></para>
|
||||
|
||||
<para>would make myfile read only. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>symlink source destination</term>
|
||||
<listitem><para>This command depends on the server supporting the CIFS
|
||||
UNIX extensions and will fail if the server does not. The client requests that the server
|
||||
create a symbolic hard link between the source and destination files. The source file
|
||||
must not exist. Note that the server will not create a link to any path that lies
|
||||
outside the currently connected share. This is enforced by the Samba server.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>tar <c|x>[IXbgNa]</term>
|
||||
<listitem><para>Performs a tar operation - see the <parameter>-T
|
||||
</parameter> command line option above. Behavior may be affected
|
||||
by the tarmode command (see below). Using g (incremental) and N
|
||||
(newer) will affect tarmode settings. Note that using the "-" option
|
||||
with tar x may not work - use the command line option instead.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>blocksize <blocksize></term>
|
||||
<listitem><para>Blocksize. Must be followed by a valid (greater
|
||||
than zero) blocksize. Causes tar file to be written out in
|
||||
<replaceable>blocksize</replaceable>*TBLOCK (usually 512 byte) blocks. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>tarmode <full|inc|reset|noreset></term>
|
||||
<listitem><para>Changes tar's behavior with regard to archive
|
||||
bits. In full mode, tar will back up everything regardless of the
|
||||
archive bit setting (this is the default mode). In incremental mode,
|
||||
tar will only back up files with the archive bit set. In reset mode,
|
||||
tar will reset the archive bit on all files it backs up (implies
|
||||
read/write share). </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>NOTES</title>
|
||||
|
||||
<para>Some servers are fussy about the case of supplied usernames,
|
||||
passwords, share names (AKA service names) and machine names.
|
||||
If you fail to connect try giving all parameters in uppercase.
|
||||
</para>
|
||||
|
||||
<para>It is often necessary to use the -n option when connecting
|
||||
to some types of servers. For example OS/2 LanManager insists
|
||||
on a valid NetBIOS name being used, so you need to supply a valid
|
||||
name that would be known to the server.</para>
|
||||
|
||||
<para>smbclient supports long file names where the server
|
||||
supports the LANMAN2 protocol or above. </para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>ENVIRONMENT VARIABLES</title>
|
||||
|
||||
<para>The variable <envar>USER</envar> may contain the
|
||||
username of the person using the client. This information is
|
||||
used only if the protocol level is high enough to support
|
||||
session-level passwords.</para>
|
||||
|
||||
|
||||
<para>The variable <envar>PASSWD</envar> may contain
|
||||
the password of the person using the client. This information is
|
||||
used only if the protocol level is high enough to support
|
||||
session-level passwords. </para>
|
||||
|
||||
<para>The variable <envar>LIBSMB_PROG</envar> may contain
|
||||
the path, executed with system(), which the client should connect
|
||||
to instead of connecting to a server. This functionality is primarily
|
||||
intended as a development aid, and works best when using a LMHOSTS
|
||||
file</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>INSTALLATION</title>
|
||||
|
||||
<para>The location of the client program is a matter for
|
||||
individual system administrators. The following are thus
|
||||
suggestions only. </para>
|
||||
|
||||
<para>It is recommended that the smbclient software be installed
|
||||
in the <filename>/usr/local/samba/bin/</filename> or <filename>
|
||||
/usr/samba/bin/</filename> directory, this directory readable
|
||||
by all, writeable only by root. The client program itself should
|
||||
be executable by all. The client should <emphasis>NOT</emphasis> be
|
||||
setuid or setgid! </para>
|
||||
|
||||
<para>The client log files should be put in a directory readable
|
||||
and writeable only by the user. </para>
|
||||
|
||||
<para>To test the client, you will need to know the name of a
|
||||
running SMB/CIFS server. It is possible to run <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> as an ordinary user - running that server as a daemon
|
||||
on a user-accessible port (typically any port number over 1024)
|
||||
would provide a suitable test server. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>DIAGNOSTICS</title>
|
||||
|
||||
<para>Most diagnostics issued by the client are logged in a
|
||||
specified log file. The log file name is specified at compile time,
|
||||
but may be overridden on the command line. </para>
|
||||
|
||||
<para>The number and nature of diagnostics available depends
|
||||
on the debug level used by the client. If you have problems,
|
||||
set the debug level to 3 and peruse the log files. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 2.2 of the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
|
||||
was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,297 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbcontrol.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbcontrol</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbcontrol</refname>
|
||||
<refpurpose>send messages to smbd, nmbd or winbindd processes</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbcontrol</command>
|
||||
<arg>-i</arg>
|
||||
<arg>-s</arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>smbcontrol</command>
|
||||
<arg>destination</arg>
|
||||
<arg>message-type</arg>
|
||||
<arg>parameter</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>smbcontrol</command> is a very small program, which
|
||||
sends messages to a <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, a <citerefentry><refentrytitle>nmbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, or a <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> daemon running on the system.</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
&stdarg.help;
|
||||
&stdarg.configfile;
|
||||
<varlistentry>
|
||||
<term>-i</term>
|
||||
<listitem><para>Run interactively. Individual commands
|
||||
of the form destination message-type parameters can be entered
|
||||
on STDIN. An empty command line or a "q" will quit the
|
||||
program.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>destination</term>
|
||||
<listitem><para>One of <parameter>nmbd</parameter>, <parameter>smbd</parameter> or a process ID.</para>
|
||||
|
||||
<para>The <parameter>smbd</parameter> destination causes the
|
||||
message to "broadcast" to all smbd daemons.</para>
|
||||
|
||||
<para>The <parameter>nmbd</parameter> destination causes the
|
||||
message to be sent to the nmbd daemon specified in the
|
||||
<filename>nmbd.pid</filename> file.</para>
|
||||
|
||||
<para>If a single process ID is given, the message is sent
|
||||
to only that process.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>message-type</term>
|
||||
<listitem><para>Type of message to send. See
|
||||
the section <constant>MESSAGE-TYPES</constant> for details.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>parameters</term>
|
||||
<listitem><para>any parameters required for the message-type</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>MESSAGE-TYPES</title>
|
||||
|
||||
<para>Available message types are:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry><term>close-share</term>
|
||||
<listitem><para>Order smbd to close the client
|
||||
connections to the named share. Note that this doesn't affect client
|
||||
connections to any other shares. This message-type takes an argument of the
|
||||
share name for which client connections will be closed, or the
|
||||
"*" character which will close all currently open shares.
|
||||
This may be useful if you made changes to the access controls on the share.
|
||||
This message can only be sent to <constant>smbd</constant>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>debug</term>
|
||||
<listitem><para>Set debug level to the value specified by the
|
||||
parameter. This can be sent to any of the destinations.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>force-election</term>
|
||||
<listitem><para>This message causes the <command>nmbd</command> daemon to
|
||||
force a new browse master election. </para>
|
||||
</listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>ping</term>
|
||||
<listitem><para>
|
||||
Send specified number of "ping" messages and
|
||||
wait for the same number of reply "pong" messages. This can be sent to
|
||||
any of the destinations.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>profile</term>
|
||||
<listitem><para>Change profile settings of a daemon, based on the
|
||||
parameter. The parameter can be "on" to turn on profile stats
|
||||
collection, "off" to turn off profile stats collection, "count"
|
||||
to enable only collection of count stats (time stats are
|
||||
disabled), and "flush" to zero the current profile stats. This can
|
||||
be sent to any smbd or nmbd destinations.</para>
|
||||
</listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>debuglevel</term>
|
||||
<listitem><para>
|
||||
Request debuglevel of a certain daemon and write it to stdout. This
|
||||
can be sent to any of the destinations.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>profilelevel</term>
|
||||
<listitem><para>
|
||||
Request profilelevel of a certain daemon and write it to stdout.
|
||||
This can be sent to any smbd or nmbd destinations.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>printnotify</term>
|
||||
<listitem><para>
|
||||
Order smbd to send a printer notify message to any Windows NT clients
|
||||
connected to a printer. This message-type takes the following arguments:
|
||||
</para>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term>queuepause printername</term>
|
||||
<listitem><para>Send a queue pause change notify
|
||||
message to the printer specified.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>queueresume printername</term>
|
||||
<listitem><para>Send a queue resume change notify
|
||||
message for the printer specified.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>jobpause printername unixjobid</term>
|
||||
<listitem><para>Send a job pause change notify
|
||||
message for the printer and unix jobid
|
||||
specified.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>jobresume printername unixjobid</term>
|
||||
<listitem><para>Send a job resume change notify
|
||||
message for the printer and unix jobid
|
||||
specified.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>jobdelete printername unixjobid</term>
|
||||
<listitem><para>Send a job delete change notify
|
||||
message for the printer and unix jobid
|
||||
specified.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>
|
||||
Note that this message only sends notification that an
|
||||
event has occured. It doesn't actually cause the
|
||||
event to happen.
|
||||
</para>
|
||||
|
||||
<para>This message can only be sent to <constant>smbd</constant>. </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>samsync</term>
|
||||
<listitem><para>Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to <constant>smbd</constant>. </para>
|
||||
<note><para>Not working at the moment</para></note>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>samrepl</term>
|
||||
<listitem><para>Send sam replication message, with specified serial. Can only be sent to <constant>smbd</constant>. Should not be used manually.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>dmalloc-mark</term>
|
||||
<listitem><para>Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>dmalloc-log-changed</term>
|
||||
<listitem><para>
|
||||
Dump the pointers that have changed since the mark set by dmalloc-mark.
|
||||
Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>shutdown</term>
|
||||
<listitem><para>Shut down specified daemon. Can be sent to both smbd and nmbd.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>pool-usage</term>
|
||||
<listitem><para>Print a human-readable description of all
|
||||
talloc(pool) memory usage by the specified daemon/process. Available
|
||||
for both smbd and nmbd.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>drvupgrade</term>
|
||||
<listitem><para>Force clients of printers using specified driver
|
||||
to update their local version of the driver. Can only be
|
||||
sent to smbd.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>reload-config</term>
|
||||
<listitem><para>Force daemon to reload smb.conf configuration file. Can be sent
|
||||
to <constant>smbd</constant>, <constant>nmbd</constant>, or <constant>winbindd</constant>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>nmbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
|
||||
Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,182 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbcquotas.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbcquotas</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbcquotas</refname>
|
||||
<refpurpose>Set or get QUOTAs of NTFS 5 shares</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbcquotas</command>
|
||||
<arg choice="req">//server/share</arg>
|
||||
<arg choice="opt">-u user</arg>
|
||||
<arg choice="opt">-L</arg>
|
||||
<arg choice="opt">-F</arg>
|
||||
<arg choice="opt">-S QUOTA_SET_COMMAND</arg>
|
||||
<arg choice="opt">-n</arg>
|
||||
<arg choice="opt">-t</arg>
|
||||
<arg choice="opt">-v</arg>
|
||||
|
||||
<arg choice="opt">-d debuglevel</arg>
|
||||
<arg choice="opt">-s configfile</arg>
|
||||
<arg choice="opt">-l logfilebase</arg>
|
||||
<arg choice="opt">-V</arg>
|
||||
|
||||
<arg choice="opt">-U username</arg>
|
||||
<arg choice="opt">-N</arg>
|
||||
<arg choice="opt">-k</arg>
|
||||
<arg choice="opt">-A</arg>
|
||||
|
||||
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para>The <command>smbcquotas</command> program manipulates NT Quotas on SMB file shares. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<para>The following options are available to the <command>smbcquotas</command> program. </para>
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-u user</term>
|
||||
<listitem><para> Specifies the user of whom the quotas are get or set.
|
||||
By default the current user's username will be used.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-L</term>
|
||||
<listitem><para>Lists all quota records of the share.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-F</term>
|
||||
<listitem><para>Show the share quota status and default limits.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-S QUOTA_SET_COMMAND</term>
|
||||
<listitem><para>This command set/modify quotas for a user or on the share,
|
||||
depending on the QUOTA_SET_COMMAND parameter witch is described later</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-n</term>
|
||||
<listitem><para>This option displays all QUOTA information in numeric
|
||||
format. The default is to convert SIDs to names and QUOTA limits
|
||||
to a readable string format. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-t</term>
|
||||
<listitem><para>
|
||||
Don't actually do anything, only validate the correctness of
|
||||
the arguments.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-v</term>
|
||||
<listitem><para>
|
||||
Be verbose.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.help;
|
||||
&popt.common.samba;
|
||||
&popt.common.credentials;
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>QUOTA_SET_COMAND</title>
|
||||
|
||||
<para>The format of an ACL is one or more ACL entries separated by
|
||||
either commas or newlines. An ACL entry is one of the following: </para>
|
||||
|
||||
<para>
|
||||
for user setting quotas for the specified by -u or the current username:
|
||||
</para>
|
||||
|
||||
<para><userinput>
|
||||
UQLIM:<username><softlimit><hardlimit>
|
||||
</userinput></para>
|
||||
|
||||
<para>
|
||||
for setting the share quota defaults limits:
|
||||
</para>
|
||||
|
||||
<para><userinput>
|
||||
FSQLIM:<softlimit><hardlimit>
|
||||
</userinput></para>
|
||||
|
||||
<para>
|
||||
for changing the share quota settings:
|
||||
</para>
|
||||
|
||||
<para><userinput>
|
||||
FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT
|
||||
</userinput></para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>EXIT STATUS</title>
|
||||
|
||||
<para>The <command>smbcquotas</command> program sets the exit status
|
||||
depending on the success or otherwise of the operations performed.
|
||||
The exit status may be one of the following values. </para>
|
||||
|
||||
<para>If the operation succeeded, smbcquotas returns an exit
|
||||
status of 0. If <command>smbcquotas</command> couldn't connect to the specified server,
|
||||
or when there was an error getting or setting the quota(s), an exit status
|
||||
of 1 is returned. If there was an error parsing any command line
|
||||
arguments, an exit status of 2 is returned. </para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para><command>smbcquotas</command> was written by Stefan Metzmacher.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,371 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbd.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbd</refname>
|
||||
<refpurpose>server to provide SMB/CIFS services to clients</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbd</command>
|
||||
<arg choice="opt">-D</arg>
|
||||
<arg choice="opt">-F</arg>
|
||||
<arg choice="opt">-S</arg>
|
||||
<arg choice="opt">-i</arg>
|
||||
<arg choice="opt">-h</arg>
|
||||
<arg choice="opt">-V</arg>
|
||||
<arg choice="opt">-b</arg>
|
||||
<arg choice="opt">-d <debug level></arg>
|
||||
<arg choice="opt">-l <log directory></arg>
|
||||
<arg choice="opt">-p <port number></arg>
|
||||
<arg choice="opt">-O <socket option></arg>
|
||||
<arg choice="opt">-s <configuration file></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
<para>This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>smbd</command> is the server daemon that
|
||||
provides filesharing and printing services to Windows clients.
|
||||
The server provides filespace and printer services to
|
||||
clients using the SMB (or CIFS) protocol. This is compatible
|
||||
with the LanManager protocol, and can service LanManager
|
||||
clients. These include MSCLIENT 3.0 for DOS, Windows for
|
||||
Workgroups, Windows 95/98/ME, Windows NT, Windows 2000,
|
||||
OS/2, DAVE for Macintosh, and smbfs for Linux.</para>
|
||||
|
||||
<para>An extensive description of the services that the
|
||||
server can provide is given in the man page for the
|
||||
configuration file controlling the attributes of those
|
||||
services (see <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>. This man page will not describe the
|
||||
services, but will concentrate on the administrative aspects
|
||||
of running the server.</para>
|
||||
|
||||
<para>Please note that there are significant security
|
||||
implications to running this server, and the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> manual page should be regarded as mandatory reading before
|
||||
proceeding with installation.</para>
|
||||
|
||||
<para>A session is created whenever a client requests one.
|
||||
Each client gets a copy of the server for each session. This
|
||||
copy then services all connections made by the client during
|
||||
that session. When all connections from its client are closed,
|
||||
the copy of the server for that client terminates.</para>
|
||||
|
||||
<para>The configuration file, and any files that it includes,
|
||||
are automatically reloaded every minute, if they change. You
|
||||
can force a reload by sending a SIGHUP to the server. Reloading
|
||||
the configuration file will not affect connections to any service
|
||||
that is already established. Either the user will have to
|
||||
disconnect from the service, or <command>smbd</command> killed and restarted.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-D</term>
|
||||
<listitem><para>If specified, this parameter causes
|
||||
the server to operate as a daemon. That is, it detaches
|
||||
itself and runs in the background, fielding requests
|
||||
on the appropriate port. Operating the server as a
|
||||
daemon is the recommended way of running <command>smbd</command> for
|
||||
servers that provide more than casual use file and
|
||||
print services. This switch is assumed if <command>smbd
|
||||
</command> is executed on the command line of a shell.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-F</term>
|
||||
<listitem><para>If specified, this parameter causes
|
||||
the main <command>smbd</command> process to not daemonize,
|
||||
i.e. double-fork and disassociate with the terminal.
|
||||
Child processes are still created as normal to service
|
||||
each connection request, but the main process does not
|
||||
exit. This operation mode is suitable for running
|
||||
<command>smbd</command> under process supervisors such
|
||||
as <command>supervise</command> and <command>svscan</command>
|
||||
from Daniel J. Bernstein's <command>daemontools</command>
|
||||
package, or the AIX process monitor.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-S</term>
|
||||
<listitem><para>If specified, this parameter causes
|
||||
<command>smbd</command> to log to standard output rather
|
||||
than a file.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-i</term>
|
||||
<listitem><para>If this parameter is specified it causes the
|
||||
server to run "interactively", not as a daemon, even if the
|
||||
server is executed on the command line of a shell. Setting this
|
||||
parameter negates the implicit deamon mode when run from the
|
||||
command line. <command>smbd</command> also logs to standard
|
||||
output, as if the <command>-S</command> parameter had been
|
||||
given.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&popt.common.samba;
|
||||
&stdarg.help;
|
||||
|
||||
<varlistentry>
|
||||
<term>-b</term>
|
||||
<listitem><para>Prints information about how
|
||||
Samba was built.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-l <log directory></term>
|
||||
<listitem><para>If specified,
|
||||
<replaceable>log directory</replaceable>
|
||||
specifies a log directory into which the "log.smbd" log
|
||||
file will be created for informational and debug
|
||||
messages from the running server. The log
|
||||
file generated is never removed by the server although
|
||||
its size may be controlled by the
|
||||
<smbconfoption><name>max log size</name></smbconfoption>
|
||||
option in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file. <emphasis>Beware:</emphasis>
|
||||
If the directory specified does not exist, <command>smbd</command>
|
||||
will log to the default debug log location defined at compile time.
|
||||
</para>
|
||||
|
||||
<para>The default log directory is specified at
|
||||
compile time.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-p <port number></term>
|
||||
<listitem><para><replaceable>port number</replaceable> is a positive integer
|
||||
value. The default value if this parameter is not
|
||||
specified is 139.</para>
|
||||
|
||||
<para>This number is the port number that will be
|
||||
used when making connections to the server from client
|
||||
software. The standard (well-known) port number for the
|
||||
SMB over TCP is 139, hence the default. If you wish to
|
||||
run the server as an ordinary user rather than
|
||||
as root, most systems will require you to use a port
|
||||
number greater than 1024 - ask your system administrator
|
||||
for help if you are in this situation.</para>
|
||||
|
||||
<para>In order for the server to be useful by most
|
||||
clients, should you configure it on a port other
|
||||
than 139, you will require port redirection services
|
||||
on port 139, details of which are outlined in rfc1002.txt
|
||||
section 4.3.5.</para>
|
||||
|
||||
<para>This parameter is not normally specified except
|
||||
in the above situation.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>FILES</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><filename>/etc/inetd.conf</filename></term>
|
||||
<listitem><para>If the server is to be run by the
|
||||
<command>inetd</command> meta-daemon, this file
|
||||
must contain suitable startup information for the
|
||||
meta-daemon.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>/etc/rc</filename></term>
|
||||
<listitem><para>or whatever initialization script your
|
||||
system uses).</para>
|
||||
|
||||
<para>If running the server as a daemon at startup,
|
||||
this file will need to contain an appropriate startup
|
||||
sequence for the server. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>/etc/services</filename></term>
|
||||
<listitem><para>If running the server via the
|
||||
meta-daemon <command>inetd</command>, this file
|
||||
must contain a mapping of service name (e.g., netbios-ssn)
|
||||
to service port (e.g., 139) and protocol type (e.g., tcp).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>/usr/local/samba/lib/smb.conf</filename></term>
|
||||
<listitem><para>This is the default location of the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> server configuration file. Other common places that systems
|
||||
install this file are <filename>/usr/samba/lib/smb.conf</filename>
|
||||
and <filename>/etc/samba/smb.conf</filename>.</para>
|
||||
|
||||
<para>This file describes all the services the server
|
||||
is to make available to clients. See <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for more information.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>LIMITATIONS</title>
|
||||
<para>On some systems <command>smbd</command> cannot change uid back
|
||||
to root after a setuid() call. Such systems are called
|
||||
trapdoor uid systems. If you have such a system,
|
||||
you will be unable to connect from a client (such as a PC) as
|
||||
two different users at once. Attempts to connect the
|
||||
second user will result in access denied or
|
||||
similar.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>ENVIRONMENT VARIABLES</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><envar>PRINTER</envar></term>
|
||||
<listitem><para>If no printer name is specified to
|
||||
printable services, most systems will use the value of
|
||||
this variable (or <constant>lp</constant> if this variable is
|
||||
not defined) as the name of the printer to use. This
|
||||
is not specific to the server, however.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>PAM INTERACTION</title>
|
||||
<para>Samba uses PAM for authentication (when presented with a plaintext
|
||||
password), for account checking (is this account disabled?) and for
|
||||
session management. The degree too which samba supports PAM is restricted
|
||||
by the limitations of the SMB protocol and the <smbconfoption><name>obey pam restrictions</name></smbconfoption> <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> paramater. When this is set, the following restrictions apply:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><emphasis>Account Validation</emphasis>: All accesses to a
|
||||
samba server are checked
|
||||
against PAM to see if the account is vaild, not disabled and is permitted to
|
||||
login at this time. This also applies to encrypted logins.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><emphasis>Session Management</emphasis>: When not using share
|
||||
level secuirty, users must pass PAM's session checks before access
|
||||
is granted. Note however, that this is bypassed in share level secuirty.
|
||||
Note also that some older pam configuration files may need a line
|
||||
added for session support.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>DIAGNOSTICS</title>
|
||||
|
||||
<para>Most diagnostics issued by the server are logged
|
||||
in a specified log file. The log file name is specified
|
||||
at compile time, but may be overridden on the command line.</para>
|
||||
|
||||
<para>The number and nature of diagnostics available depends
|
||||
on the debug level used by the server. If you have problems, set
|
||||
the debug level to 3 and peruse the log files.</para>
|
||||
|
||||
<para>Most messages are reasonably self-explanatory. Unfortunately,
|
||||
at the time this man page was created, there are too many diagnostics
|
||||
available in the source code to warrant describing each and every
|
||||
diagnostic. At this stage your best bet is still to grep the
|
||||
source code and inspect the conditions that gave rise to the
|
||||
diagnostics you are seeing.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SIGNALS</title>
|
||||
|
||||
<para>Sending the <command>smbd</command> a SIGHUP will cause it to
|
||||
reload its <filename>smb.conf</filename> configuration
|
||||
file within a short period of time.</para>
|
||||
|
||||
<para>To shut down a user's <command>smbd</command> process it is recommended
|
||||
that <command>SIGKILL (-9)</command> <emphasis>NOT</emphasis>
|
||||
be used, except as a last resort, as this may leave the shared
|
||||
memory area in an inconsistent state. The safe way to terminate
|
||||
an <command>smbd</command> is to send it a SIGTERM (-15) signal and wait for
|
||||
it to die on its own.</para>
|
||||
|
||||
<para>The debug log level of <command>smbd</command> may be raised
|
||||
or lowered using <citerefentry><refentrytitle>smbcontrol</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry> program (SIGUSR[1|2] signals are no longer
|
||||
used since Samba 2.2). This is to allow transient problems to be diagnosed,
|
||||
whilst still running at a normally low log level.</para>
|
||||
|
||||
<para>Note that as the signal handlers send a debug write,
|
||||
they are not re-entrant in <command>smbd</command>. This you should wait until
|
||||
<command>smbd</command> is in a state of waiting for an incoming SMB before
|
||||
issuing them. It is possible to make the signal handlers safe
|
||||
by un-blocking the signals before the select call and re-blocking
|
||||
them after, however this would affect performance.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>hosts_access</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>inetd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>, and the
|
||||
Internet RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>.
|
||||
In addition the CIFS (formerly SMB) specification is available
|
||||
as a link from the Web page <ulink noescape="1" url="http://samba.org/cifs/">
|
||||
http://samba.org/cifs/</ulink>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
|
||||
Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,121 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbmnt.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbmnt</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbmnt</refname>
|
||||
<refpurpose>helper utility for mounting SMB filesystems</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbmnt</command>
|
||||
<arg choice="req">mount-point</arg>
|
||||
<arg choice="opt">-s <share></arg>
|
||||
<arg choice="opt">-r</arg>
|
||||
<arg choice="opt">-u <uid></arg>
|
||||
<arg choice="opt">-g <gid></arg>
|
||||
<arg choice="opt">-f <mask></arg>
|
||||
<arg choice="opt">-d <mask></arg>
|
||||
<arg choice="opt">-o <options></arg>
|
||||
<arg choice="opt">-h</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para><command>smbmnt</command> is a helper application used
|
||||
by the smbmount program to do the actual mounting of SMB shares.
|
||||
<command>smbmnt</command> can be installed setuid root if you want
|
||||
normal users to be able to mount their SMB shares.</para>
|
||||
|
||||
<para>A setuid smbmnt will only allow mounts on directories owned
|
||||
by the user, and that the user has write permission on.</para>
|
||||
|
||||
<para>The <command>smbmnt</command> program is normally invoked
|
||||
by <citerefentry><refentrytitle>smbmount</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>. It should not be invoked directly by users. </para>
|
||||
|
||||
<para>smbmount searches the normal PATH for smbmnt. You must ensure
|
||||
that the smbmnt version in your path matches the smbmount used.</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-r</term>
|
||||
<listitem><para>mount the filesystem read-only
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-u uid</term>
|
||||
<listitem><para>specify the uid that the files will
|
||||
be owned by </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-g gid</term>
|
||||
<listitem><para>specify the gid that the files will be
|
||||
owned by </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-f mask</term>
|
||||
<listitem><para>specify the octal file mask applied
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-d mask</term>
|
||||
<listitem><para>specify the octal directory mask
|
||||
applied </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-o options</term>
|
||||
<listitem><para>
|
||||
list of options that are passed as-is to smbfs, if this
|
||||
command is run on a 2.4 or higher Linux kernel.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.help;
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield
|
||||
and others.</para>
|
||||
|
||||
<para>The current maintainer of smbfs and the userspace
|
||||
tools <command>smbmount</command>, <command>smbumount</command>,
|
||||
and <command>smbmnt</command> is <ulink
|
||||
url="mailto:urban@teststation.com">Urban Widmark</ulink>.
|
||||
The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink>
|
||||
is the preferred place to ask questions regarding these programs.
|
||||
</para>
|
||||
|
||||
<para>The conversion of this manpage for Samba 2.2 was performed
|
||||
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
|
||||
was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,336 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbmount.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbmount</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbmount</refname>
|
||||
<refpurpose>mount an smbfs filesystem</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbmount</command>
|
||||
<arg choice="req">service</arg>
|
||||
<arg choice="req">mount-point</arg>
|
||||
<arg choice="opt">-o options</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para><command>smbmount</command> mounts a Linux SMB filesystem. It
|
||||
is usually invoked as <command>mount.smbfs</command> by
|
||||
the <citerefentry><refentrytitle>mount</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> command when using the
|
||||
"-t smbfs" option. This command only works in Linux, and the kernel must
|
||||
support the smbfs filesystem. </para>
|
||||
|
||||
<para>Options to <command>smbmount</command> are specified as a comma-separated
|
||||
list of key=value pairs. It is possible to send options other
|
||||
than those listed here, assuming that smbfs supports them. If
|
||||
you get mount failures, check your kernel log for errors on
|
||||
unknown options.</para>
|
||||
|
||||
<para><command>smbmount</command> is a daemon. After mounting it keeps running until
|
||||
the mounted smbfs is umounted. It will log things that happen
|
||||
when in daemon mode using the "machine name" smbmount, so
|
||||
typically this output will end up in <filename>log.smbmount</filename>. The <command>
|
||||
smbmount</command> process may also be called mount.smbfs.</para>
|
||||
|
||||
<note><para> <command>smbmount</command>
|
||||
calls <citerefentry><refentrytitle>smbmnt</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> to do the actual mount. You
|
||||
must make sure that <command>smbmnt</command> is in the path so
|
||||
that it can be found. </para></note>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>username=<arg></term>
|
||||
<listitem><para>specifies the username to connect as. If
|
||||
this is not given, then the environment variable <envar>
|
||||
USER</envar> is used. This option can also take the
|
||||
form "user%password" or "user/workgroup" or
|
||||
"user/workgroup%password" to allow the password and workgroup
|
||||
to be specified as part of the username.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>password=<arg></term>
|
||||
<listitem><para>specifies the SMB password. If this
|
||||
option is not given then the environment variable
|
||||
<envar>PASSWD</envar> is used. If it can find
|
||||
no password <command>smbmount</command> will prompt
|
||||
for a passeword, unless the guest option is
|
||||
given. </para>
|
||||
|
||||
<para>
|
||||
Note that passwords which contain the argument delimiter
|
||||
character (i.e. a comma ',') will failed to be parsed correctly
|
||||
on the command line. However, the same password defined
|
||||
in the PASSWD environment variable or a credentials file (see
|
||||
below) will be read correctly.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>credentials=<filename></term>
|
||||
<listitem><para>specifies a file that contains a username and/or password.
|
||||
The format of the file is:
|
||||
<programlisting>
|
||||
username = <value>
|
||||
password = <value>
|
||||
</programlisting></para>
|
||||
|
||||
<para>This is preferred over having passwords in plaintext in a
|
||||
shared file, such as <filename>/etc/fstab</filename>. Be sure to protect any
|
||||
credentials file properly.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>krb</term>
|
||||
<listitem><para>Use kerberos (Active Directory). </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>netbiosname=<arg></term>
|
||||
<listitem><para>sets the source NetBIOS name. It defaults
|
||||
to the local hostname. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>uid=<arg></term>
|
||||
<listitem><para>sets the uid that will own all files on
|
||||
the mounted filesystem.
|
||||
It may be specified as either a username or a numeric uid.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>gid=<arg></term>
|
||||
<listitem><para>sets the gid that will own all files on
|
||||
the mounted filesystem.
|
||||
It may be specified as either a groupname or a numeric
|
||||
gid. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>port=<arg></term>
|
||||
<listitem><para>sets the remote SMB port number. The default
|
||||
is 139. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>fmask=<arg></term>
|
||||
<listitem><para>sets the file mask. This determines the
|
||||
permissions that remote files have in the local filesystem.
|
||||
This is not a umask, but the actual permissions for the files.
|
||||
The default is based on the current umask. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>dmask=<arg></term>
|
||||
<listitem><para>Sets the directory mask. This determines the
|
||||
permissions that remote directories have in the local filesystem.
|
||||
This is not a umask, but the actual permissions for the directories.
|
||||
The default is based on the current umask. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>debug=<arg></term>
|
||||
<listitem><para>Sets the debug level. This is useful for
|
||||
tracking down SMB connection problems. A suggested value to
|
||||
start with is 4. If set too high there will be a lot of
|
||||
output, possibly hiding the useful output.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>ip=<arg></term>
|
||||
<listitem><para>Sets the destination host or IP address.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>workgroup=<arg></term>
|
||||
<listitem><para>Sets the workgroup on the destination </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>sockopt=<arg></term>
|
||||
<listitem><para>Sets the TCP socket options. See the <ulink
|
||||
url="smb.conf.5.html#SOCKETOPTIONS"><citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry></ulink> <parameter>socket options</parameter> option.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>scope=<arg></term>
|
||||
<listitem><para>Sets the NetBIOS scope </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>guest</term>
|
||||
<listitem><para>Don't prompt for a password </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>ro</term>
|
||||
<listitem><para>mount read-only </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>rw</term><listitem><para>mount read-write </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>iocharset=<arg></term>
|
||||
<listitem><para>
|
||||
sets the charset used by the Linux side for codepage
|
||||
to charset translations (NLS). Argument should be the
|
||||
name of a charset, like iso8859-1. (Note: only kernel
|
||||
2.4.0 or later)
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>codepage=<arg></term>
|
||||
<listitem><para>
|
||||
sets the codepage the server uses. See the iocharset
|
||||
option. Example value cp850. (Note: only kernel 2.4.0
|
||||
or later)
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>ttl=<arg></term>
|
||||
<listitem><para>
|
||||
sets how long a directory listing is cached in milliseconds
|
||||
(also affects visibility of file size and date
|
||||
changes). A higher value means that changes on the
|
||||
server take longer to be noticed but it can give
|
||||
better performance on large directories, especially
|
||||
over long distances. Default is 1000ms but something
|
||||
like 10000ms (10 seconds) is probably more reasonable
|
||||
in many cases.
|
||||
(Note: only kernel 2.4.2 or later)
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>ENVIRONMENT VARIABLES</title>
|
||||
|
||||
<para>The variable <envar>USER</envar> may contain the username of the
|
||||
person using the client. This information is used only if the
|
||||
protocol level is high enough to support session-level
|
||||
passwords. The variable can be used to set both username and
|
||||
password by using the format username%password.</para>
|
||||
|
||||
<para>The variable <envar>PASSWD</envar> may contain the password of the
|
||||
person using the client. This information is used only if the
|
||||
protocol level is high enough to support session-level
|
||||
passwords.</para>
|
||||
|
||||
<para>The variable <envar>PASSWD_FILE</envar> may contain the pathname
|
||||
of a file to read the password from. A single line of input is
|
||||
read and used as the password.</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>BUGS</title>
|
||||
|
||||
<para>Passwords and other options containing , can not be handled.
|
||||
For passwords an alternative way of passing them is in a credentials
|
||||
file or in the PASSWD environment.</para>
|
||||
|
||||
<para>The credentials file does not handle usernames or passwords with
|
||||
leading space.</para>
|
||||
|
||||
<para>One smbfs bug is important enough to mention here, even if it
|
||||
is a bit misplaced:</para>
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>Mounts sometimes stop working. This is usually
|
||||
caused by smbmount terminating. Since smbfs needs smbmount to
|
||||
reconnect when the server disconnects, the mount will eventually go
|
||||
dead. An umount/mount normally fixes this. At least 2 ways to
|
||||
trigger this bug are known.</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
<para>Note that the typical response to a bug report is suggestion
|
||||
to try the latest version first. So please try doing that first,
|
||||
and always include which versions you use of relevant software
|
||||
when reporting bugs (minimum: samba, kernel, distribution)</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
|
||||
<para>Documentation/filesystems/smbfs.txt in the linux kernel
|
||||
source tree may contain additional options and information.</para>
|
||||
|
||||
<para>FreeBSD also has a smbfs, but it is not related to smbmount</para>
|
||||
|
||||
<para>For Solaris, HP-UX and others you may want to look at <citerefentry><refentrytitle>smbsh</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry> or at other solutions, such as
|
||||
Sharity or perhaps replacing the SMB server with a NFS server.</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield
|
||||
and others.</para>
|
||||
|
||||
<para>The current maintainer of smbfs and the userspace
|
||||
tools <command>smbmount</command>, <command>smbumount</command>,
|
||||
and <command>smbmnt</command> is <ulink
|
||||
url="mailto:urban@teststation.com">Urban Widmark</ulink>.
|
||||
The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink>
|
||||
is the preferred place to ask questions regarding these programs.
|
||||
</para>
|
||||
|
||||
<para>The conversion of this manpage for Samba 2.2 was performed
|
||||
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
|
||||
was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,208 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbpasswd.5">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbpasswd</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbpasswd</refname>
|
||||
<refpurpose>The Samba encrypted password file</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<para><filename>smbpasswd</filename></para>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para>smbpasswd is the Samba encrypted password file. It contains
|
||||
the username, Unix user id and the SMB hashed passwords of the
|
||||
user, as well as account flag information and the time the
|
||||
password was last changed. This file format has been evolving with
|
||||
Samba and has had several different formats in the past. </para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>FILE FORMAT</title>
|
||||
|
||||
<para>The format of the smbpasswd file used by Samba 2.2
|
||||
is very similar to the familiar Unix <filename>passwd(5)</filename>
|
||||
file. It is an ASCII file containing one line for each user. Each field
|
||||
ithin each line is separated from the next by a colon. Any entry
|
||||
beginning with '#' is ignored. The smbpasswd file contains the
|
||||
following information for each user: </para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>name</term>
|
||||
<listitem><para> This is the user name. It must be a name that
|
||||
already exists in the standard UNIX passwd file. </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>uid</term>
|
||||
<listitem><para>This is the UNIX uid. It must match the uid
|
||||
field for the same user entry in the standard UNIX passwd file.
|
||||
If this does not match then Samba will refuse to recognize
|
||||
this smbpasswd file entry as being valid for a user.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>Lanman Password Hash</term>
|
||||
<listitem><para>This is the LANMAN hash of the user's password,
|
||||
encoded as 32 hex digits. The LANMAN hash is created by DES
|
||||
encrypting a well known string with the user's password as the
|
||||
DES key. This is the same password used by Windows 95/98 machines.
|
||||
Note that this password hash is regarded as weak as it is
|
||||
vulnerable to dictionary attacks and if two users choose the
|
||||
same password this entry will be identical (i.e. the password
|
||||
is not "salted" as the UNIX password is). If the user has a
|
||||
null password this field will contain the characters "NO PASSWORD"
|
||||
as the start of the hex string. If the hex string is equal to
|
||||
32 'X' characters then the user's account is marked as
|
||||
<constant>disabled</constant> and the user will not be able to
|
||||
log onto the Samba server. </para>
|
||||
|
||||
<para><emphasis>WARNING !!</emphasis> Note that, due to
|
||||
the challenge-response nature of the SMB/CIFS authentication
|
||||
protocol, anyone with a knowledge of this password hash will
|
||||
be able to impersonate the user on the network. For this
|
||||
reason these hashes are known as <emphasis>plain text
|
||||
equivalents</emphasis> and must <emphasis>NOT</emphasis> be made
|
||||
available to anyone but the root user. To protect these passwords
|
||||
the smbpasswd file is placed in a directory with read and
|
||||
traverse access only to the root user and the smbpasswd file
|
||||
itself must be set to be read/write only by root, with no
|
||||
other access. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>NT Password Hash</term>
|
||||
<listitem><para>This is the Windows NT hash of the user's
|
||||
password, encoded as 32 hex digits. The Windows NT hash is
|
||||
created by taking the user's password as represented in
|
||||
16-bit, little-endian UNICODE and then applying the MD4
|
||||
(internet rfc1321) hashing algorithm to it. </para>
|
||||
|
||||
<para>This password hash is considered more secure than
|
||||
the LANMAN Password Hash as it preserves the case of the
|
||||
password and uses a much higher quality hashing algorithm.
|
||||
However, it is still the case that if two users choose the same
|
||||
password this entry will be identical (i.e. the password is
|
||||
not "salted" as the UNIX password is). </para>
|
||||
|
||||
<para><emphasis>WARNING !!</emphasis>. Note that, due to
|
||||
the challenge-response nature of the SMB/CIFS authentication
|
||||
protocol, anyone with a knowledge of this password hash will
|
||||
be able to impersonate the user on the network. For this
|
||||
reason these hashes are known as <emphasis>plain text
|
||||
equivalents</emphasis> and must <emphasis>NOT</emphasis> be made
|
||||
available to anyone but the root user. To protect these passwords
|
||||
the smbpasswd file is placed in a directory with read and
|
||||
traverse access only to the root user and the smbpasswd file
|
||||
itself must be set to be read/write only by root, with no
|
||||
other access. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>Account Flags</term>
|
||||
<listitem><para>This section contains flags that describe
|
||||
the attributes of the users account. In the Samba 2.2 release
|
||||
this field is bracketed by '[' and ']' characters and is always
|
||||
13 characters in length (including the '[' and ']' characters).
|
||||
The contents of this field may be any of the following characters:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><emphasis>U</emphasis> - This means
|
||||
this is a "User" account, i.e. an ordinary user. Only User
|
||||
and Workstation Trust accounts are currently supported
|
||||
in the smbpasswd file. </para></listitem>
|
||||
|
||||
<listitem><para><emphasis>N</emphasis> - This means the
|
||||
account has no password (the passwords in the fields LANMAN
|
||||
Password Hash and NT Password Hash are ignored). Note that this
|
||||
will only allow users to log on with no password if the <parameter>
|
||||
null passwords</parameter> parameter is set in the
|
||||
<citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> config file. </para></listitem>
|
||||
|
||||
<listitem><para><emphasis>D</emphasis> - This means the account
|
||||
is disabled and no SMB/CIFS logins will be allowed for this user. </para></listitem>
|
||||
|
||||
<listitem><para><emphasis>W</emphasis> - This means this account
|
||||
is a "Workstation Trust" account. This kind of account is used
|
||||
in the Samba PDC code stream to allow Windows NT Workstations
|
||||
and Servers to join a Domain hosted by a Samba PDC. </para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Other flags may be added as the code is extended in future.
|
||||
The rest of this field space is filled in with spaces. </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>Last Change Time</term>
|
||||
<listitem><para>This field consists of the time the account was
|
||||
last modified. It consists of the characters 'LCT-' (standing for
|
||||
"Last Change Time") followed by a numeric encoding of the UNIX time
|
||||
in seconds since the epoch (1970) that the last change was made.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>All other colon separated fields are ignored at this time.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>smbpasswd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>, and
|
||||
the Internet RFC1321 for details on the MD4 algorithm.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
|
||||
for Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,405 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbpasswd.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbpasswd</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbpasswd</refname>
|
||||
<refpurpose>change a user's SMB password</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbpasswd</command>
|
||||
<arg choice="opt">-a</arg>
|
||||
<arg choice="opt">-x</arg>
|
||||
<arg choice="opt">-d</arg>
|
||||
<arg choice="opt">-e</arg>
|
||||
<arg choice="opt">-D debuglevel</arg>
|
||||
<arg choice="opt">-n</arg>
|
||||
<arg choice="opt">-r <remote machine></arg>
|
||||
<arg choice="opt">-R <name resolve order></arg>
|
||||
<arg choice="opt">-m</arg>
|
||||
<arg choice="opt">-U username[%password]</arg>
|
||||
<arg choice="opt">-h</arg>
|
||||
<arg choice="opt">-s</arg>
|
||||
<arg choice="opt">-w pass</arg>
|
||||
<arg choice="opt">-i</arg>
|
||||
<arg choice="opt">-L</arg>
|
||||
<arg choice="opt">username</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para>The smbpasswd program has several different
|
||||
functions, depending on whether it is run by the <emphasis>root</emphasis> user
|
||||
or not. When run as a normal user it allows the user to change
|
||||
the password used for their SMB sessions on any machines that store
|
||||
SMB passwords. </para>
|
||||
|
||||
<para>By default (when run with no arguments) it will attempt to
|
||||
change the current user's SMB password on the local machine. This is
|
||||
similar to the way the <command>passwd(1)</command> program works. <command>
|
||||
smbpasswd</command> differs from how the passwd program works
|
||||
however in that it is not <emphasis>setuid root</emphasis> but works in
|
||||
a client-server mode and communicates with a
|
||||
locally running <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>. As a consequence in order for this to
|
||||
succeed the smbd daemon must be running on the local machine. On a
|
||||
UNIX machine the encrypted SMB passwords are usually stored in
|
||||
the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file. </para>
|
||||
|
||||
<para>When run by an ordinary user with no options, smbpasswd
|
||||
will prompt them for their old SMB password and then ask them
|
||||
for their new password twice, to ensure that the new password
|
||||
was typed correctly. No passwords will be echoed on the screen
|
||||
whilst being typed. If you have a blank SMB password (specified by
|
||||
the string "NO PASSWORD" in the smbpasswd file) then just press
|
||||
the <Enter> key when asked for your old password. </para>
|
||||
|
||||
<para>smbpasswd can also be used by a normal user to change their
|
||||
SMB password on remote machines, such as Windows NT Primary Domain
|
||||
Controllers. See the (<parameter>-r</parameter>) and <parameter>-U</parameter> options
|
||||
below. </para>
|
||||
|
||||
<para>When run by root, smbpasswd allows new users to be added
|
||||
and deleted in the smbpasswd file, as well as allows changes to
|
||||
the attributes of the user in this file to be made. When run by root, <command>
|
||||
smbpasswd</command> accesses the local smbpasswd file
|
||||
directly, thus enabling changes to be made even if smbd is not
|
||||
running. </para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-a</term>
|
||||
<listitem><para>This option specifies that the username
|
||||
following should be added to the local smbpasswd file, with the
|
||||
new password typed (type <Enter> for the old password). This
|
||||
option is ignored if the username following already exists in
|
||||
the smbpasswd file and it is treated like a regular change
|
||||
password command. Note that the default passdb backends require
|
||||
the user to already exist in the system password file (usually
|
||||
<filename>/etc/passwd</filename>), else the request to add the
|
||||
user will fail. </para>
|
||||
|
||||
<para>This option is only available when running smbpasswd
|
||||
as root. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-x</term>
|
||||
<listitem><para>This option specifies that the username
|
||||
following should be deleted from the local smbpasswd file.
|
||||
</para>
|
||||
|
||||
<para>This option is only available when running smbpasswd as
|
||||
root.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-d</term>
|
||||
<listitem><para>This option specifies that the username following
|
||||
should be <constant>disabled</constant> in the local smbpasswd
|
||||
file. This is done by writing a <constant>'D'</constant> flag
|
||||
into the account control space in the smbpasswd file. Once this
|
||||
is done all attempts to authenticate via SMB using this username
|
||||
will fail. </para>
|
||||
|
||||
<para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0
|
||||
format) there is no space in the user's password entry to write
|
||||
this information and the command will FAIL. See <citerefentry><refentrytitle>smbpasswd</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for details on the 'old' and new password file formats.
|
||||
</para>
|
||||
|
||||
<para>This option is only available when running smbpasswd as
|
||||
root.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-e</term>
|
||||
<listitem><para>This option specifies that the username following
|
||||
should be <constant>enabled</constant> in the local smbpasswd file,
|
||||
if the account was previously disabled. If the account was not
|
||||
disabled this option has no effect. Once the account is enabled then
|
||||
the user will be able to authenticate via SMB once again. </para>
|
||||
|
||||
<para>If the smbpasswd file is in the 'old' format, then <command>
|
||||
smbpasswd</command> will FAIL to enable the account.
|
||||
See <citerefentry><refentrytitle>smbpasswd</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for
|
||||
details on the 'old' and new password file formats. </para>
|
||||
|
||||
<para>This option is only available when running smbpasswd as root.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-D debuglevel</term>
|
||||
<listitem><para><replaceable>debuglevel</replaceable> is an integer
|
||||
from 0 to 10. The default value if this parameter is not specified
|
||||
is zero. </para>
|
||||
|
||||
<para>The higher this value, the more detail will be logged to the
|
||||
log files about the activities of smbpasswd. At level 0, only
|
||||
critical errors and serious warnings will be logged. </para>
|
||||
|
||||
<para>Levels above 1 will generate considerable amounts of log
|
||||
data, and should only be used when investigating a problem. Levels
|
||||
above 3 are designed for use only by developers and generate
|
||||
HUGE amounts of log data, most of which is extremely cryptic.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-n</term>
|
||||
<listitem><para>This option specifies that the username following
|
||||
should have their password set to null (i.e. a blank password) in
|
||||
the local smbpasswd file. This is done by writing the string "NO
|
||||
PASSWORD" as the first part of the first password stored in the
|
||||
smbpasswd file. </para>
|
||||
|
||||
<para>Note that to allow users to logon to a Samba server once
|
||||
the password has been set to "NO PASSWORD" in the smbpasswd
|
||||
file the administrator must set the following parameter in the [global]
|
||||
section of the <filename>smb.conf</filename> file : </para>
|
||||
|
||||
<para><command>null passwords = yes</command></para>
|
||||
|
||||
<para>This option is only available when running smbpasswd as
|
||||
root.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-r remote machine name</term>
|
||||
<listitem><para>This option allows a user to specify what machine
|
||||
they wish to change their password on. Without this parameter
|
||||
smbpasswd defaults to the local host. The <replaceable>remote
|
||||
machine name</replaceable> is the NetBIOS name of the SMB/CIFS
|
||||
server to contact to attempt the password change. This name is
|
||||
resolved into an IP address using the standard name resolution
|
||||
mechanism in all programs of the Samba suite. See the <parameter>-R
|
||||
name resolve order</parameter> parameter for details on changing
|
||||
this resolving mechanism. </para>
|
||||
|
||||
<para>The username whose password is changed is that of the
|
||||
current UNIX logged on user. See the <parameter>-U username</parameter>
|
||||
parameter for details on changing the password for a different
|
||||
username. </para>
|
||||
|
||||
<para>Note that if changing a Windows NT Domain password the
|
||||
remote machine specified must be the Primary Domain Controller for
|
||||
the domain (Backup Domain Controllers only have a read-only
|
||||
copy of the user account database and will not allow the password
|
||||
change).</para>
|
||||
|
||||
<para><emphasis>Note</emphasis> that Windows 95/98 do not have
|
||||
a real password database so it is not possible to change passwords
|
||||
specifying a Win95/98 machine as remote machine target. </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-R name resolve order</term>
|
||||
<listitem><para>This option allows the user of smbpasswd to determine
|
||||
what name resolution services to use when looking up the NetBIOS
|
||||
name of the host being connected to. </para>
|
||||
|
||||
<para>The options are :"lmhosts", "host", "wins" and "bcast". They
|
||||
cause names to be resolved as follows: </para>
|
||||
<itemizedlist>
|
||||
<listitem><para><constant>lmhosts</constant>: Lookup an IP
|
||||
address in the Samba lmhosts file. If the line in lmhosts has
|
||||
no name type attached to the NetBIOS name (see the <citerefentry><refentrytitle>lmhosts</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for details) then
|
||||
any name type matches for lookup.</para></listitem>
|
||||
|
||||
<listitem><para><constant>host</constant>: Do a standard host
|
||||
name to IP address resolution, using the system <filename>/etc/hosts
|
||||
</filename>, NIS, or DNS lookups. This method of name resolution
|
||||
is operating system depended for instance on IRIX or Solaris this
|
||||
may be controlled by the <filename>/etc/nsswitch.conf</filename>
|
||||
file). Note that this method is only used if the NetBIOS name
|
||||
type being queried is the 0x20 (server) name type, otherwise
|
||||
it is ignored.</para></listitem>
|
||||
|
||||
<listitem><para><constant>wins</constant>: Query a name with
|
||||
the IP address listed in the <parameter>wins server</parameter>
|
||||
parameter. If no WINS server has been specified this method
|
||||
will be ignored.</para></listitem>
|
||||
|
||||
<listitem><para><constant>bcast</constant>: Do a broadcast on
|
||||
each of the known local interfaces listed in the
|
||||
<parameter>interfaces</parameter> parameter. This is the least
|
||||
reliable of the name resolution methods as it depends on the
|
||||
target host being on a locally connected subnet.</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>The default order is <command>lmhosts, host, wins, bcast</command>
|
||||
and without this parameter or any entry in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file the name resolution methods will
|
||||
be attempted in this order. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-m</term>
|
||||
<listitem><para>This option tells smbpasswd that the account
|
||||
being changed is a MACHINE account. Currently this is used
|
||||
when Samba is being used as an NT Primary Domain Controller.</para>
|
||||
|
||||
<para>This option is only available when running smbpasswd as root.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-U username</term>
|
||||
<listitem><para>This option may only be used in conjunction
|
||||
with the <parameter>-r</parameter> option. When changing
|
||||
a password on a remote machine it allows the user to specify
|
||||
the user name on that machine whose password will be changed. It
|
||||
is present to allow users who have different user names on
|
||||
different systems to change these passwords. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-h</term>
|
||||
<listitem><para>This option prints the help string for <command>
|
||||
smbpasswd</command>, selecting the correct one for running as root
|
||||
or as an ordinary user. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-s</term>
|
||||
<listitem><para>This option causes smbpasswd to be silent (i.e.
|
||||
not issue prompts) and to read its old and new passwords from
|
||||
standard input, rather than from <filename>/dev/tty</filename>
|
||||
(like the <command>passwd(1)</command> program does). This option
|
||||
is to aid people writing scripts to drive smbpasswd</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-w password</term>
|
||||
<listitem><para>This parameter is only available if Samba
|
||||
has been configured to use the experimental
|
||||
<command>--with-ldapsam</command> option. The <parameter>-w</parameter>
|
||||
switch is used to specify the password to be used with the
|
||||
<smbconfoption><name>ldap admin dn</name></smbconfoption>. Note that the password is stored in
|
||||
the <filename>secrets.tdb</filename> and is keyed off
|
||||
of the admin's DN. This means that if the value of <parameter>ldap
|
||||
admin dn</parameter> ever changes, the password will need to be
|
||||
manually updated as well.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-i</term>
|
||||
<listitem><para>This option tells smbpasswd that the account
|
||||
being changed is an interdomain trust account. Currently this is used
|
||||
when Samba is being used as an NT Primary Domain Controller.
|
||||
The account contains the info about another trusted domain.</para>
|
||||
|
||||
<para>This option is only available when running smbpasswd as root.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-L</term>
|
||||
<listitem><para>Run in local mode.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>username</term>
|
||||
<listitem><para>This specifies the username for all of the
|
||||
<emphasis>root only</emphasis> options to operate on. Only root
|
||||
can specify this parameter as only root has the permission needed
|
||||
to modify attributes directly in the local smbpasswd file.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>NOTES</title>
|
||||
|
||||
<para>Since <command>smbpasswd</command> works in client-server
|
||||
mode communicating with a local smbd for a non-root user then
|
||||
the smbd daemon must be running for this to work. A common problem
|
||||
is to add a restriction to the hosts that may access the <command>
|
||||
smbd</command> running on the local machine by specifying either <parameter>allow
|
||||
hosts</parameter> or <parameter>deny hosts</parameter> entry in
|
||||
the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file and neglecting to
|
||||
allow "localhost" access to the smbd. </para>
|
||||
|
||||
<para>In addition, the smbpasswd command is only useful if Samba
|
||||
has been set up to use encrypted passwords. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>smbpasswd</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
|
||||
for Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,164 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbsh.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbsh</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbsh</refname>
|
||||
<refpurpose>Allows access to remote SMB shares
|
||||
using UNIX commands</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbsh</command>
|
||||
<arg choice="opt">-W workgroup</arg>
|
||||
<arg choice="opt">-U username</arg>
|
||||
<arg choice="opt">-P prefix</arg>
|
||||
<arg choice="opt">-R <name resolve order></arg>
|
||||
<arg choice="opt">-d <debug level></arg>
|
||||
<arg choice="opt">-l logfile</arg>
|
||||
<arg choice="opt">-L libdir</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>smbsh</command> allows you to access an NT filesystem
|
||||
using UNIX commands such as <command>ls</command>, <command>
|
||||
egrep</command>, and <command>rcp</command>. You must use a
|
||||
shell that is dynamically linked in order for <command>smbsh</command>
|
||||
to work correctly.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-W WORKGROUP</term>
|
||||
<listitem><para>Override the default workgroup specified in the
|
||||
workgroup parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file
|
||||
for this session. This may be needed to connect to some
|
||||
servers. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-U username[%pass]</term>
|
||||
<listitem><para>Sets the SMB username or username and password.
|
||||
If this option is not specified, the user will be prompted for
|
||||
both the username and the password. If %pass is not specified,
|
||||
the user will be prompted for the password.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-P prefix</term>
|
||||
<listitem><para>This option allows
|
||||
the user to set the directory prefix for SMB access. The
|
||||
default value if this option is not specified is
|
||||
<emphasis>smb</emphasis>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.configfile;
|
||||
&stdarg.debug;
|
||||
&stdarg.resolve.order;
|
||||
|
||||
<varlistentry>
|
||||
<term>-L libdir</term>
|
||||
<listitem><para>This parameter specifies the location of the
|
||||
shared libraries used by <command>smbsh</command>. The default
|
||||
value is specified at compile time.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>EXAMPLES</title>
|
||||
|
||||
<para>To use the <command>smbsh</command> command, execute <command>
|
||||
smbsh</command> from the prompt and enter the username and password
|
||||
that authenticates you to the machine running the Windows NT
|
||||
operating system.
|
||||
<programlisting>
|
||||
<prompt>system% </prompt><userinput>smbsh</userinput>
|
||||
<prompt>Username: </prompt><userinput>user</userinput>
|
||||
<prompt>Password: </prompt><userinput>XXXXXXX</userinput>
|
||||
</programlisting></para>
|
||||
|
||||
|
||||
<para>Any dynamically linked command you execute from
|
||||
this shell will access the <filename>/smb</filename> directory
|
||||
using the smb protocol. For example, the command <command>ls /smb
|
||||
</command> will show a list of workgroups. The command
|
||||
<command>ls /smb/MYGROUP </command> will show all the machines in
|
||||
the workgroup MYGROUP. The command
|
||||
<command>ls /smb/MYGROUP/<machine-name></command> will show the share
|
||||
names for that machine. You could then, for example, use the <command>
|
||||
cd</command> command to change directories, <command>vi</command> to
|
||||
edit files, and <command>rcp</command> to copy files.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>BUGS</title>
|
||||
|
||||
<para><command>smbsh</command> works by intercepting the standard
|
||||
libc calls with the dynamically loaded versions in <filename>
|
||||
smbwrapper.o</filename>. Not all calls have been "wrapped", so
|
||||
some programs may not function correctly under <command>smbsh
|
||||
</command>.</para>
|
||||
|
||||
<para>Programs which are not dynamically linked cannot make
|
||||
use of <command>smbsh</command>'s functionality. Most versions
|
||||
of UNIX have a <command>file</command> command that will
|
||||
describe how a program was linked.</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry></para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
|
||||
for Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,132 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbspool.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbspool</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbspool</refname>
|
||||
<refpurpose>send a print file to an SMB printer</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbspool</command>
|
||||
<arg choice="req">job</arg>
|
||||
<arg choice="req">user</arg>
|
||||
<arg choice="req">title</arg>
|
||||
<arg choice="req">copies</arg>
|
||||
<arg choice="req">options</arg>
|
||||
<arg choice="opt">filename</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para>smbspool is a very small print spooling program that
|
||||
sends a print file to an SMB printer. The command-line arguments
|
||||
are position-dependent for compatibility with the Common UNIX
|
||||
Printing System, but you can use smbspool with any printing system
|
||||
or from a program or script.</para>
|
||||
|
||||
<para><emphasis>DEVICE URI</emphasis></para>
|
||||
|
||||
<para>smbspool specifies the destination using a Uniform Resource
|
||||
Identifier ("URI") with a method of "smb". This string can take
|
||||
a number of forms:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>smb://server/printer</para></listitem>
|
||||
<listitem><para>smb://workgroup/server/printer</para></listitem>
|
||||
<listitem><para>smb://username:password@server/printer</para></listitem>
|
||||
<listitem><para>smb://username:password@workgroup/server/printer</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>smbspool tries to get the URI from argv[0]. If argv[0]
|
||||
contains the name of the program then it looks in the <envar>
|
||||
DEVICE_URI</envar> environment variable.</para>
|
||||
|
||||
<para>Programs using the <command>exec(2)</command> functions can
|
||||
pass the URI in argv[0], while shell scripts must set the
|
||||
<envar>DEVICE_URI</envar> environment variable prior to
|
||||
running smbspool.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>The job argument (argv[1]) contains the
|
||||
job ID number and is presently not used by smbspool.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>The user argument (argv[2]) contains the
|
||||
print user's name and is presently not used by smbspool.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>The title argument (argv[3]) contains the
|
||||
job title string and is passed as the remote file name
|
||||
when sending the print job.</para></listitem>
|
||||
|
||||
<listitem><para>The copies argument (argv[4]) contains
|
||||
the number of copies to be printed of the named file. If
|
||||
no filename is provided then this argument is not used by
|
||||
smbspool.</para></listitem>
|
||||
|
||||
<listitem><para>The options argument (argv[5]) contains
|
||||
the print options in a single string and is currently
|
||||
not used by smbspool.</para></listitem>
|
||||
|
||||
<listitem><para>The filename argument (argv[6]) contains the
|
||||
name of the file to print. If this argument is not specified
|
||||
then the print file is read from the standard input.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para><command>smbspool</command> was written by Michael Sweet
|
||||
at Easy Software Products.</para>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
|
||||
for Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,140 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbstatus.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbstatus</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbstatus</refname>
|
||||
<refpurpose>report on current Samba connections</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbstatus</command>
|
||||
<arg choice="opt">-P</arg>
|
||||
<arg choice="opt">-b</arg>
|
||||
<arg choice="opt">-d <debug level></arg>
|
||||
<arg choice="opt">-v</arg>
|
||||
<arg choice="opt">-L</arg>
|
||||
<arg choice="opt">-B</arg>
|
||||
<arg choice="opt">-p</arg>
|
||||
<arg choice="opt">-S</arg>
|
||||
<arg choice="opt">-s <configuration file></arg>
|
||||
<arg choice="opt">-u <username></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>smbstatus</command> is a very simple program to
|
||||
list the current Samba connections.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-P|--profile</term>
|
||||
<listitem><para>If samba has been compiled with the
|
||||
profiling option, print only the contents of the profiling
|
||||
shared memory area.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-b|--brief</term>
|
||||
<listitem><para>gives brief output.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&popt.common.samba;
|
||||
|
||||
<varlistentry>
|
||||
<term>-v|--verbose</term>
|
||||
<listitem><para>gives verbose output.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-L|--locks</term>
|
||||
<listitem><para>causes smbstatus to only list locks.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-B|--byterange</term>
|
||||
<listitem><para>causes smbstatus to include byte range locks.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-p|--processes</term>
|
||||
<listitem><para>print a list of <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> processes and exit.
|
||||
Useful for scripting.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-S|--shares</term>
|
||||
<listitem><para>causes smbstatus to only list shares.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.help;
|
||||
|
||||
<varlistentry>
|
||||
<term>-u|--user=<username></term>
|
||||
<listitem><para>selects information relevant to
|
||||
<parameter>username</parameter> only.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
|
||||
for Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,237 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbtar.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbtar</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbtar</refname>
|
||||
<refpurpose>shell script for backing up SMB/CIFS shares
|
||||
directly to UNIX tape drives</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbtar</command>
|
||||
<arg choice="opt">-r</arg>
|
||||
<arg choice="opt">-i</arg>
|
||||
<arg choice="opt">-a</arg>
|
||||
<arg choice="opt">-v</arg>
|
||||
<arg choice="req">-s server</arg>
|
||||
<arg choice="opt">-p password</arg>
|
||||
<arg choice="opt">-x services</arg>
|
||||
<arg choice="opt">-X</arg>
|
||||
<arg choice="opt">-N filename</arg>
|
||||
<arg choice="opt">-b blocksize</arg>
|
||||
<arg choice="opt">-d directory</arg>
|
||||
<arg choice="opt">-l loglevel</arg>
|
||||
<arg choice="opt">-u user</arg>
|
||||
<arg choice="opt">-t tape</arg>
|
||||
<arg choice="req">filenames</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>smbtar</command> is a very small shell script on top
|
||||
of <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
|
||||
</citerefentry> which dumps SMB shares directly to tape.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-s server</term>
|
||||
<listitem><para>The SMB/CIFS server that the share resides
|
||||
upon.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-x service</term>
|
||||
<listitem><para>The share name on the server to connect to.
|
||||
The default is "backup".</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-X</term>
|
||||
<listitem><para>Exclude mode. Exclude filenames... from tar
|
||||
create or restore. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-d directory</term>
|
||||
<listitem><para>Change to initial <parameter>directory
|
||||
</parameter> before restoring / backing up files. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-v</term>
|
||||
<listitem><para>Verbose mode.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-p password</term>
|
||||
<listitem><para>The password to use to access a share.
|
||||
Default: none </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-u user</term>
|
||||
<listitem><para>The user id to connect as. Default:
|
||||
UNIX login name. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-a</term>
|
||||
<listitem><para>Reset DOS archive bit mode to
|
||||
indicate file has been archived. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-t tape</term>
|
||||
<listitem><para>Tape device. May be regular file or tape
|
||||
device. Default: <parameter>$TAPE</parameter> environmental
|
||||
variable; if not set, a file called <filename>tar.out
|
||||
</filename>. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-b blocksize</term>
|
||||
<listitem><para>Blocking factor. Defaults to 20. See
|
||||
<command>tar(1)</command> for a fuller explanation. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-N filename</term>
|
||||
<listitem><para>Backup only files newer than filename. Could
|
||||
be used (for example) on a log file to implement incremental
|
||||
backups. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-i</term>
|
||||
<listitem><para>Incremental mode; tar files are only backed
|
||||
up if they have the archive bit set. The archive bit is reset
|
||||
after each file is read. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-r</term>
|
||||
<listitem><para>Restore. Files are restored to the share
|
||||
from the tar file. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-l log level</term>
|
||||
<listitem><para>Log (debug) level. Corresponds to the
|
||||
<parameter>-d</parameter> flag of <citerefentry>
|
||||
<refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
|
||||
</citerefentry>.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>ENVIRONMENT VARIABLES</title>
|
||||
|
||||
<para>The <parameter>$TAPE</parameter> variable specifies the
|
||||
default tape device to write to. May be overridden
|
||||
with the -t option. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>BUGS</title>
|
||||
|
||||
<para>The <command>smbtar</command> script has different
|
||||
options from ordinary tar and from smbclient's tar command. </para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>CAVEATS</title>
|
||||
|
||||
<para>Sites that are more careful about security may not like
|
||||
the way the script handles PC passwords. Backup and restore work
|
||||
on entire shares; should work on file lists. smbtar works best
|
||||
with GNU tar and may not work well with other versions. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>DIAGNOSTICS</title>
|
||||
|
||||
<para>See the <emphasis>DIAGNOSTICS</emphasis> section for the <citerefentry>
|
||||
<refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
|
||||
</citerefentry> command.</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, <citerefentry>
|
||||
<refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
|
||||
</citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para><ulink noescape="1" url="mailto:poultenr@logica.co.uk">Ricky Poulten</ulink>
|
||||
wrote the tar extension and this man page. The <command>smbtar</command>
|
||||
script was heavily rewritten and improved by <ulink noescape="1"
|
||||
url="mailto:Martin.Kraemer@mch.sni.de">Martin Kraemer</ulink>. Many
|
||||
thanks to everyone who suggested extensions, improvements, bug
|
||||
fixes, etc. The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
|
||||
Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,95 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbtree.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbtree</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbtree</refname>
|
||||
<refpurpose>A text based smb network browser
|
||||
</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbtree</command>
|
||||
<arg choice="opt">-b</arg>
|
||||
<arg choice="opt">-D</arg>
|
||||
<arg choice="opt">-S</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>smbtree</command> is a smb browser program
|
||||
in text mode. It is similar to the "Network Neighborhood" found
|
||||
on Windows computers. It prints a tree with all
|
||||
the known domains, the servers in those domains and
|
||||
the shares on the servers.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-b</term>
|
||||
<listitem><para>Query network nodes by sending requests
|
||||
as broadcasts instead of querying the (domain) master browser.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-D</term>
|
||||
<listitem><para>Only print a list of all
|
||||
the domains known on broadcast or by the
|
||||
master browser</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-S</term>
|
||||
<listitem><para>Only print a list of
|
||||
all the domains and servers responding on broadcast or
|
||||
known by the master browser.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&popt.common.samba;
|
||||
&popt.common.credentials;
|
||||
&stdarg.help;
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba
|
||||
suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The smbtree man page was written by Jelmer Vernooij. </para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,78 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="smbumount.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>smbumount</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>smbumount</refname>
|
||||
<refpurpose>smbfs umount for normal users</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>smbumount</command>
|
||||
<arg choice="req">mount-point</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>With this program, normal users can unmount smb-filesystems,
|
||||
provided that it is suid root. <command>smbumount</command> has
|
||||
been written to give normal Linux users more control over their
|
||||
resources. It is safe to install this program suid root, because only
|
||||
the user who has mounted a filesystem is allowed to unmount it again.
|
||||
For root it is not necessary to use smbumount. The normal umount
|
||||
program works perfectly well, but it would certainly be problematic
|
||||
to make umount setuid root.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>mount-point</term>
|
||||
<listitem><para>The directory to unmount.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
|
||||
<para><citerefentry><refentrytitle>smbmount</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry></para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield
|
||||
and others.</para>
|
||||
|
||||
<para>The current maintainer of smbfs and the userspace
|
||||
tools <command>smbmount</command>, <command>smbumount</command>,
|
||||
and <command>smbmnt</command> is <ulink
|
||||
url="mailto:urban@teststation.com">Urban Widmark</ulink>.
|
||||
The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink>
|
||||
is the preferred place to ask questions regarding these programs.
|
||||
</para>
|
||||
|
||||
<para>The conversion of this manpage for Samba 2.2 was performed
|
||||
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
|
||||
was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,227 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="swat.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>swat</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>swat</refname>
|
||||
<refpurpose>Samba Web Administration Tool</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>swat</command>
|
||||
<arg choice="opt">-s <smb config file></arg>
|
||||
<arg choice="opt">-a</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
|
||||
<para><command>swat</command> allows a Samba administrator to
|
||||
configure the complex <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file via a Web browser. In addition,
|
||||
a <command>swat</command> configuration page has help links
|
||||
to all the configurable options in the <filename>smb.conf</filename> file allowing an
|
||||
administrator to easily look up the effects of any change. </para>
|
||||
|
||||
<para><command>swat</command> is run from <command>inetd</command> </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-s smb configuration file</term>
|
||||
<listitem><para>The default configuration file path is
|
||||
determined at compile time. The file specified contains
|
||||
the configuration details required by the <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> server. This is the file
|
||||
that <command>swat</command> will modify.
|
||||
The information in this file includes server-specific
|
||||
information such as what printcap file to use, as well as
|
||||
descriptions of all the services that the server is to provide.
|
||||
See <filename>smb.conf</filename> for more information.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-a</term>
|
||||
<listitem><para>This option disables authentication and puts
|
||||
<command>swat</command> in demo mode. In that mode anyone will be able to modify
|
||||
the <filename>smb.conf</filename> file. </para>
|
||||
|
||||
<para><emphasis>WARNING: Do NOT enable this option on a production
|
||||
server. </emphasis></para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&popt.common.samba;
|
||||
&stdarg.help;
|
||||
|
||||
</variablelist>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
||||
<title>INSTALLATION</title>
|
||||
|
||||
<para>Swat is included as binary package with most distributions. The
|
||||
package manager in this case takes care of the installation and
|
||||
configuration. This section is only for those who have compiled
|
||||
swat from scratch.
|
||||
</para>
|
||||
|
||||
<para>After you compile SWAT you need to run <command>make install
|
||||
</command> to install the <command>swat</command> binary
|
||||
and the various help files and images. A default install would put
|
||||
these in: </para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>/usr/local/samba/bin/swat</para></listitem>
|
||||
<listitem><para>/usr/local/samba/swat/images/*</para></listitem>
|
||||
<listitem><para>/usr/local/samba/swat/help/*</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<refsect2>
|
||||
<title>Inetd Installation</title>
|
||||
|
||||
<para>You need to edit your <filename>/etc/inetd.conf
|
||||
</filename> and <filename>/etc/services</filename>
|
||||
to enable SWAT to be launched via <command>inetd</command>.</para>
|
||||
|
||||
<para>In <filename>/etc/services</filename> you need to
|
||||
add a line like this: </para>
|
||||
|
||||
<para><command>swat 901/tcp</command></para>
|
||||
|
||||
<para>Note for NIS/YP and LDAP users - you may need to rebuild the
|
||||
NIS service maps rather than alter your local <filename>
|
||||
/etc/services</filename> file. </para>
|
||||
|
||||
<para>the choice of port number isn't really important
|
||||
except that it should be less than 1024 and not currently
|
||||
used (using a number above 1024 presents an obscure security
|
||||
hole depending on the implementation details of your
|
||||
<command>inetd</command> daemon). </para>
|
||||
|
||||
<para>In <filename>/etc/inetd.conf</filename> you should
|
||||
add a line like this: </para>
|
||||
|
||||
<para><command>swat stream tcp nowait.400 root
|
||||
/usr/local/samba/bin/swat swat</command></para>
|
||||
|
||||
<para>One you have edited <filename>/etc/services</filename>
|
||||
and <filename>/etc/inetd.conf</filename> you need to send a
|
||||
HUP signal to inetd. To do this use <command>kill -1 PID
|
||||
</command> where PID is the process ID of the inetd daemon. </para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>LAUNCHING</title>
|
||||
|
||||
<para>To launch SWAT just run your favorite web browser and
|
||||
point it at "http://localhost:901/".</para>
|
||||
|
||||
<para>Note that you can attach to SWAT from any IP connected
|
||||
machine but connecting from a remote machine leaves your
|
||||
connection open to password sniffing as passwords will be sent
|
||||
in the clear over the wire. </para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>FILES</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><filename>/etc/inetd.conf</filename></term>
|
||||
<listitem><para>This file must contain suitable startup
|
||||
information for the meta-daemon.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>/etc/services</filename></term>
|
||||
<listitem><para>This file must contain a mapping of service name
|
||||
(e.g., swat) to service port (e.g., 901) and protocol type
|
||||
(e.g., tcp). </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>/usr/local/samba/lib/smb.conf</filename></term>
|
||||
<listitem><para>This is the default location of the <citerefentry>
|
||||
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry> server configuration file that swat edits. Other
|
||||
common places that systems install this file are <filename>
|
||||
/usr/samba/lib/smb.conf</filename> and <filename>/etc/smb.conf
|
||||
</filename>. This file describes all the services the server
|
||||
is to make available to clients. </para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>WARNINGS</title>
|
||||
|
||||
<para><command>swat</command> will rewrite your <citerefentry>
|
||||
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry> file. It will rearrange the entries and delete all
|
||||
comments, <parameter>include=</parameter> and <parameter>copy=
|
||||
</parameter> options. If you have a carefully crafted <filename>
|
||||
smb.conf</filename> then back it up or don't use swat! </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><command>inetd(5)</command>, <citerefentry>
|
||||
<refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry></para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
|
||||
Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,135 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="tdbbackup.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>tdbbackup</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>tdbbackup</refname>
|
||||
<refpurpose>tool for backing up and for validating the integrity of samba .tdb files</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>tdbbackup</command>
|
||||
<arg choice="opt">-s suffix</arg>
|
||||
<arg choice="opt">-v</arg>
|
||||
<arg choice="opt">-h</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>tdbbackup</command> is a tool that may be used to backup samba .tdb
|
||||
files. This tool may also be used to verify the integrity of the .tdb files prior
|
||||
to samba startup, in which case, if it find file damage and it finds a prior backup
|
||||
it will restore the backup file.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term>-h</term>
|
||||
<listitem><para>
|
||||
Get help information.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-s suffix</term>
|
||||
<listitem><para>
|
||||
The <command>-s</command> option allows the adminisistrator to specify a file
|
||||
backup extension. This way it is possible to keep a history of tdb backup
|
||||
files by using a new suffix for each backup.
|
||||
</para> </listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-v</term>
|
||||
<listitem><para>
|
||||
The <command>-v</command> will check the database for damages (currupt data)
|
||||
which if detected causes the backup to be restored.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>COMMANDS</title>
|
||||
|
||||
<para><emphasis>GENERAL INFORMATION</emphasis></para>
|
||||
|
||||
<para>
|
||||
The <command>tdbbackup</command> utility should be run as soon as samba has shut down.
|
||||
Do NOT run this command on a live database. Typical usage for the command will be:
|
||||
</para>
|
||||
|
||||
<para>tdbbackup [-s suffix] *.tdb</para>
|
||||
|
||||
<para>
|
||||
Before restarting samba the following command may be run to validate .tdb files:
|
||||
</para>
|
||||
|
||||
<para>tdbbackup -v [-s suffix] *.tdb</para>
|
||||
|
||||
<para>
|
||||
Samba .tdb files are stored in various locations, be sure to run backup all
|
||||
.tdb file on the system. Imporatant files includes:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<command>secrets.tdb</command> - usual location is in the /usr/local/samba/private
|
||||
directory, or on some systems in /etc/samba.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<command>passdb.tdb</command> - usual location is in the /usr/local/samba/private
|
||||
directory, or on some systems in /etc/samba.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<command>*.tdb</command> located in the /usr/local/samba/var directory or on some
|
||||
systems in the /var/cache or /var/lib/samba directories.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>
|
||||
The original Samba software and related utilities were created by Andrew Tridgell.
|
||||
Samba is now developed by the Samba Team as an Open Source project similar to the way
|
||||
the Linux kernel is developed.
|
||||
</para>
|
||||
|
||||
<para>The tdbbackup man page was written by John H Terpstra.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,191 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="testparm.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>testparm</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>testparm</refname>
|
||||
<refpurpose>check an smb.conf configuration file for
|
||||
internal correctness</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>testparm</command>
|
||||
<arg choice="opt">-s</arg>
|
||||
<arg choice="opt">-h</arg>
|
||||
<arg choice="opt">-v</arg>
|
||||
<arg choice="opt">-L <servername></arg>
|
||||
<arg choice="opt">-t <encoding></arg>
|
||||
<arg choice="req">config filename</arg>
|
||||
<arg choice="opt">hostname hostIP</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>testparm</command> is a very simple test program
|
||||
to check an <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> configuration file for
|
||||
internal correctness. If this program reports no problems, you
|
||||
can use the configuration file with confidence that <command>smbd
|
||||
</command> will successfully load the configuration file.</para>
|
||||
|
||||
|
||||
<para>Note that this is <emphasis>NOT</emphasis> a guarantee that
|
||||
the services specified in the configuration file will be
|
||||
available or will operate as expected. </para>
|
||||
|
||||
<para>If the optional host name and host IP address are
|
||||
specified on the command line, this test program will run through
|
||||
the service entries reporting whether the specified host
|
||||
has access to each service. </para>
|
||||
|
||||
<para>If <command>testparm</command> finds an error in the <filename>
|
||||
smb.conf</filename> file it returns an exit code of 1 to the calling
|
||||
program, else it returns an exit code of 0. This allows shell scripts
|
||||
to test the output from <command>testparm</command>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-s</term>
|
||||
<listitem><para>Without this option, <command>testparm</command>
|
||||
will prompt for a carriage return after printing the service
|
||||
names and before dumping the service definitions.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.help;
|
||||
&stdarg.version;
|
||||
|
||||
<varlistentry>
|
||||
<term>-L servername</term>
|
||||
<listitem><para>Sets the value of the %L macro to <replaceable>servername</replaceable>.
|
||||
This is useful for testing include files specified with the
|
||||
%L macro. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-v</term>
|
||||
<listitem><para>If this option is specified, testparm
|
||||
will also output all options that were not used in <citerefentry>
|
||||
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry> and are thus set to their defaults.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-t encoding</term>
|
||||
<listitem><para>
|
||||
Output data in specified encoding.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>configfilename</term>
|
||||
<listitem><para>This is the name of the configuration file
|
||||
to check. If this parameter is not present then the
|
||||
default <citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry> file will be checked.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>hostname</term>
|
||||
<listitem><para>If this parameter and the following are
|
||||
specified, then <command>testparm</command> will examine the <parameter>hosts
|
||||
allow</parameter> and <parameter>hosts deny</parameter>
|
||||
parameters in the <citerefentry>
|
||||
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry> file to
|
||||
determine if the hostname with this IP address would be
|
||||
allowed access to the <command>smbd</command> server. If
|
||||
this parameter is supplied, the hostIP parameter must also
|
||||
be supplied.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>hostIP</term>
|
||||
<listitem><para>This is the IP address of the host specified
|
||||
in the previous parameter. This address must be supplied
|
||||
if the hostname parameter is supplied. </para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>FILES</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry></term>
|
||||
<listitem><para>This is usually the name of the configuration
|
||||
file used by <citerefentry><refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>DIAGNOSTICS</title>
|
||||
|
||||
<para>The program will issue a message saying whether the
|
||||
configuration file loaded OK or not. This message may be preceded by
|
||||
errors and warnings if the file did not load. If the file was
|
||||
loaded OK, the program then dumps all known service details
|
||||
to stdout. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry>
|
||||
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry>, <citerefentry>
|
||||
<refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry></para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
|
||||
for Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,148 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="testprns.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>testprns</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>testprns</refname>
|
||||
<refpurpose>check printer name for validity with smbd</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>testprns</command>
|
||||
<arg choice="req">printername</arg>
|
||||
<arg choice="opt">printcapname</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>testprns</command> is a very simple test program
|
||||
to determine whether a given printer name is valid for use in
|
||||
a service to be provided by <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>.</para>
|
||||
|
||||
<para>"Valid" in this context means "can be found in the
|
||||
printcap specified". This program is very stupid - so stupid in
|
||||
fact that it would be wisest to always specify the printcap file
|
||||
to use. </para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>printername</term>
|
||||
<listitem><para>The printer name to validate.</para>
|
||||
|
||||
<para>Printer names are taken from the first field in each
|
||||
record in the printcap file, single printer names and sets
|
||||
of aliases separated by vertical bars ("|") are recognized.
|
||||
Note that no validation or checking of the printcap syntax is
|
||||
done beyond that required to extract the printer name. It may
|
||||
be that the print spooling system is more forgiving or less
|
||||
forgiving than <command>testprns</command>. However, if
|
||||
<command>testprns</command> finds the printer then <citerefentry>
|
||||
<refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry> should do so as well. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>printcapname</term>
|
||||
<listitem><para>This is the name of the printcap file within
|
||||
which to search for the given printer name. </para>
|
||||
|
||||
<para>If no printcap name is specified <command>testprns
|
||||
</command> will attempt to scan the printcap file name
|
||||
specified at compile time. </para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>FILES</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><filename>/etc/printcap</filename></term>
|
||||
<listitem><para>This is usually the default printcap
|
||||
file to scan. See <filename>printcap (5)</filename>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>DIAGNOSTICS</title>
|
||||
|
||||
<para>If a printer is found to be valid, the message
|
||||
"Printer name <printername> is valid" will be
|
||||
displayed. </para>
|
||||
|
||||
<para>If a printer is found to be invalid, the message
|
||||
"Printer name <printername> is not valid" will be
|
||||
displayed. </para>
|
||||
|
||||
<para>All messages that would normally be logged during
|
||||
operation of the Samba daemons are logged by this program to the
|
||||
file <filename>test.log</filename> in the current directory. The
|
||||
program runs at debuglevel 3, so quite extensive logging
|
||||
information is written. The log should be checked carefully
|
||||
for errors and warnings. </para>
|
||||
|
||||
<para>Other messages are self-explanatory. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><filename>printcap(5)</filename>,
|
||||
<citerefentry><refentrytitle>smbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry></para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The original Samba man pages were written by Karl Auer.
|
||||
The man page sources were converted to YODL format (another
|
||||
excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/">
|
||||
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
|
||||
release by Jeremy Allison. The conversion to DocBook for
|
||||
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
|
||||
for Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
||||
|
@ -1,152 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="vfstest.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>vfstest</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>vfstest</refname>
|
||||
<refpurpose>tool for testing samba VFS modules </refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>vfstest</command>
|
||||
<arg choice="opt">-d debuglevel</arg>
|
||||
<arg choice="opt">-c command</arg>
|
||||
<arg choice="opt">-l logfile</arg>
|
||||
<arg choice="opt">-h</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>vfstest</command> is a small command line
|
||||
utility that has the ability to test dso samba VFS modules. It gives the
|
||||
user the ability to call the various VFS functions manually and
|
||||
supports cascaded VFS modules.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term>-c|--command=command</term>
|
||||
<listitem><para>Execute the specified (colon-separated) commands.
|
||||
See below for the commands that are available.
|
||||
</para> </listitem>
|
||||
</varlistentry>
|
||||
|
||||
&stdarg.help;
|
||||
|
||||
<varlistentry>
|
||||
<term>-l|--logfile=logbasename</term>
|
||||
<listitem><para>File name for log/debug files. The extension
|
||||
<constant>'.client'</constant> will be appended. The log file is never removed
|
||||
by the client.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&popt.common.samba;
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>COMMANDS</title>
|
||||
|
||||
<para><emphasis>VFS COMMANDS</emphasis></para>
|
||||
<itemizedlist>
|
||||
<listitem><para><command>load <module.so></command> - Load specified VFS module </para></listitem>
|
||||
|
||||
<listitem><para><command>populate <char> <size></command> - Populate a data buffer with the specified data
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><command>showdata [<offset> <len>]</command> - Show data currently in data buffer
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><command>connect</command> - VFS connect()</para></listitem>
|
||||
<listitem><para><command>disconnect</command> - VFS disconnect()</para></listitem>
|
||||
<listitem><para><command>disk_free</command> - VFS disk_free()</para></listitem>
|
||||
<listitem><para><command>opendir</command> - VFS opendir()</para></listitem>
|
||||
<listitem><para><command>readdir</command> - VFS readdir()</para></listitem>
|
||||
<listitem><para><command>mkdir</command> - VFS mkdir()</para></listitem>
|
||||
<listitem><para><command>rmdir</command> - VFS rmdir()</para></listitem>
|
||||
<listitem><para><command>closedir</command> - VFS closedir()</para></listitem>
|
||||
<listitem><para><command>open</command> - VFS open()</para></listitem>
|
||||
<listitem><para><command>close</command> - VFS close()</para></listitem>
|
||||
<listitem><para><command>read</command> - VFS read()</para></listitem>
|
||||
<listitem><para><command>write</command> - VFS write()</para></listitem>
|
||||
<listitem><para><command>lseek</command> - VFS lseek()</para></listitem>
|
||||
<listitem><para><command>rename</command> - VFS rename()</para></listitem>
|
||||
<listitem><para><command>fsync</command> - VFS fsync()</para></listitem>
|
||||
<listitem><para><command>stat</command> - VFS stat()</para></listitem>
|
||||
<listitem><para><command>fstat</command> - VFS fstat()</para></listitem>
|
||||
<listitem><para><command>lstat</command> - VFS lstat()</para></listitem>
|
||||
<listitem><para><command>unlink</command> - VFS unlink()</para></listitem>
|
||||
<listitem><para><command>chmod</command> - VFS chmod()</para></listitem>
|
||||
<listitem><para><command>fchmod</command> - VFS fchmod()</para></listitem>
|
||||
<listitem><para><command>chown</command> - VFS chown()</para></listitem>
|
||||
<listitem><para><command>fchown</command> - VFS fchown()</para></listitem>
|
||||
<listitem><para><command>chdir</command> - VFS chdir()</para></listitem>
|
||||
<listitem><para><command>getwd</command> - VFS getwd()</para></listitem>
|
||||
<listitem><para><command>utime</command> - VFS utime()</para></listitem>
|
||||
<listitem><para><command>ftruncate</command> - VFS ftruncate()</para></listitem>
|
||||
<listitem><para><command>lock</command> - VFS lock()</para></listitem>
|
||||
<listitem><para><command>symlink</command> - VFS symlink()</para></listitem>
|
||||
<listitem><para><command>readlink</command> - VFS readlink()</para></listitem>
|
||||
<listitem><para><command>link</command> - VFS link()</para></listitem>
|
||||
<listitem><para><command>mknod</command> - VFS mknod()</para></listitem>
|
||||
<listitem><para><command>realpath</command> - VFS realpath()</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para><emphasis>GENERAL COMMANDS</emphasis></para>
|
||||
<itemizedlist>
|
||||
<listitem><para><command>conf <smb.conf></command> - Load a different configuration file</para></listitem>
|
||||
|
||||
<listitem><para><command>help [<command>]</command> - Get list of commands or info about specified command</para></listitem>
|
||||
|
||||
<listitem><para><command>debuglevel <level></command> - Set debug level</para></listitem>
|
||||
|
||||
<listitem><para><command>freemem</command> - Free memory currently in use</para></listitem>
|
||||
|
||||
<listitem><para><command>exit</command> - Exit vfstest</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of the Samba
|
||||
suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para>The vfstest man page was written by Jelmer Vernooij.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,325 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="wbinfo.1">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>wbinfo</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>wbinfo</refname>
|
||||
<refpurpose>Query information from winbind daemon</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>wbinfo</command>
|
||||
<arg choice="opt">-a user%password</arg>
|
||||
<arg choice="opt">-c username</arg>
|
||||
<arg choice="opt">-C groupname</arg>
|
||||
<arg choice="opt">--domain domain</arg>
|
||||
<arg choice="opt">-I ip</arg>
|
||||
<arg choice="opt">-s sid</arg>
|
||||
<arg choice="opt">-u</arg>
|
||||
<arg choice="opt">-U uid</arg>
|
||||
<arg choice="opt">-g</arg>
|
||||
<arg choice="opt">--get-auth-user</arg>
|
||||
<arg choice="opt">-G gid</arg>
|
||||
<arg choice="opt">-m</arg>
|
||||
<arg choice="opt">-n name</arg>
|
||||
<arg choice="opt">-N netbios-name</arg>
|
||||
<arg choice="opt">-o user:group</arg>
|
||||
<arg choice="opt">-O user:group</arg>
|
||||
<arg choice="opt">-p</arg>
|
||||
<arg choice="opt">-r user</arg>
|
||||
<arg choice="opt">--set-auth-user user%password</arg>
|
||||
<arg choice="opt">--sequence</arg>
|
||||
<arg choice="opt">-S sid</arg>
|
||||
<arg choice="opt">-t</arg>
|
||||
<arg choice="opt">-x username</arg>
|
||||
<arg choice="opt">-X groupname</arg>
|
||||
<arg choice="opt">-Y sid</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para>The <command>wbinfo</command> program queries and returns information
|
||||
created and used by the <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> daemon. </para>
|
||||
|
||||
<para>The <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> daemon must be configured
|
||||
and running for the <command>wbinfo</command> program to be able
|
||||
to return information.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-a username%password</term>
|
||||
<listitem><para>Attempt to authenticate a user via winbindd.
|
||||
This checks both authenticaion methods and reports its results.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-c user</term>
|
||||
<listitem><para>Create a local winbind user.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-C group</term>
|
||||
<listitem><para>Create a local winbindd group.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--domain name</term>
|
||||
<listitem><para>This parameter sets the domain on which any specified
|
||||
operations will performed. If special domain name '.' is used to represent
|
||||
the current domain to which winbindd belongs. Currently only the
|
||||
<option>--sequence</option>,
|
||||
<option>-u</option>, and <option>-g</option> options honor this parameter.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-g</term>
|
||||
<listitem><para>This option will list all groups available
|
||||
in the Windows NT domain for which the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> daemon is operating in. Groups in all trusted domains
|
||||
will also be listed. Note that this operation does not assign
|
||||
group ids to any groups that have not already been
|
||||
seen by <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--get-auth-user</term>
|
||||
<listitem><para>Print username and password used by winbindd
|
||||
during session setup to a domain controller. Username
|
||||
and password can be set using '-A'. Only available for
|
||||
root.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-G gid</term>
|
||||
<listitem><para>Try to convert a UNIX group id to a Windows
|
||||
NT SID. If the gid specified does not refer to one within
|
||||
the idmap gid range then the operation will fail. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-I ip</term>
|
||||
<listitem><para>The <parameter>-I</parameter> option
|
||||
queries <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> to send a node status
|
||||
request to get the NetBIOS name associated with the IP address
|
||||
specified by the <parameter>ip</parameter> parameter.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-m</term>
|
||||
<listitem><para>Produce a list of domains trusted by the
|
||||
Windows NT server <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> contacts
|
||||
when resolving names. This list does not include the Windows
|
||||
NT domain the server is a Primary Domain Controller for.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-n name</term>
|
||||
<listitem><para>The <parameter>-n</parameter> option
|
||||
queries <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> for the SID
|
||||
associated with the name specified. Domain names can be specified
|
||||
before the user name by using the winbind separator character.
|
||||
For example CWDOM1/Administrator refers to the Administrator
|
||||
user in the domain CWDOM1. If no domain is specified then the
|
||||
domain used is the one specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> <parameter>workgroup
|
||||
</parameter> parameter. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-N name</term>
|
||||
<listitem><para>The <parameter>-N</parameter> option
|
||||
queries <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> to query the WINS
|
||||
server for the IP address associated with the NetBIOS name
|
||||
specified by the <parameter>name</parameter> parameter.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-o user:group</term>
|
||||
<listitem><para>Add a winbindd local group as a secondary group
|
||||
for the specified winbindd local user.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-O user:group</term>
|
||||
<listitem><para>Remove a winbindd local group as a secondary group
|
||||
for the specified winbindd local user.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-p</term>
|
||||
<listitem><para>Check whether winbindd is still alive.
|
||||
Prints out either 'succeeded' or 'failed'.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-r username</term>
|
||||
<listitem><para>Try to obtain the list of UNIX group ids
|
||||
to which the user belongs. This only works for users
|
||||
defined on a Domain Controller.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-s sid</term>
|
||||
<listitem><para>Use <parameter>-s</parameter> to resolve
|
||||
a SID to a name. This is the inverse of the <parameter>-n
|
||||
</parameter> option above. SIDs must be specified as ASCII strings
|
||||
in the traditional Microsoft format. For example,
|
||||
S-1-5-21-1455342024-3071081365-2475485837-500. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--set-auth-user username%password</term>
|
||||
<listitem><para>Store username and password used by winbindd
|
||||
during session setup to a domain controller. This enables
|
||||
winbindd to operate in a Windows 2000 domain with Restrict
|
||||
Anonymous turned on (a.k.a. Permissions compatiable with
|
||||
Windows 2000 servers only).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--sequence</term>
|
||||
<listitem><para>Show sequence numbers of
|
||||
all known domains</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-S sid</term>
|
||||
<listitem><para>Convert a SID to a UNIX user id. If the SID
|
||||
does not correspond to a UNIX user mapped by <citerefentry>
|
||||
<refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry> then the operation will fail. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-t</term>
|
||||
<listitem><para>Verify that the workstation trust account
|
||||
created when the Samba server is added to the Windows NT
|
||||
domain is working. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-u</term>
|
||||
<listitem><para>This option will list all users available
|
||||
in the Windows NT domain for which the <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> daemon is operating in. Users in all trusted domains
|
||||
will also be listed. Note that this operation does not assign
|
||||
user ids to any users that have not already been seen by <citerefentry>
|
||||
<refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-U uid</term>
|
||||
<listitem><para>Try to convert a UNIX user id to a Windows NT
|
||||
SID. If the uid specified does not refer to one within
|
||||
the idmap uid range then the operation will fail. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-x user</term>
|
||||
<listitem><para>Delete an existing local winbind user.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-X group</term>
|
||||
<listitem><para>Delete an existing local winbindd group.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-Y sid</term>
|
||||
<listitem><para>Convert a SID to a UNIX group id. If the SID
|
||||
does not correspond to a UNIX group mapped by <citerefentry>
|
||||
<refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> then
|
||||
the operation will fail. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
&stdarg.version;
|
||||
&stdarg.help;
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>EXIT STATUS</title>
|
||||
|
||||
<para>The wbinfo program returns 0 if the operation
|
||||
succeeded, or 1 if the operation failed. If the <citerefentry>
|
||||
<refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry> daemon is not working <command>wbinfo</command> will always return
|
||||
failure. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
<para><citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry></para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para><command>wbinfo</command> and <command>winbindd</command>
|
||||
were written by Tim Potter.</para>
|
||||
|
||||
<para>The conversion to DocBook for Samba 2.2 was done
|
||||
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba
|
||||
3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,458 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
|
||||
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||
]>
|
||||
<refentry id="winbindd.8">
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>winbindd</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
|
||||
<refnamediv>
|
||||
<refname>winbindd</refname>
|
||||
<refpurpose>Name Service Switch daemon for resolving names
|
||||
from NT servers</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>winbindd</command>
|
||||
<arg choice="opt">-F</arg>
|
||||
<arg choice="opt">-S</arg>
|
||||
<arg choice="opt">-i</arg>
|
||||
<arg choice="opt">-Y</arg>
|
||||
<arg choice="opt">-d <debug level></arg>
|
||||
<arg choice="opt">-s <smb config file></arg>
|
||||
<arg choice="opt">-n</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>DESCRIPTION</title>
|
||||
|
||||
<para>This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||
|
||||
<para><command>winbindd</command> is a daemon that provides
|
||||
a service for the Name Service Switch capability that is present
|
||||
in most modern C libraries. The Name Service Switch allows user
|
||||
and system information to be obtained from different databases
|
||||
services such as NIS or DNS. The exact behaviour can be configured
|
||||
throught the <filename>/etc/nsswitch.conf</filename> file.
|
||||
Users and groups are allocated as they are resolved to a range
|
||||
of user and group ids specified by the administrator of the
|
||||
Samba system.</para>
|
||||
|
||||
<para>The service provided by <command>winbindd</command> is called `winbind' and
|
||||
can be used to resolve user and group information from a
|
||||
Windows NT server. The service can also provide authentication
|
||||
services via an associated PAM module. </para>
|
||||
|
||||
<para>
|
||||
The <filename>pam_winbind</filename> module in the 2.2.2 release only
|
||||
supports the <parameter>auth</parameter> and <parameter>account</parameter>
|
||||
module-types. The latter simply
|
||||
performs a getpwnam() to verify that the system can obtain a uid for the
|
||||
user. If the <filename>libnss_winbind</filename> library has been correctly
|
||||
installed, this should always succeed.
|
||||
</para>
|
||||
|
||||
<para>The following nsswitch databases are implemented by
|
||||
the winbindd service: </para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>hosts</term>
|
||||
<listitem><para>User information traditionally stored in
|
||||
the <filename>hosts(5)</filename> file and used by
|
||||
<command>gethostbyname(3)</command> functions. Names are
|
||||
resolved through the WINS server or by broadcast.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>passwd</term>
|
||||
<listitem><para>User information traditionally stored in
|
||||
the <filename>passwd(5)</filename> file and used by
|
||||
<command>getpwent(3)</command> functions. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>group</term>
|
||||
<listitem><para>Group information traditionally stored in
|
||||
the <filename>group(5)</filename> file and used by
|
||||
<command>getgrent(3)</command> functions. </para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>For example, the following simple configuration in the
|
||||
<filename>/etc/nsswitch.conf</filename> file can be used to initially
|
||||
resolve user and group information from <filename>/etc/passwd
|
||||
</filename> and <filename>/etc/group</filename> and then from the
|
||||
Windows NT server.
|
||||
<programlisting>
|
||||
passwd: files winbind
|
||||
group: files winbind
|
||||
</programlisting></para>
|
||||
|
||||
<para>The following simple configuration in the
|
||||
<filename>/etc/nsswitch.conf</filename> file can be used to initially
|
||||
resolve hostnames from <filename>/etc/hosts</filename> and then from the
|
||||
WINS server.</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>OPTIONS</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-F</term>
|
||||
<listitem><para>If specified, this parameter causes
|
||||
the main <command>winbindd</command> process to not daemonize,
|
||||
i.e. double-fork and disassociate with the terminal.
|
||||
Child processes are still created as normal to service
|
||||
each connection request, but the main process does not
|
||||
exit. This operation mode is suitable for running
|
||||
<command>winbindd</command> under process supervisors such
|
||||
as <command>supervise</command> and <command>svscan</command>
|
||||
from Daniel J. Bernstein's <command>daemontools</command>
|
||||
package, or the AIX process monitor.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-S</term>
|
||||
<listitem><para>If specified, this parameter causes
|
||||
<command>winbindd</command> to log to standard output rather
|
||||
than a file.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
&popt.common.samba;
|
||||
&stdarg.help;
|
||||
|
||||
<varlistentry>
|
||||
<term>-i</term>
|
||||
<listitem><para>Tells <command>winbindd</command> to not
|
||||
become a daemon and detach from the current terminal. This
|
||||
option is used by developers when interactive debugging
|
||||
of <command>winbindd</command> is required.
|
||||
<command>winbindd</command> also logs to standard output,
|
||||
as if the <command>-S</command> parameter had been given.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-n</term>
|
||||
<listitem><para>Disable caching. This means winbindd will
|
||||
always have to wait for a response from the domain controller
|
||||
before it can respond to a client and this thus makes things
|
||||
slower. The results will however be more accurate, since
|
||||
results from the cache might not be up-to-date. This
|
||||
might also temporarily hang winbindd if the DC doesn't respond.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-Y</term>
|
||||
<listitem><para>Single daemon mode. This means winbindd will run
|
||||
as a single process (the mode of operation in Samba 2.2). Winbindd's
|
||||
default behavior is to launch a child process that is responsible for
|
||||
updating expired cache entries.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>NAME AND ID RESOLUTION</title>
|
||||
|
||||
<para>Users and groups on a Windows NT server are assigned
|
||||
a relative id (rid) which is unique for the domain when the
|
||||
user or group is created. To convert the Windows NT user or group
|
||||
into a unix user or group, a mapping between rids and unix user
|
||||
and group ids is required. This is one of the jobs that <command>
|
||||
winbindd</command> performs. </para>
|
||||
|
||||
<para>As winbindd users and groups are resolved from a server, user
|
||||
and group ids are allocated from a specified range. This
|
||||
is done on a first come, first served basis, although all existing
|
||||
users and groups will be mapped as soon as a client performs a user
|
||||
or group enumeration command. The allocated unix ids are stored
|
||||
in a database file under the Samba lock directory and will be
|
||||
remembered. </para>
|
||||
|
||||
<para>WARNING: The rid to unix id database is the only location
|
||||
where the user and group mappings are stored by winbindd. If this
|
||||
file is deleted or corrupted, there is no way for winbindd to
|
||||
determine which user and group ids correspond to Windows NT user
|
||||
and group rids. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>CONFIGURATION</title>
|
||||
|
||||
<para>Configuration of the <command>winbindd</command> daemon
|
||||
is done through configuration parameters in the <citerefentry>
|
||||
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry> file. All parameters should be specified in the
|
||||
[global] section of smb.conf. </para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<smbconfoption><name>winbind separator</name></smbconfoption></para></listitem>
|
||||
<listitem><para>
|
||||
<smbconfoption><name>idmap uid</name></smbconfoption></para></listitem>
|
||||
<listitem><para>
|
||||
<smbconfoption><name>idmap gid</name></smbconfoption></para></listitem>
|
||||
<listitem><para>
|
||||
<smbconfoption><name>winbind cache time</name></smbconfoption></para></listitem>
|
||||
<listitem><para>
|
||||
<smbconfoption><name>winbind enum users</name></smbconfoption></para></listitem>
|
||||
<listitem><para>
|
||||
<smbconfoption><name>winbind enum groups</name></smbconfoption></para></listitem>
|
||||
<listitem><para>
|
||||
<smbconfoption><name>template homedir</name></smbconfoption></para></listitem>
|
||||
<listitem><para>
|
||||
<smbconfoption><name>template shell</name></smbconfoption></para></listitem>
|
||||
<listitem><para>
|
||||
<smbconfoption><name>winbind use default domain</name></smbconfoption></para></listitem>
|
||||
</itemizedlist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>EXAMPLE SETUP</title>
|
||||
|
||||
<para>To setup winbindd for user and group lookups plus
|
||||
authentication from a domain controller use something like the
|
||||
following setup. This was tested on a RedHat 6.2 Linux box. </para>
|
||||
|
||||
<para>In <filename>/etc/nsswitch.conf</filename> put the
|
||||
following:
|
||||
<programlisting>
|
||||
passwd: files winbind
|
||||
group: files winbind
|
||||
</programlisting></para>
|
||||
|
||||
<para>In <filename>/etc/pam.d/*</filename> replace the <parameter>
|
||||
auth</parameter> lines with something like this:
|
||||
<programlisting>
|
||||
auth required /lib/security/pam_securetty.so
|
||||
auth required /lib/security/pam_nologin.so
|
||||
auth sufficient /lib/security/pam_winbind.so
|
||||
auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
|
||||
</programlisting></para>
|
||||
|
||||
|
||||
<para>Note in particular the use of the <parameter>sufficient
|
||||
</parameter> keyword and the <parameter>use_first_pass</parameter> keyword. </para>
|
||||
|
||||
<para>Now replace the account lines with this: </para>
|
||||
|
||||
<para><command>account required /lib/security/pam_winbind.so
|
||||
</command></para>
|
||||
|
||||
<para>The next step is to join the domain. To do that use the
|
||||
<command>net</command> program like this: </para>
|
||||
|
||||
<para><command>net join -S PDC -U Administrator</command></para>
|
||||
|
||||
<para>The username after the <parameter>-U</parameter> can be any
|
||||
Domain user that has administrator privileges on the machine.
|
||||
Substitute the name or IP of your PDC for "PDC".</para>
|
||||
|
||||
<para>Next copy <filename>libnss_winbind.so</filename> to
|
||||
<filename>/lib</filename> and <filename>pam_winbind.so
|
||||
</filename> to <filename>/lib/security</filename>. A symbolic link needs to be
|
||||
made from <filename>/lib/libnss_winbind.so</filename> to
|
||||
<filename>/lib/libnss_winbind.so.2</filename>. If you are using an
|
||||
older version of glibc then the target of the link should be
|
||||
<filename>/lib/libnss_winbind.so.1</filename>.</para>
|
||||
|
||||
<para>Finally, setup a <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> containing directives like the
|
||||
following:
|
||||
<programlisting>
|
||||
[global]
|
||||
winbind separator = +
|
||||
winbind cache time = 10
|
||||
template shell = /bin/bash
|
||||
template homedir = /home/%D/%U
|
||||
idmap uid = 10000-20000
|
||||
idmap gid = 10000-20000
|
||||
workgroup = DOMAIN
|
||||
security = domain
|
||||
password server = *
|
||||
</programlisting></para>
|
||||
|
||||
|
||||
<para>Now start winbindd and you should find that your user and
|
||||
group database is expanded to include your NT users and groups,
|
||||
and that you can login to your unix box as a domain user, using
|
||||
the DOMAIN+user syntax for the username. You may wish to use the
|
||||
commands <command>getent passwd</command> and <command>getent group
|
||||
</command> to confirm the correct operation of winbindd.</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>NOTES</title>
|
||||
|
||||
<para>The following notes are useful when configuring and
|
||||
running <command>winbindd</command>: </para>
|
||||
|
||||
<para><citerefentry><refentrytitle>nmbd</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> must be running on the local machine
|
||||
for <command>winbindd</command> to work. <command>winbindd</command> queries
|
||||
the list of trusted domains for the Windows NT server
|
||||
on startup and when a SIGHUP is received. Thus, for a running <command>
|
||||
winbindd</command> to become aware of new trust relationships between
|
||||
servers, it must be sent a SIGHUP signal. </para>
|
||||
|
||||
<para>PAM is really easy to misconfigure. Make sure you know what
|
||||
you are doing when modifying PAM configuration files. It is possible
|
||||
to set up PAM such that you can no longer log into your system. </para>
|
||||
|
||||
<para>If more than one UNIX machine is running <command>winbindd</command>,
|
||||
then in general the user and groups ids allocated by winbindd will not
|
||||
be the same. The user and group ids will only be valid for the local
|
||||
machine.</para>
|
||||
|
||||
<para>If the the Windows NT RID to UNIX user and group id mapping
|
||||
file is damaged or destroyed then the mappings will be lost. </para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>SIGNALS</title>
|
||||
|
||||
<para>The following signals can be used to manipulate the
|
||||
<command>winbindd</command> daemon. </para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>SIGHUP</term>
|
||||
<listitem><para>Reload the <citerefentry><refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> file and
|
||||
apply any parameter changes to the running
|
||||
version of winbindd. This signal also clears any cached
|
||||
user and group information. The list of other domains trusted
|
||||
by winbindd is also reloaded. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>SIGUSR2</term>
|
||||
<listitem><para>The SIGUSR2 signal will cause <command>
|
||||
winbindd</command> to write status information to the winbind
|
||||
log file including information about the number of user and
|
||||
group ids allocated by <command>winbindd</command>.</para>
|
||||
|
||||
<para>Log files are stored in the filename specified by the
|
||||
log file parameter.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>FILES</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><filename>/etc/nsswitch.conf(5)</filename></term>
|
||||
<listitem><para>Name service switch configuration file.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>/tmp/.winbindd/pipe</term>
|
||||
<listitem><para>The UNIX pipe over which clients communicate with
|
||||
the <command>winbindd</command> program. For security reasons, the
|
||||
winbind client will only attempt to connect to the winbindd daemon
|
||||
if both the <filename>/tmp/.winbindd</filename> directory
|
||||
and <filename>/tmp/.winbindd/pipe</filename> file are owned by
|
||||
root. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>$LOCKDIR/winbindd_privilaged/pipe</term>
|
||||
<listitem><para>The UNIX pipe over which 'privilaged' clients
|
||||
communicate with the <command>winbindd</command> program. For security
|
||||
reasons, access to some winbindd functions - like those needed by
|
||||
the <command>ntlm_auth</command> utility - is restricted. By default,
|
||||
only users in the 'root' group will get this access, however the administrator
|
||||
may change the group permissions on $LOCKDIR/winbindd_privilaged to allow
|
||||
programs like 'squid' to use ntlm_auth.
|
||||
Note that the winbind client will only attempt to connect to the winbindd daemon
|
||||
if both the <filename>$LOCKDIR/winbindd_privilaged</filename> directory
|
||||
and <filename>$LOCKDIR/winbindd_privilaged/pipe</filename> file are owned by
|
||||
root. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>/lib/libnss_winbind.so.X</term>
|
||||
<listitem><para>Implementation of name service switch library.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>$LOCKDIR/winbindd_idmap.tdb</term>
|
||||
<listitem><para>Storage for the Windows NT rid to UNIX user/group
|
||||
id mapping. The lock directory is specified when Samba is initially
|
||||
compiled using the <parameter>--with-lockdir</parameter> option.
|
||||
This directory is by default <filename>/usr/local/samba/var/locks
|
||||
</filename>. </para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>$LOCKDIR/winbindd_cache.tdb</term>
|
||||
<listitem><para>Storage for cached user and group information.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
||||
<refsect1>
|
||||
<title>VERSION</title>
|
||||
|
||||
<para>This man page is correct for version 3.0 of
|
||||
the Samba suite.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>SEE ALSO</title>
|
||||
|
||||
<para><filename>nsswitch.conf(5)</filename>, <citerefentry>
|
||||
<refentrytitle>Samba</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>, <citerefentry>
|
||||
<refentrytitle>wbinfo</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>, <citerefentry>
|
||||
<refentrytitle>smb.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry></para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>AUTHOR</title>
|
||||
|
||||
<para>The original Samba software and related utilities
|
||||
were created by Andrew Tridgell. Samba is now developed
|
||||
by the Samba Team as an Open Source project similar
|
||||
to the way the Linux kernel is developed.</para>
|
||||
|
||||
<para><command>wbinfo</command> and <command>winbindd</command> were
|
||||
written by Tim Potter.</para>
|
||||
|
||||
<para>The conversion to DocBook for Samba 2.2 was done
|
||||
by Gerald Carter. The conversion to DocBook XML 4.2 for
|
||||
Samba 3.0 was done by Alexander Bokovoy.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1 +0,0 @@
|
||||
attributions.xml
|
File diff suppressed because it is too large
Load Diff
@ -1,348 +0,0 @@
|
||||
<chapter id="AdvancedNetworkManagement">
|
||||
<chapterinfo>
|
||||
&author.jht;
|
||||
<pubdate>April 3 2003</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>Advanced Network Management</title>
|
||||
|
||||
<para>
|
||||
This section documents peripheral issues that are of great importance to network
|
||||
administrators who want to improve network resource access control, to automate the user
|
||||
environment and to make their lives a little easier.
|
||||
</para>
|
||||
|
||||
<sect1>
|
||||
<title>Features and Benefits</title>
|
||||
|
||||
<para>
|
||||
Often the difference between a working network environment and a well appreciated one can
|
||||
best be measured by the <emphasis>little things</emphasis> that make everything work more
|
||||
harmoniously. A key part of every network environment solution is the
|
||||
ability to remotely
|
||||
manage MS Windows workstations, remotely access the Samba server, provide customized
|
||||
logon scripts, as well as other housekeeping activities that help to sustain more reliable
|
||||
network operations.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This chapter presents information on each of these areas. They are placed here, and not in
|
||||
other chapters, for ease of reference.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Remote Server Administration</title>
|
||||
|
||||
|
||||
<para><quote>How do I get `User Manager' and `Server Manager'?</quote></para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>User Manager</primary></indexterm>
|
||||
<indexterm><primary>Server Manager</primary></indexterm>
|
||||
<indexterm><primary>Event Viewer</primary></indexterm>
|
||||
Since I do not need to buy an <application>NT4 Server</application>, how do I get the `User Manager for Domains'
|
||||
and the `Server Manager'?
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Nexus.exe</primary></indexterm>
|
||||
Microsoft distributes a version of these tools called <filename>Nexus.exe</filename> for installation
|
||||
on <application>Windows 9x/Me</application> systems. The tools set includes:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>Server Manager</para></listitem>
|
||||
<listitem><para>User Manager for Domains</para></listitem>
|
||||
<listitem><para>Event Viewer</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
Download the archived file at <ulink noescape="1" url="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE.</ulink>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>SRVTOOLS.EXE</primary></indexterm>
|
||||
The <application>Windows NT 4.0</application> version of the `User Manager for
|
||||
Domains' and `Server Manager' are available from Microsoft <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">via ftp</ulink>.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Remote Desktop Management</title>
|
||||
|
||||
<para>
|
||||
There are a number of possible remote desktop management solutions that range from free
|
||||
through costly. Do not let that put you off. Sometimes the most costly solution is the
|
||||
most cost effective. In any case, you will need to draw your own conclusions as to which
|
||||
is the best tool in your network environment.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Remote Management from NoMachine.Com</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>NoMachine.Com</primary></indexterm>
|
||||
The following information was posted to the Samba mailing list at Apr 3 23:33:50 GMT 2003.
|
||||
It is presented in slightly edited form (with author details omitted for privacy reasons).
|
||||
The entire answer is reproduced below with some comments removed.
|
||||
</para>
|
||||
|
||||
<para><quote>
|
||||
I have a wonderful Linux/Samba server running as pdc for a network. Now I would like to add remote
|
||||
desktop capabilities so users outside could login to the system and get their desktop up from home or
|
||||
another country.
|
||||
</quote></para>
|
||||
|
||||
<para><quote>
|
||||
Is there a way to accomplish this? Do I need a Windows Terminal Server? Do I need to configure it so
|
||||
it is a member of the domain or a BDC,PDC? Are there any hacks for MS Windows XP to enable remote login
|
||||
even if the computer is in a domain?
|
||||
</quote></para>
|
||||
|
||||
<para>
|
||||
Answer provided: Check out the new offer from NoMachine, <quote>NX</quote> software:
|
||||
<ulink noescape="1" url="http://www.nomachine.com/">http://www.nomachine.com/</ulink>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It implements an easy-to-use interface to the Remote X protocol as
|
||||
well as incorporating VNC/RFB and rdesktop/RDP into it, but at a speed
|
||||
performance much better than anything you may have ever seen.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Remote X is not new at all, but what they did achieve successfully is
|
||||
a new way of compression and caching technologies that makes the thing
|
||||
fast enough to run even over slow modem/ISDN connections.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
I could test drive their (public) Red Hat machine in Italy, over a loaded
|
||||
Internet connection, with enabled thumbnail previews in KDE konqueror
|
||||
which popped up immediately on <quote>mouse-over</quote>. From inside that (remote X)
|
||||
session I started a rdesktop session on another, a Windows XP machine.
|
||||
To test the performance, I played Pinball. I am proud to announce
|
||||
that my score was 631750 points at first try.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
NX performs better on my local LAN than any of the other <quote>pure</quote>
|
||||
connection methods I am using from time to time: TightVNC, rdesktop or
|
||||
Remote X. It is even faster than a direct crosslink connection between
|
||||
two nodes.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
I even got sound playing from the Remote X app to my local boxes, and
|
||||
had a working <quote>copy'n'paste</quote> from an NX window (running a KDE session
|
||||
in Italy) to my Mozilla mailing agent. These guys are certainly doing
|
||||
something right!
|
||||
</para>
|
||||
|
||||
<para>
|
||||
I recommend to test drive NX to anybody with a only a passing interest in remote computing
|
||||
<ulink noescape="1" url="http://www.nomachine.com/testdrive.php">http://www.nomachine.com/testdrive.php</ulink>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Just download the free of charge client software (available for Red Hat,
|
||||
SuSE, Debian and Windows) and be up and running within five minutes (they
|
||||
need to send you your account data, though, because you are assigned
|
||||
a real UNIX account on their testdrive.nomachine.com box.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
They plan to get to the point were you can have NX application servers
|
||||
running as a cluster of nodes, and users simply start an NX session locally,
|
||||
and can select applications to run transparently (apps may even run on
|
||||
another NX node, but pretend to be on the same as used for initial login,
|
||||
because it displays in the same window. You also can run it
|
||||
fullscreen, and after a short time you forget that it is a remote session
|
||||
at all).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Now the best thing for last: All the core compression and caching
|
||||
technologies are released under the GPL and available as source code
|
||||
to anybody who wants to build on it! These technologies are working,
|
||||
albeit started from the command line only (and very inconvenient to
|
||||
use in order to get a fully running remote X session up and running.)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To answer your questions:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
You do not need to install a terminal server; XP has RDP support built in.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
NX is much cheaper than Citrix &smbmdash; and comparable in performance, probably faster.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
You do not need to hack XP &smbmdash; it just works.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
You log into the XP box from remote transparently (and I think there is no
|
||||
need to change anything to get a connection, even if authentication is against a domain).
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
The NX core technologies are all Open Source and released under the GPL &smbmdash;
|
||||
you can now use a (very inconvenient) commandline at no cost,
|
||||
but you can buy a comfortable (proprietary) NX GUI frontend for money.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
NoMachine are encouraging and offering help to OSS/Free Software implementations
|
||||
for such a frontend too, even if it means competition to them (they have written
|
||||
to this effect even to the LTSP, KDE and GNOME developer mailing lists).
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Network Logon Script Magic</title>
|
||||
|
||||
<para>
|
||||
There are several opportunities for creating a custom network startup configuration environment.
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>No Logon Script.</para></listitem>
|
||||
<listitem><para>Simple universal Logon Script that applies to all users.</para></listitem>
|
||||
<listitem><para>Use of a conditional Logon Script that applies per user or per group attributes.</para></listitem>
|
||||
<listitem><para>Use of Samba's preexec and postexec functions on access to the NETLOGON share to create
|
||||
a custom logon script and then execute it.</para></listitem>
|
||||
<listitem><para>User of a tool such as KixStart.</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
The Samba source code tree includes two logon script generation/execution tools.
|
||||
See <filename>examples</filename> directory <filename>genlogon</filename> and
|
||||
<filename>ntlogon</filename> subdirectories.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The following listings are from the genlogon directory.
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>genlogon.pl</primary></indexterm>
|
||||
This is the <filename>genlogon.pl</filename> file:
|
||||
|
||||
<programlisting>
|
||||
#!/usr/bin/perl
|
||||
#
|
||||
# genlogon.pl
|
||||
#
|
||||
# Perl script to generate user logon scripts on the fly, when users
|
||||
# connect from a Windows client. This script should be called from
|
||||
# smb.conf with the %U, %G and %L parameters. I.e:
|
||||
#
|
||||
# root preexec = genlogon.pl %U %G %L
|
||||
#
|
||||
# The script generated will perform
|
||||
# the following:
|
||||
#
|
||||
# 1. Log the user connection to /var/log/samba/netlogon.log
|
||||
# 2. Set the PC's time to the Linux server time (which is maintained
|
||||
# daily to the National Institute of Standard's Atomic clock on the
|
||||
# internet.
|
||||
# 3. Connect the user's home drive to H: (H for Home).
|
||||
# 4. Connect common drives that everyone uses.
|
||||
# 5. Connect group-specific drives for certain user groups.
|
||||
# 6. Connect user-specific drives for certain users.
|
||||
# 7. Connect network printers.
|
||||
|
||||
# Log client connection
|
||||
#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
|
||||
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
|
||||
open LOG, ">>/var/log/samba/netlogon.log";
|
||||
print LOG "$mon/$mday/$year $hour:$min:$sec";
|
||||
print LOG " - User $ARGV[0] logged into $ARGV[1]\n";
|
||||
close LOG;
|
||||
|
||||
# Start generating logon script
|
||||
open LOGON, ">/shared/netlogon/$ARGV[0].bat";
|
||||
print LOGON "\@ECHO OFF\r\n";
|
||||
|
||||
# Connect shares just use by Software Development group
|
||||
if ($ARGV[1] eq "SOFTDEV" || $ARGV[0] eq "softdev")
|
||||
{
|
||||
print LOGON "NET USE M: \\\\$ARGV[2]\\SOURCE\r\n";
|
||||
}
|
||||
|
||||
# Connect shares just use by Technical Support staff
|
||||
if ($ARGV[1] eq "SUPPORT" || $ARGV[0] eq "support")
|
||||
{
|
||||
print LOGON "NET USE S: \\\\$ARGV[2]\\SUPPORT\r\n";
|
||||
}
|
||||
|
||||
# Connect shares just used by Administration staff
|
||||
If ($ARGV[1] eq "ADMIN" || $ARGV[0] eq "admin")
|
||||
{
|
||||
print LOGON "NET USE L: \\\\$ARGV[2]\\ADMIN\r\n";
|
||||
print LOGON "NET USE K: \\\\$ARGV[2]\\MKTING\r\n";
|
||||
}
|
||||
|
||||
# Now connect Printers. We handle just two or three users a little
|
||||
# differently, because they are the exceptions that have desktop
|
||||
# printers on LPT1: - all other user's go to the LaserJet on the
|
||||
# server.
|
||||
if ($ARGV[0] eq 'jim'
|
||||
|| $ARGV[0] eq 'yvonne')
|
||||
{
|
||||
print LOGON "NET USE LPT2: \\\\$ARGV[2]\\LJET3\r\n";
|
||||
print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
print LOGON "NET USE LPT1: \\\\$ARGV[2]\\LJET3\r\n";
|
||||
print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
|
||||
}
|
||||
|
||||
# All done! Close the output file.
|
||||
close LOGON;
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Those wishing to use more elaborate or capable logon processing system should check out these sites:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><ulink noescape="1" url="http://www.craigelachi.e.org/rhacer/ntlogon">http://www.craigelachi.e.org/rhacer/ntlogon</ulink></para></listitem>
|
||||
<listitem><para><ulink noescape="1" url="http://www.kixtart.org">http://www.kixtart.org</ulink></para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<sect2>
|
||||
<title>Adding Printers without User Intervention</title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>rundll32</primary></indexterm>
|
||||
Printers may be added automatically during logon script processing through the use of:
|
||||
|
||||
<screen>
|
||||
&dosprompt;<userinput>rundll32 printui.dll,PrintUIEntry /?</userinput>
|
||||
</screen>
|
||||
|
||||
See the documentation in the <ulink url="http://support.microsoft.com/default.asp?scid=kb;en-us;189105">Microsoft knowledgebase article 189105.</ulink>
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,34 +0,0 @@
|
||||
<chapter id="Backup">
|
||||
<chapterinfo>
|
||||
&author.jht;
|
||||
</chapterinfo>
|
||||
|
||||
<title>Samba Backup Techniques</title>
|
||||
|
||||
<sect1>
|
||||
<title>Note</title>
|
||||
|
||||
<para>
|
||||
This chapter did not make it into this release.
|
||||
It is planned for the published release of this document.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Features and Benefits</title>
|
||||
|
||||
<para>
|
||||
We need feedback from people who are backing up samba servers.
|
||||
We would like to know what software tools you are using to backup
|
||||
your samba server/s.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In particular, if you have any success and / or failure stories you could
|
||||
share with other users this would be appreciated.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,207 +0,0 @@
|
||||
<chapter id="bugreport">
|
||||
|
||||
<chapterinfo>
|
||||
&author.jht;
|
||||
&author.jelmer;
|
||||
&author.tridge;
|
||||
<pubdate> 27 June 1997 </pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>Reporting Bugs</title>
|
||||
|
||||
<sect1>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>Please report bugs using Samba's
|
||||
<ulink url="https://bugzilla.samba.org/">Bugzilla</ulink> facilities and
|
||||
take the time to read this file before you submit a bug
|
||||
report. Also, check to see if it has changed between releases, as we
|
||||
may be changing the bug reporting mechanism at some point.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Please do as much as you can yourself to help track down the
|
||||
bug. Samba is maintained by a dedicated group of people who volunteer
|
||||
their time, skills and efforts. We receive far more mail than
|
||||
we can possibly answer, so you have a much higher chance of a response
|
||||
and a fix if you send us a <quote>developer friendly</quote> bug report that lets
|
||||
us fix it fast.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Do not assume that if you post the bug to the comp.protocols.smb
|
||||
newsgroup or the mailing list that we will read it. If you suspect that your
|
||||
problem is not a bug but a configuration problem, it is better to send
|
||||
it to the Samba mailing list, as there are thousands of other users on
|
||||
that list who may be able to help you.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You may also like to look though the recent mailing list archives,
|
||||
which are conveniently accessible on the Samba Web pages
|
||||
at <ulink noescape="1" url="http://samba.org/samba/">http://samba.org/samba/</ulink>.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>General Information</title>
|
||||
|
||||
<para>
|
||||
Before submitting a bug report, check your config for silly
|
||||
errors. Look in your log files for obvious messages that tell
|
||||
you've misconfigured something. Run testparm to check your config
|
||||
file for correct syntax.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Have you looked through <link linkend="diagnosis">diagnosis</link>? This is extremely important.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you include part of a log file with your bug report, then be sure to
|
||||
annotate it with exactly what you were doing on the client at the
|
||||
time and exactly what the results were.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Debug Levels</title>
|
||||
|
||||
<para>
|
||||
If the bug has anything to do with Samba behaving incorrectly as a
|
||||
server (like refusing to open a file), then the log files will probably
|
||||
be quite useful. Depending on the problem, a log level of between 3 and
|
||||
10 showing the problem may be appropriate. A higher level gives more
|
||||
detail, but may use too much disk space.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To set the debug level, use the <smbconfoption><name>log level</name></smbconfoption> in your
|
||||
&smb.conf;. You may also find it useful to set the log
|
||||
level higher for just one machine and keep separate logs for each machine.
|
||||
To do this, add the following lines to your main &smb.conf; file:
|
||||
</para>
|
||||
|
||||
<para><smbconfblock>
|
||||
<smbconfoption><name>log level</name><value>10</value></smbconfoption>
|
||||
<smbconfoption><name>log file</name><value>/usr/local/samba/lib/log.%m</value></smbconfoption>
|
||||
<smbconfoption><name>include</name><value>/usr/local/samba/lib/smb.conf.%m</value></smbconfoption>
|
||||
</smbconfblock></para>
|
||||
|
||||
<para>
|
||||
and create a file <filename>/usr/local/samba/lib/smb.conf.<replaceable>machine</replaceable></filename> where
|
||||
<replaceable>machine</replaceable> is the name of the client you wish to debug. In that file
|
||||
put any &smb.conf; commands you want, for example
|
||||
<smbconfoption><name>log level</name></smbconfoption> may be useful. This also allows you to
|
||||
experiment with different security systems, protocol levels and so on, on just
|
||||
one machine.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The &smb.conf; entry <smbconfoption><name>log level</name></smbconfoption>
|
||||
is synonymous with the parameter <smbconfoption><name>debuglevel</name></smbconfoption> that has
|
||||
been used in older versions of Samba and is being retained for backward
|
||||
compatibility of &smb.conf; files.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
As the <smbconfoption><name>log level</name></smbconfoption> value is increased, you will record
|
||||
a significantly greater level of debugging information. For most
|
||||
debugging operations, you may not need a setting higher than
|
||||
<constant>3</constant>. Nearly
|
||||
all bugs can be tracked at a setting of <constant>10</constant>, but be
|
||||
prepared for a large volume of log data.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Internal Errors</title>
|
||||
|
||||
<para>
|
||||
If you get the message <quote><errorname>INTERNAL ERROR</errorname></quote> in your log files,
|
||||
it means that Samba got an unexpected signal while running. It is probably a
|
||||
segmentation fault and almost certainly means a bug in Samba (unless
|
||||
you have faulty hardware or system software).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If the message came from smbd, it will probably be accompanied by
|
||||
a message that details the last SMB message received by smbd. This
|
||||
information is often useful in tracking down the problem so please
|
||||
include it in your bug report.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You should also detail how to reproduce the problem, if
|
||||
possible. Please make this reasonably detailed.
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>core files</primary></indexterm>
|
||||
You may also find that a core file appeared in a <filename>corefiles</filename>
|
||||
subdirectory of the directory where you keep your Samba log
|
||||
files. This file is the most useful tool for tracking down the bug. To
|
||||
use it, you do this:
|
||||
<indexterm><primary>gdb</primary></indexterm>
|
||||
<indexterm><primary>debug</primary></indexterm>
|
||||
</para>
|
||||
|
||||
|
||||
<screen>
|
||||
&prompt;<userinput>gdb smbd core</userinput>
|
||||
</screen>
|
||||
|
||||
<para>
|
||||
adding appropriate paths to smbd and core so gdb can find them. If you
|
||||
do not have gdb, try <userinput>dbx</userinput>. Then within the debugger,
|
||||
use the command <command>where</command> to give a stack trace of where the
|
||||
problem occurred. Include this in your report.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you know any assembly language, do a <command>disass</command> of the routine
|
||||
where the problem occurred (if its in a library routine, then
|
||||
disassemble the routine that called it) and try to work out exactly
|
||||
where the problem is by looking at the surrounding code. Even if you
|
||||
do not know assembly, including this information in the bug report can be
|
||||
useful.
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Attaching to a Running Process</title>
|
||||
|
||||
<para>
|
||||
Unfortunately, some UNIXes (in particular some recent Linux kernels)
|
||||
refuse to dump a core file if the task has changed uid (which smbd
|
||||
does often). To debug with this sort of system, you could try to attach
|
||||
to the running process using
|
||||
<userinput>gdb smbd <replaceable>PID</replaceable></userinput> where you get
|
||||
<replaceable>PID</replaceable> from <application>smbstatus</application>.
|
||||
Then use <command>c</command> to continue and try to cause the core dump
|
||||
using the client. The debugger should catch the fault and tell you
|
||||
where it occurred.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Patches</title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>diff</primary></indexterm>
|
||||
<indexterm><primary>patch</primary></indexterm>
|
||||
The best sort of bug report is one that includes a fix! If you send us
|
||||
patches, please use <userinput>diff -u</userinput> format if your version of
|
||||
diff supports it, otherwise use <userinput>diff -c4</userinput>. Make sure
|
||||
you do the diff against a clean version of the source and let me know
|
||||
exactly what version you used.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
</chapter>
|
File diff suppressed because it is too large
Load Diff
@ -1,503 +0,0 @@
|
||||
<chapter id="compiling">
|
||||
<chapterinfo>
|
||||
&author.jelmer;
|
||||
&author.jht;
|
||||
&author.tridge;
|
||||
|
||||
<pubdate> 22 May 2001 </pubdate>
|
||||
<pubdate> 18 March 2003 </pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>How to Compile Samba</title>
|
||||
|
||||
<para>
|
||||
You can obtain the Samba source from the
|
||||
<ulink url="http://samba.org/">Samba Website.</ulink> To obtain a development version,
|
||||
you can download Samba from CVS or using <command>rsync</command>.
|
||||
</para>
|
||||
|
||||
<sect1>
|
||||
<title>Access Samba Source Code via CVS</title>
|
||||
|
||||
|
||||
<sect2>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>CVS</primary></indexterm>
|
||||
Samba is developed in an open environment. Developers use
|
||||
Concurrent Versioning System (CVS) to <quote>checkin</quote> (also known as
|
||||
<quote>commit</quote>) new source code. Samba's various CVS branches can
|
||||
be accessed via anonymous CVS using the instructions
|
||||
detailed in this chapter.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This chapter is a modified version of the instructions found at
|
||||
<ulink noescape="1" url="http://samba.org/samba/cvs.html">http://samba.org/samba/cvs.html</ulink>
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>CVS Access to samba.org</title>
|
||||
|
||||
<para>
|
||||
The machine samba.org runs a publicly accessible CVS
|
||||
repository for access to the source code of several packages,
|
||||
including Samba, rsync, distcc, ccache, and jitterbug. There are two main ways
|
||||
of accessing the CVS server on this host:
|
||||
</para>
|
||||
|
||||
<sect3>
|
||||
<title>Access via CVSweb</title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>CVS</primary><secondary>web</secondary></indexterm>
|
||||
You can access the source code via your favorite WWW browser. This allows you to access
|
||||
the contents of individual files in the repository and also to look at the revision
|
||||
history and commit logs of individual files. You can also ask for a diff
|
||||
listing between any two versions on the repository.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Use the URL:
|
||||
<ulink noescape="1" url="http://samba.org/cgi-bin/CVSweb">http://samba.org/cgi-bin/CVSweb</ulink>
|
||||
</para>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<title>Access via CVS</title>
|
||||
|
||||
<para>
|
||||
You can also access the source code via a
|
||||
normal CVS client. This gives you much more control over what you can
|
||||
do with the repository and allows you to checkout whole source trees
|
||||
and keep them up-to-date via normal CVS commands. This is the
|
||||
preferred method of access if you are a developer and not
|
||||
just a casual browser.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To download the latest CVS source code, point your
|
||||
browser at the URL :
|
||||
<ulink noescape="1" url="http://www.cyclic.com/">http://www.cyclic.com/</ulink>.
|
||||
and click on the <quote>How to get CVS</quote> link. CVS is free software under
|
||||
the GNU GPL (as is Samba). Note that there are several graphical CVS clients
|
||||
that provide a graphical interface to the sometimes mundane CVS commands.
|
||||
Links to theses clients are also available from the Cyclic Web site.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To gain access via anonymous CVS, use the following steps.
|
||||
For this example it is assumed that you want a copy of the
|
||||
Samba source code. For the other source code repositories
|
||||
on this system just substitute the correct package name.
|
||||
</para>
|
||||
|
||||
<procedure>
|
||||
<title>Retrieving Samba using CVS</title>
|
||||
|
||||
<step>
|
||||
<para>
|
||||
Install a recent copy of CVS. All you really need is a
|
||||
copy of the CVS client binary.
|
||||
</para>
|
||||
</step>
|
||||
|
||||
<step>
|
||||
<para>
|
||||
Run the command:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<userinput>cvs -d :pserver:cvs@samba.org:/cvsroot login</userinput>
|
||||
</para>
|
||||
</step>
|
||||
|
||||
<step>
|
||||
|
||||
<para>
|
||||
When it asks you for a password, type <userinput>cvs</userinput>.
|
||||
</para>
|
||||
</step>
|
||||
|
||||
<step>
|
||||
<para>
|
||||
Run the command
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<userinput>cvs -d :pserver:CVS@samba.org:/cvsroot co samba</userinput>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This will create a directory called <filename>samba</filename> containing the
|
||||
latest Samba source code (i.e., the HEAD tagged CVS branch). This
|
||||
currently corresponds to the 3.0 development tree.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
CVS branches other then HEAD can be obtained by using the
|
||||
<option>-r</option> and defining a tag name. A list of branch tag names
|
||||
can be found on the <quote>Development</quote> page of the Samba Web site. A common
|
||||
request is to obtain the latest 3.0 release code. This could be done by
|
||||
using the following command:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<userinput>cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_3_0 samba</userinput>.
|
||||
</para>
|
||||
</step>
|
||||
|
||||
<step>
|
||||
<para>
|
||||
Whenever you want to merge in the latest code changes, use
|
||||
the following command from within the Samba directory:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<userinput>cvs update -d -P</userinput>
|
||||
</para>
|
||||
</step>
|
||||
</procedure>
|
||||
|
||||
</sect3>
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Accessing the Samba Sources via rsync and ftp</title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>rsync</primary></indexterm>
|
||||
<indexterm><primary>ftp</primary></indexterm>
|
||||
<parameter>pserver.samba.org</parameter> also exports unpacked copies of most parts of the CVS
|
||||
tree at <ulink noescape="1" url="ftp://pserver.samba.org/pub/unpacked">ftp://pserver.samba.org/pub/unpacked</ulink> and also via anonymous rsync at
|
||||
<ulink noescape="1" url="rsync://pserver.samba.org/ftp/unpacked/">rsync://pserver.samba.org/ftp/unpacked/</ulink>. I recommend using rsync rather than ftp.
|
||||
See <ulink noescape="1" url="http://rsync.samba.org/">the rsync homepage</ulink> for more info on rsync.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The disadvantage of the unpacked trees is that they do not support automatic
|
||||
merging of local changes like CVS does. <command>rsync</command> access is most convenient
|
||||
for an initial install.
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Verifying Samba's PGP Signature</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>GPG</primary></indexterm>
|
||||
It is strongly recommended that you verify the PGP signature for any source file before
|
||||
installing it. Even if you're not downloading from a mirror site, verifying PGP signatures
|
||||
should be a standard reflex. Many people today use the GNU GPG toolset in place of PGP.
|
||||
GPG can substitute for PGP.
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
With that said, go ahead and download the following files:
|
||||
</para>
|
||||
|
||||
<para><screen>
|
||||
&prompt;<userinput>wget http://us1.samba.org/samba/ftp/samba-2.2.8a.tar.asc</userinput>
|
||||
&prompt;<userinput>wget http://us1.samba.org/samba/ftp/samba-pubkey.asc</userinput>
|
||||
</screen></para>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>PGP</primary></indexterm>
|
||||
The first file is the PGP signature for the Samba source file; the other is the Samba public
|
||||
PGP key itself. Import the public PGP key with:
|
||||
</para>
|
||||
|
||||
<screen>
|
||||
&prompt;<userinput>gpg --import samba-pubkey.asc</userinput>
|
||||
</screen>
|
||||
|
||||
<para>
|
||||
and verify the Samba source code integrity with:
|
||||
</para>
|
||||
|
||||
<screen>
|
||||
&prompt;<userinput>gzip -d samba-2.2.8a.tar.gz</userinput>
|
||||
&prompt;<userinput>gpg --verify samba-2.2.8a.tar.asc</userinput>
|
||||
</screen>
|
||||
|
||||
<para>
|
||||
If you receive a message like, <quote>Good signature from Samba Distribution Verification Key...</quote>
|
||||
then all is well. The warnings about trust relationships can be ignored. An
|
||||
example of what you would not want to see would be:
|
||||
</para>
|
||||
|
||||
<para><screen>
|
||||
gpg: BAD signature from <quote>Samba Distribution Verification Key</quote>
|
||||
</screen></para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Building the Binaries</title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>configure</primary></indexterm>
|
||||
To build the binaries, first run the program <userinput>./configure
|
||||
</userinput> in the source directory. This should automatically
|
||||
configure Samba for your operating system. If you have unusual
|
||||
needs, then you may wish to run</para>
|
||||
|
||||
<para><screen>&rootprompt;<userinput>./configure --help
|
||||
</userinput></screen></para>
|
||||
|
||||
<para>first to see what special options you can enable. Now execute <userinput>./configure</userinput> with any arguments it might need:</para>
|
||||
|
||||
<para><screen>&rootprompt;<userinput>./configure <replaceable>[... arguments ...]</replaceable></userinput></screen></para>
|
||||
|
||||
<para>Executing</para>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>make</primary></indexterm>
|
||||
<screen>&rootprompt;<userinput>make</userinput></screen></para>
|
||||
|
||||
<para>will create the binaries. Once it is successfully
|
||||
compiled you can use</para>
|
||||
|
||||
<para><screen>&rootprompt;<userinput>make install</userinput></screen></para>
|
||||
|
||||
<para>to install the binaries and manual pages. You can
|
||||
separately install the binaries and/or man pages using</para>
|
||||
|
||||
<para><screen>&rootprompt;<userinput>make installbin
|
||||
</userinput></screen></para>
|
||||
|
||||
<para>and</para>
|
||||
|
||||
<para><screen>&rootprompt;<userinput>make installman
|
||||
</userinput></screen></para>
|
||||
|
||||
<para>Note that if you are upgrading from a previous version
|
||||
of Samba you might like to know that the old versions of
|
||||
the binaries will be renamed with an <quote>.old</quote> extension. You
|
||||
can go back to the previous version with</para>
|
||||
|
||||
<para><screen>&rootprompt;<userinput>make revert
|
||||
</userinput></screen></para>
|
||||
|
||||
<para>if you find this version a disaster!</para>
|
||||
|
||||
<sect2>
|
||||
<title>Compiling Samba with Active Directory Support</title>
|
||||
|
||||
<para>In order to compile Samba with ADS support, you need to have installed
|
||||
on your system:</para>
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>The MIT or Heimdal kerberos development libraries
|
||||
(either install from the sources or use a package).</para></listitem>
|
||||
|
||||
<listitem><para>The OpenLDAP development libraries.</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
<para>If your kerberos libraries are in a non-standard location, then
|
||||
remember to add the configure option
|
||||
<option>--with-krb5=<replaceable>DIR</replaceable></option>.</para>
|
||||
|
||||
<para>After you run configure, make sure that
|
||||
<filename>include/config.h</filename> it generates contain lines like
|
||||
this:</para>
|
||||
|
||||
<para><programlisting>
|
||||
#define HAVE_KRB5 1
|
||||
#define HAVE_LDAP 1
|
||||
</programlisting></para>
|
||||
|
||||
<para>If it does not, configure did not find your KRB5 libraries or
|
||||
your LDAP libraries. Look in <filename>config.log</filename> to figure
|
||||
out why and fix it.</para>
|
||||
|
||||
<sect3>
|
||||
<title>Installing the Required Packages for Debian</title>
|
||||
|
||||
<para>On Debian, you need to install the following packages:</para>
|
||||
<para>
|
||||
<itemizedlist>
|
||||
<listitem><para>libkrb5-dev</para></listitem>
|
||||
<listitem><para>krb5-user</para></listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<title>Installing the Required Packages for Red Hat Linux</title>
|
||||
|
||||
<para>On Red Hat Linux, this means you should have at least: </para>
|
||||
<para>
|
||||
<itemizedlist>
|
||||
<listitem><para>krb5-workstation (for kinit)</para></listitem>
|
||||
<listitem><para>krb5-libs (for linking with)</para></listitem>
|
||||
<listitem><para>krb5-devel (because you are compiling from source)</para></listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
|
||||
<para>in addition to the standard development environment.</para>
|
||||
|
||||
<para>If these files are not installed on your system, you should check the installation
|
||||
CDs to find which has them and install the files using your tool of choice. If in doubt
|
||||
about what tool to use, refer to the Red Hat Linux documentation.</para>
|
||||
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<title>SuSE Linux Package Requirements</title>
|
||||
|
||||
<para>SuSE Linux installs Heimdal packages that may be required to allow you to build
|
||||
binary packages. You should verify that the development libraries have been installed on
|
||||
your system.
|
||||
</para>
|
||||
|
||||
<para>SuSE Linux Samba RPMs support Kerberos. Please refer to the documentation for
|
||||
your SuSE Linux system for information regading SuSE Linux specific configuration.
|
||||
Additionally, SuSE are very active in the maintenance of Samba packages that provide
|
||||
the maximum capabilities that are available. You should consider using SuSE provided
|
||||
packages where they are available.
|
||||
</para>
|
||||
|
||||
</sect3>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Starting the &smbd; and &nmbd;</title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>inetd</primary></indexterm>
|
||||
You must choose to start &smbd; and &nmbd; either
|
||||
as daemons or from <application>inetd</application>. Don't try
|
||||
to do both! Either you can put them in <filename>
|
||||
inetd.conf</filename> and have them started on demand
|
||||
by <application>inetd</application> or <application>xinetd</application>,
|
||||
or you can start them as
|
||||
daemons either from the command line or in <filename>
|
||||
/etc/rc.local</filename>. See the man pages for details
|
||||
on the command line options. Take particular care to read
|
||||
the bit about what user you need to have to start
|
||||
Samba. In many cases, you must be root.</para>
|
||||
|
||||
<para>The main advantage of starting &smbd;
|
||||
and &nmbd; using the recommended daemon method
|
||||
is that they will respond slightly more quickly to an initial connection
|
||||
request.</para>
|
||||
|
||||
<sect2>
|
||||
<title>Starting from inetd.conf</title>
|
||||
|
||||
<indexterm><primary>inetd</primary></indexterm>
|
||||
|
||||
<note>
|
||||
<para>The following will be different if
|
||||
you use NIS, NIS+ or LDAP to distribute services maps.</para>
|
||||
</note>
|
||||
|
||||
<para>Look at your <filename>/etc/services</filename>.
|
||||
What is defined at port 139/tcp? If nothing is defined,
|
||||
then add a line like this:</para>
|
||||
|
||||
<para><programlisting>netbios-ssn 139/tcp</programlisting></para>
|
||||
|
||||
<para>Similarly for 137/udp, you should have an entry like:</para>
|
||||
|
||||
<para><programlisting>netbios-ns 137/udp</programlisting></para>
|
||||
|
||||
<para>Next, edit your <filename>/etc/inetd.conf</filename>
|
||||
and add two lines like this:</para>
|
||||
|
||||
<para><programlisting>
|
||||
netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd
|
||||
netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd
|
||||
</programlisting></para>
|
||||
|
||||
<para>The exact syntax of <filename>/etc/inetd.conf</filename>
|
||||
varies between UNIXes. Look at the other entries in inetd.conf
|
||||
for a guide. </para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>xinetd</primary></indexterm>
|
||||
Some distributions use xinetd instead of inetd. Consult the
|
||||
xinetd manual for configuration information.</para>
|
||||
|
||||
<note><para>Some UNIXes already have entries like netbios_ns
|
||||
(note the underscore) in <filename>/etc/services</filename>.
|
||||
You must edit <filename>/etc/services</filename> or
|
||||
<filename>/etc/inetd.conf</filename> to make them consistent.
|
||||
</para></note>
|
||||
|
||||
<note><para>
|
||||
<indexterm><primary>ifconfig</primary></indexterm>
|
||||
On many systems you may need to use the
|
||||
<smbconfoption><name>interfaces</name></smbconfoption> option in &smb.conf; to specify the IP
|
||||
address and netmask of your interfaces. Run
|
||||
<application>ifconfig</application>
|
||||
as root if you do not know what the broadcast is for your
|
||||
net. &nmbd; tries to determine it at run
|
||||
time, but fails on some UNIXes.
|
||||
</para></note>
|
||||
|
||||
<warning><para>Many UNIXes only accept around five
|
||||
parameters on the command line in <filename>inetd.conf</filename>.
|
||||
This means you shouldn't use spaces between the options and
|
||||
arguments, or you should use a script and start the script
|
||||
from <command>inetd</command>.</para></warning>
|
||||
|
||||
<para>Restart <application>inetd</application>, perhaps just send
|
||||
it a HUP. </para>
|
||||
|
||||
<screen>
|
||||
&rootprompt;<userinput>killall -HUP inetd</userinput>
|
||||
</screen>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Alternative: Starting &smbd; as a Daemon</title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>daemon</primary></indexterm>
|
||||
To start the server as a daemon, you should create
|
||||
a script something like this one, perhaps calling
|
||||
it <filename>startsmb</filename>.</para>
|
||||
|
||||
<para><programlisting>
|
||||
#!/bin/sh
|
||||
/usr/local/samba/bin/smbd -D
|
||||
/usr/local/samba/bin/nmbd -D
|
||||
</programlisting></para>
|
||||
|
||||
<para>Make it executable with <command>chmod
|
||||
+x startsmb</command></para>
|
||||
|
||||
<para>You can then run <command>startsmb</command> by
|
||||
hand or execute it from <filename>/etc/rc.local</filename>.
|
||||
</para>
|
||||
|
||||
<para>To kill it, send a kill signal to the processes
|
||||
&nmbd; and &smbd;.</para>
|
||||
|
||||
<note><para>If you use the SVR4 style init system,
|
||||
you may like to look at the <filename>examples/svr4-startup</filename>
|
||||
script to make Samba fit into that system.</para></note>
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,17 +0,0 @@
|
||||
<chapter id="DNSDHCP">
|
||||
<chapterinfo>
|
||||
&author.jht;
|
||||
</chapterinfo>
|
||||
|
||||
<title>DNS and DHCP Configuration Guide</title>
|
||||
|
||||
<sect1>
|
||||
<title>Note</title>
|
||||
|
||||
<para>
|
||||
This chapter did not make it into this release.
|
||||
It is planned for the published release of this document.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
</chapter>
|
File diff suppressed because it is too large
Load Diff
@ -1,557 +0,0 @@
|
||||
<chapter id="diagnosis">
|
||||
<chapterinfo>
|
||||
&author.tridge;
|
||||
&author.jelmer;
|
||||
&author.danshearer;
|
||||
<pubdate>Wed Jan 15</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>The Samba Checklist</title>
|
||||
|
||||
<sect1>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>
|
||||
This file contains a list of tests you can perform to validate your
|
||||
Samba server. It also tells you what the likely cause of the problem
|
||||
is if it fails any one of these steps. If it passes all these tests,
|
||||
then it is probably working fine.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You should do all the tests, in the order shown. We have tried to
|
||||
carefully choose them so later tests only use capabilities verified in
|
||||
the earlier tests. However, do not stop at the first error as there
|
||||
have been some instances when continuing with the tests has helped
|
||||
to solve a problem.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you send one of the Samba mailing lists an email saying, <quote>it does not work</quote>
|
||||
and you have not followed this test procedure, you should not be surprised
|
||||
if your email is ignored.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Assumptions</title>
|
||||
|
||||
<para>
|
||||
In all of the tests, it is assumed you have a Samba server called
|
||||
BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The procedure is similar for other types of clients.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It is also assumed you know the name of an available share in your
|
||||
&smb.conf;. I will assume this share is called <smbconfsection>tmp</smbconfsection>.
|
||||
You can add a <smbconfsection>tmp</smbconfsection> share like this by adding the
|
||||
lines shown in <link linkend="tmpshare"/>.
|
||||
</para>
|
||||
|
||||
<para><smbconfexample id="tmpshare">
|
||||
<title>smb.conf with [tmp] share</title>
|
||||
<smbconfsection>[tmp]</smbconfsection>
|
||||
<smbconfoption><name>comment</name><value>temporary files </value></smbconfoption>
|
||||
<smbconfoption><name>path</name><value>/tmp</value></smbconfoption>
|
||||
<smbconfoption><name>read only</name><value>yes</value></smbconfoption>
|
||||
</smbconfexample>
|
||||
</para>
|
||||
|
||||
<note><para>
|
||||
These tests assume version 3.0.0 or later of the Samba suite.
|
||||
Some commands shown did not exist in earlier versions.
|
||||
</para></note>
|
||||
|
||||
<para>
|
||||
Please pay attention to the error messages you receive. If any error message
|
||||
reports that your server is being unfriendly, you should first check that your
|
||||
IP name resolution is correctly set up. Make sure your <filename>/etc/resolv.conf</filename>
|
||||
file points to name servers that really do exist.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Also, if you do not have DNS server access for name resolution, please check
|
||||
that the settings for your &smb.conf; file results in <command>dns proxy = no</command>. The
|
||||
best way to check this is with <command>testparm smb.conf</command>.
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>log files</primary><secondary>monitoring</secondary></indexterm>
|
||||
It is helpful to monitor the log files during testing by using the
|
||||
<command>tail -F log_file_name</command> in a separate
|
||||
terminal console (use ctrl-alt-F1 through F6 or multiple terminals in X).
|
||||
Relevant log files can be found (for default installations) in
|
||||
<filename>/usr/local/samba/var</filename>. Also, connection logs from
|
||||
machines can be found here or possibly in <filename>/var/log/samba</filename>,
|
||||
depending on how or if you specified logging in your &smb.conf; file.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you make changes to your &smb.conf; file while going through these test,
|
||||
remember to restart &smbd; and &nmbd;.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>The Tests</title>
|
||||
<procedure>
|
||||
<title>Diagnosing your Samba server</title>
|
||||
|
||||
|
||||
<step performance="required">
|
||||
<para>
|
||||
<indexterm><primary>testparm</primary></indexterm>
|
||||
In the directory in which you store your &smb.conf; file, run the command
|
||||
<command>testparm smb.conf</command>. If it reports any errors, then your &smb.conf;
|
||||
configuration file is faulty.
|
||||
</para>
|
||||
|
||||
<note><para>
|
||||
Your &smb.conf; file may be located in: <filename>/etc/samba</filename>
|
||||
or in <filename>/usr/local/samba/lib</filename>.
|
||||
</para></note>
|
||||
</step>
|
||||
|
||||
<step performance="required">
|
||||
<para>
|
||||
Run the command <command>ping BIGSERVER</command> from the PC and
|
||||
<command>ping ACLIENT</command> from the UNIX box. If you do not get a valid response,
|
||||
then your TCP/IP software is not correctly installed.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You will need to start a <quote>dos prompt</quote> window on the PC to run ping.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you get a message saying <quote><errorname>host not found</errorname></quote> or similar, then your DNS
|
||||
software or <filename>/etc/hosts</filename> file is not correctly setup.
|
||||
It is possible to run Samba without DNS entries for the server and client, but it is assumed
|
||||
you do have correct entries for the remainder of these tests.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Another reason why ping might fail is if your host is running firewall
|
||||
software. You will need to relax the rules to let in the workstation
|
||||
in question, perhaps by allowing access from another subnet (on Linux
|
||||
this is done via the appropriate firewall maintenance commands <command>ipchains</command>
|
||||
or <command>iptables</command>).
|
||||
</para>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
Modern Linux distributions install ipchains/iptables by default.
|
||||
This is a common problem that is often overlooked.
|
||||
</para>
|
||||
</note>
|
||||
|
||||
<para>
|
||||
If you wish to check what firewall rules may be present in a system under test, simply run
|
||||
<command>iptables -L -v</command> or if <parameter>ipchains</parameter>-based firewall rules are in use,
|
||||
<command>ipchains -L -v</command>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Here is a sample listing from a system that has an external ethernet interface (eth1) on which Samba
|
||||
is not active, and an internal (private network) interface (eth0) on which Samba is active:
|
||||
<screen>
|
||||
frodo:~ # iptables -L -v
|
||||
Chain INPUT (policy DROP 98496 packets, 12M bytes)
|
||||
pkts bytes target prot opt in out source destination
|
||||
187K 109M ACCEPT all -- lo any anywhere anywhere
|
||||
892K 125M ACCEPT all -- eth0 any anywhere anywhere
|
||||
1399K 1380M ACCEPT all -- eth1 any anywhere anywhere \
|
||||
state RELATED,ESTABLISHED
|
||||
|
||||
Chain FORWARD (policy DROP 0 packets, 0 bytes)
|
||||
pkts bytes target prot opt in out source destination
|
||||
978K 1177M ACCEPT all -- eth1 eth0 anywhere anywhere \
|
||||
state RELATED,ESTABLISHED
|
||||
658K 40M ACCEPT all -- eth0 eth1 anywhere anywhere
|
||||
0 0 LOG all -- any any anywhere anywhere \
|
||||
LOG level warning
|
||||
|
||||
Chain OUTPUT (policy ACCEPT 2875K packets, 1508M bytes)
|
||||
pkts bytes target prot opt in out source destination
|
||||
|
||||
Chain reject_func (0 references)
|
||||
pkts bytes target prot opt in out source destinat
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
</step>
|
||||
|
||||
<step performance="required">
|
||||
<para>
|
||||
Run the command: <command>smbclient -L BIGSERVER</command>
|
||||
on the UNIX box. You should get back a list of available shares.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you get an error message containing the string <quote>Bad password</quote>, then
|
||||
you probably have either an incorrect <parameter>hosts allow</parameter>,
|
||||
<parameter>hosts deny</parameter> or <parameter>valid users</parameter> line in your
|
||||
&smb.conf;, or your guest account is not valid. Check what your guest account is using &testparm; and
|
||||
temporarily remove any <parameter>hosts allow</parameter>, <parameter>hosts deny</parameter>,
|
||||
<parameter>valid users</parameter> or <parameter>invalid users</parameter> lines.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you get a message <quote><errorname>connection refused</errorname></quote> response, then the <command>smbd</command> server may
|
||||
not be running. If you installed it in <filename>inetd.conf</filename>, then you probably edited
|
||||
that file incorrectly. If you installed it as a daemon, then check that
|
||||
it is running, and check that the netbios-ssn port is in a LISTEN
|
||||
state using <command>netstat -a</command>.
|
||||
</para>
|
||||
|
||||
<note><para>
|
||||
<indexterm><primary>inetd</primary></indexterm>
|
||||
<indexterm><primary>xinetd</primary><see>inetd</see></indexterm>
|
||||
Some UNIX/Linux systems use <command>xinetd</command> in place of
|
||||
<command>inetd</command>. Check your system documentation for the location
|
||||
of the control files for your particular system implementation of
|
||||
the network super daemon.
|
||||
</para></note>
|
||||
|
||||
<para>
|
||||
If you get a message saying <quote><errorname>session request failed</errorname></quote>, the server refused the
|
||||
connection. If it says <quote>Your server software is being unfriendly</quote>, then
|
||||
it's probably because you have invalid command line parameters to &smbd;,
|
||||
or a similar fatal problem with the initial startup of &smbd;. Also
|
||||
check your config file (&smb.conf;) for syntax errors with &testparm;
|
||||
and that the various directories where Samba keeps its log and lock
|
||||
files exist.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
There are a number of reasons for which smbd may refuse or decline
|
||||
a session request. The most common of these involve one or more of
|
||||
the &smb.conf; file entries as shown in <link linkend="modif1"/>.
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
<smbconfexample id="modif1">
|
||||
<title>Configuration for only allowing connections from a certain subnet</title>
|
||||
<smbconfsection>[globals]</smbconfsection>
|
||||
<member>...</member>
|
||||
<smbconfoption><name>hosts deny</name><value>ALL</value></smbconfoption>
|
||||
<smbconfoption><name>hosts allow</name><value>xxx.xxx.xxx.xxx/yy</value></smbconfoption>
|
||||
<smbconfoption><name>interfaces</name><value>eth0</value></smbconfoption>
|
||||
<smbconfoption><name>bind interfaces only</name><value>Yes</value></smbconfoption>
|
||||
<member>...</member>
|
||||
</smbconfexample>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In the above, no allowance has been made for any session requests that
|
||||
will automatically translate to the loopback adapter address 127.0.0.1.
|
||||
To solve this problem, change these lines as shown in <link linkend="modif2"/>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<smbconfexample id="modif2">
|
||||
<title>Configuration for allowing connections from a certain subnet and localhost</title>
|
||||
<smbconfsection>[globals]</smbconfsection>
|
||||
<member>...</member>
|
||||
<smbconfoption><name>hosts deny</name><value>ALL</value></smbconfoption>
|
||||
<smbconfoption><name>hosts allow</name><value>xxx.xxx.xxx.xxx/yy 127.</value></smbconfoption>
|
||||
<smbconfoption><name>interfaces</name><value>eth0 lo</value></smbconfoption>
|
||||
<member>...</member>
|
||||
</smbconfexample>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>inetd</primary></indexterm>
|
||||
Another common cause of these two errors is having something already running
|
||||
<indexterm><primary>smbclient</primary></indexterm>
|
||||
on port <constant>139</constant>, such as Samba (&smbd; is running from <application>inetd</application> already) or
|
||||
something like Digital's Pathworks. Check your <filename>inetd.conf</filename> file before trying
|
||||
to start &smbd; as a daemon &smbmdash; it can avoid a lot of frustration!
|
||||
</para>
|
||||
|
||||
<para>
|
||||
And yet another possible cause for failure of this test is when the subnet mask
|
||||
and/or broadcast address settings are incorrect. Please check that the
|
||||
network interface IP Address/Broadcast Address/Subnet Mask settings are
|
||||
correct and that Samba has correctly noted these in the <filename>log.nmbd</filename> file.
|
||||
</para>
|
||||
|
||||
</step>
|
||||
|
||||
<step performance="required">
|
||||
|
||||
<para>
|
||||
Run the command: <command>nmblookup -B BIGSERVER __SAMBA__</command>.
|
||||
You should get back the IP address of your Samba server.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you do not, then nmbd is incorrectly installed. Check your <filename>inetd.conf</filename>
|
||||
if you run it from there, or that the daemon is running and listening to udp port 137.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
One common problem is that many inetd implementations can't take many
|
||||
parameters on the command line. If this is the case, then create a
|
||||
one-line script that contains the right parameters and run that from
|
||||
inetd.
|
||||
</para>
|
||||
|
||||
</step>
|
||||
|
||||
<step performance="required">
|
||||
|
||||
<para>
|
||||
Run the command: <command>nmblookup -B ACLIENT `*'</command>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You should get the PC's IP address back. If you do not then the client
|
||||
software on the PC isn't installed correctly, or isn't started, or you
|
||||
got the name of the PC wrong.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If ACLIENT does not resolve via DNS then use the IP address of the
|
||||
client in the above test.
|
||||
</para>
|
||||
|
||||
</step>
|
||||
|
||||
<step performance="required">
|
||||
|
||||
<para>
|
||||
Run the command: <command>nmblookup -d 2 '*'</command>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This time we are trying the same as the previous test but are trying
|
||||
it via a broadcast to the default broadcast address. A number of
|
||||
NetBIOS/TCP/IP hosts on the network should respond, although Samba may
|
||||
not catch all of the responses in the short time it listens. You
|
||||
should see the <quote><errorname>got a positive name query response</errorname></quote>
|
||||
messages from several hosts.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If this does not give a similar result to the previous test, then
|
||||
nmblookup isn't correctly getting your broadcast address through its
|
||||
automatic mechanism. In this case you should experiment with the
|
||||
<smbconfoption><name>interfaces</name></smbconfoption> option in &smb.conf; to manually configure your IP
|
||||
address, broadcast and netmask.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If your PC and server aren't on the same subnet, then you will need to use the
|
||||
<option>-B</option> option to set the broadcast address to that of the PCs subnet.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This test will probably fail if your subnet mask and broadcast address are
|
||||
not correct. (Refer to TEST 3 notes above).
|
||||
</para>
|
||||
|
||||
</step>
|
||||
|
||||
<step performance="required">
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>smbclient</primary></indexterm>
|
||||
Run the command: <command>smbclient //BIGSERVER/TMP</command>. You should
|
||||
then be prompted for a password. You should use the password of the account
|
||||
with which you are logged into the UNIX box. If you want to test with
|
||||
another account, then add the <option>-U accountname</option> option to the end of
|
||||
the command line. For example, <command>smbclient //bigserver/tmp -Ujohndoe</command>.
|
||||
</para>
|
||||
|
||||
<note><para>
|
||||
It is possible to specify the password along with the username as follows:
|
||||
<command>smbclient //bigserver/tmp -Ujohndoe%secret</command>.
|
||||
</para></note>
|
||||
|
||||
<para>
|
||||
Once you enter the password, you should get the <prompt>smb></prompt> prompt. If you
|
||||
do not, then look at the error message. If it says <quote><errorname>invalid network
|
||||
name</errorname></quote>, then the service <smbconfsection>tmp</smbconfsection> is not correctly setup in your &smb.conf;.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If it says <quote><errorname>bad password</errorname></quote>, then the likely causes are:
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
You have shadow passwords (or some other password system) but didn't
|
||||
compile in support for them in &smbd;.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Your <smbconfoption><name>valid users</name></smbconfoption> configuration is incorrect.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
You have a mixed case password and you haven't enabled the <smbconfoption><name>password level</name></smbconfoption> option at a high enough level.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
The <smbconfoption><name>path</name></smbconfoption> line in &smb.conf; is incorrect. Check it with &testparm;.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
You enabled password encryption but didn't map UNIX to Samba users. Run:
|
||||
<command>smbpasswd -a username</command>
|
||||
</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
Once connected, you should be able to use the commands <command>dir</command>, <command>get</command>,
|
||||
<command>put</command> and so on. Type <command>help command</command> for instructions. You should
|
||||
especially check that the amount of free disk space shown is correct when you type <command>dir</command>.
|
||||
</para>
|
||||
|
||||
</step>
|
||||
|
||||
<step performance="required">
|
||||
|
||||
<para>
|
||||
On the PC, type the command <command>net view \\BIGSERVER</command>. You will
|
||||
need to do this from within a dos prompt window. You should get back a
|
||||
list of shares available on the server.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you get a message <quote><errorname>network name not found</errorname></quote> or similar error, then netbios
|
||||
name resolution is not working. This is usually caused by a problem in <command>nmbd</command>.
|
||||
To overcome it, you could do one of the following (you only need to choose one of them):
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
Fixup the &nmbd; installation.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Add the IP address of BIGSERVER to the <command>wins server</command> box in the
|
||||
advanced TCP/IP setup on the PC.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Enable Windows name resolution via DNS in the advanced section of the TCP/IP setup.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Add BIGSERVER to your lmhosts file on the PC.
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
If you get a message <quote><errorname>invalid network name</errorname></quote> or
|
||||
<quote><errorname>bad password error</errorname></quote>, then apply the
|
||||
same fixes as for the <command>smbclient -L</command> test above. In
|
||||
particular, make sure your <command>hosts allow</command> line is correct (see the man pages).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Also, do not overlook that fact that when the workstation requests the
|
||||
connection to the Samba server, it will attempt to connect using the
|
||||
name with which you logged onto your Windows machine. You need to make
|
||||
sure that an account exists on your Samba server with that exact same
|
||||
name and password.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you get a message <quote><errorname>specified computer is not receiving requests</errorname></quote> or similar,
|
||||
it probably means that the host is not contactable via TCP services.
|
||||
Check to see if the host is running TCP wrappers, and if so add an entry in
|
||||
the <filename>hosts.allow</filename> file for your client (or subnet, and so on.)
|
||||
</para>
|
||||
|
||||
</step>
|
||||
|
||||
<step performance="required">
|
||||
|
||||
<para>
|
||||
Run the command <command>net use x: \\BIGSERVER\TMP</command>. You should
|
||||
be prompted for a password, then you should get a <computeroutput>command completed
|
||||
successfully</computeroutput> message. If not, then your PC software is incorrectly
|
||||
installed or your &smb.conf; is incorrect. Make sure your <parameter>hosts allow</parameter>
|
||||
and other config lines in &smb.conf; are correct.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It's also possible that the server can't work out what user name to connect you as.
|
||||
To see if this is the problem, add the line
|
||||
<smbconfoption><name>user</name><value>username</value></smbconfoption> to the
|
||||
<smbconfsection>[tmp]</smbconfsection> section of
|
||||
&smb.conf; where <parameter>username</parameter> is the
|
||||
username corresponding to the password you typed. If you find this
|
||||
fixes things, you may need the username mapping option.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It might also be the case that your client only sends encrypted passwords
|
||||
and you have <smbconfoption><name>encrypt passwords</name><value>no</value></smbconfoption> in &smb.conf;.
|
||||
Change this to "yes" to fix this.
|
||||
</para>
|
||||
|
||||
</step>
|
||||
|
||||
<step performance="required">
|
||||
|
||||
<para>
|
||||
Run the command <command>nmblookup -M <parameter>testgroup</parameter></command> where
|
||||
<parameter>testgroup</parameter> is the name of the workgroup that your Samba server and
|
||||
Windows PCs belong to. You should get back the IP address of the
|
||||
master browser for that workgroup.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you do not, then the election process has failed. Wait a minute to
|
||||
see if it is just being slow, then try again. If it still fails after
|
||||
that, then look at the browsing options you have set in &smb.conf;. Make
|
||||
sure you have <smbconfoption><name>preferred master</name><value>yes</value></smbconfoption> to ensure that
|
||||
an election is held at startup.
|
||||
</para>
|
||||
|
||||
</step>
|
||||
|
||||
<step performance="required">
|
||||
|
||||
<para>
|
||||
>From file manager, try to browse the server. Your Samba server should
|
||||
appear in the browse list of your local workgroup (or the one you
|
||||
specified in &smb.conf;). You should be able to double click on the name
|
||||
of the server and get a list of shares. If you get the error message <quote>invalid password</quote>,
|
||||
you are probably running Windows NT and it
|
||||
is refusing to browse a server that has no encrypted password
|
||||
capability and is in User Level Security mode. In this case, either set
|
||||
<smbconfoption><name>security</name><value>server</value></smbconfoption> and
|
||||
<smbconfoption><name>password server</name><value>Windows_NT_Machine</value></smbconfoption> in your
|
||||
&smb.conf; file, or make sure <smbconfoption><name>encrypt passwords</name></smbconfoption> is
|
||||
set to <quote>yes</quote>.
|
||||
</para>
|
||||
|
||||
</step>
|
||||
</procedure>
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,17 +0,0 @@
|
||||
<chapter id="FastStart">
|
||||
<chapterinfo>
|
||||
&author.jht;
|
||||
</chapterinfo>
|
||||
|
||||
<title>Fast Start for the Impatient</title>
|
||||
|
||||
<sect1>
|
||||
<title>Note</title>
|
||||
|
||||
<para>
|
||||
This chapter did not make it into this release.
|
||||
It is planned for the published release of this document.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
</chapter>
|
@ -1,172 +0,0 @@
|
||||
<chapter id="Further-Resources">
|
||||
<chapterinfo>
|
||||
&author.jelmer;
|
||||
<pubdate>May 1, 2003</pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>Further Resources</title>
|
||||
|
||||
<sect1>
|
||||
<title>Websites</title>
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://hr.uoregon.edu/davidrl/cifs.txt">
|
||||
<emphasis>CIFS: Common Insecurities Fail Scrutiny</emphasis> by <quote>Hobbit</quote></ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://afr.com/it/2002/10/01/FFXDF43AP6D.html">
|
||||
<emphasis>Doing the Samba on Windows</emphasis> by Financial Review
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://ubiqx.org/cifs/">
|
||||
<emphasis>Implementing CIFS</emphasis> by Christopher R. Hertel
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://samba.anu.edu.au/cifs/docs/what-is-smb.html">
|
||||
<emphasis>Just What Is SMB?</emphasis> by Richard Sharpe
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://www.linux-mag.com/1999-05/samba_01.html">
|
||||
<emphasis>Opening Windows Everywhere</emphasis> by Mike Warfield
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://www.tldp.org/HOWTO/SMB-HOWTO.html">
|
||||
<emphasis>SMB HOWTO</emphasis> by David Wood
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://www.phrack.org/phrack/60/p60-0x0b.txt">
|
||||
<emphasis>SMB/CIFS by The Root</emphasis> by <quote>ledin</quote>
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://www.linux-mag.com/1999-09/samba_01.html">
|
||||
<emphasis>The Story of Samba</emphasis> by Christopher R. Hertel
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://hr.uoregon.edu/davidrl/samba/">
|
||||
<emphasis>The Unofficial Samba HOWTO</emphasis> by David Lechnyr
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://www.linux-mag.com/2001-05/smb_01.html">
|
||||
<emphasis>Understanding the Network Neighborhood</emphasis> by Christopher R. Hertel
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://www.linux-mag.com/2002-02/samba_01.html">
|
||||
<emphasis>Using Samba as a PDC</emphasis> by Andrew Bartlett
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://ru.samba.org/samba/ftp/docs/Samba24Hc13.pdf">
|
||||
<emphasis>PDF version of the Troubleshooting Techniques chapter</emphasis>
|
||||
from the second edition of Sam's Teach Yourself Samba in 24 Hours
|
||||
(publishing date of Dec. 12, 2001)</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://ru.samba.org/samba/ftp/slides/">
|
||||
<emphasis>Slide presentations</emphasis> by Samba Team members
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://www.atmarkit.co.jp/flinux/special/samba3/samba3a.html">
|
||||
<emphasis>Introduction to Samba-3.0</emphasis> by Motonobu Takahashi
|
||||
(written in Japanese). </ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://www.linux-mag.com/2001-05/smb_01.html">
|
||||
<emphasis>Understanding the Network Neighborhood</emphasis>, by team member
|
||||
Chris Hertel. This article appeared in the May 2001 issue of
|
||||
Linux Magazine.
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="ftp://ftp.stratus.com/pub/vos/customers/samba/">
|
||||
<emphasis>Samba 2.0.x Troubleshooting guide</emphasis> from Paul Green
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://samba.org/samba/docs/10years.html">
|
||||
<emphasis>Ten Years of Samba</emphasis>
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://tldp.org/HOWTO/Samba-Authenticated-Gateway-HOWTO.html">
|
||||
<emphasis>Samba Authenticated Gateway HOWTO</emphasis>
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://samba.org/samba/docs/SambaIntro.html">
|
||||
<emphasis>An Introduction to Samba</emphasis>
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://www.samba.org/cifs/">
|
||||
<emphasis>What is CIFS?</emphasis>
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://support.microsoft.com/support/kb/articles/q92/5/88.asp">
|
||||
<emphasis>WFWG: Password Caching and How It Affects LAN Manager
|
||||
Security</emphasis> at Microsoft Knowledge Base
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Related updates from Microsoft</title>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<ulink url="http://support.microsoft.com/support/kb/articles/q92/5/88.asp">
|
||||
<emphasis>Enhanced Encryption for Windows 95 Password Cache</emphasis>
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://support.microsoft.com/support/kb/articles/q136/4/18.asp">
|
||||
<emphasis>Windows '95 File Sharing Updates</emphasis>
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<ulink url="http://support.microsoft.com/support/kb/articles/q136/4/18.asp">
|
||||
<emphasis>Windows for Workgroups Sharing Updates</emphasis>
|
||||
</ulink>
|
||||
</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,625 +0,0 @@
|
||||
<?xml version="1.0" encoding="iso8859-1"?>
|
||||
<chapter id="groupmapping">
|
||||
<chapterinfo>
|
||||
&author.jht;
|
||||
<author>
|
||||
<firstname>Jean François</firstname><surname>Micouleau</surname>
|
||||
</author>
|
||||
&author.jerry;
|
||||
</chapterinfo>
|
||||
<title>Group Mapping &smbmdash; MS Windows and UNIX</title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm significance="preferred"><primary>groups</primary><secondary>mapping</secondary></indexterm>
|
||||
Starting with Samba-3, new group mapping functionality is available to create associations
|
||||
between Windows group SIDs and UNIX groups. The <command>groupmap</command> subcommand
|
||||
included with the &net; tool can be used to manage these associations.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The new facility for mapping NT Groups to UNIX system groups allows the administrator to decide
|
||||
which NT Domain Groups are to be exposed to MS Windows clients. Only those NT Groups that map
|
||||
to a UNIX group that has a value other than the default (<constant>-1</constant>) will be exposed
|
||||
in group selection lists in tools that access domain users and groups.
|
||||
</para>
|
||||
|
||||
<warning>
|
||||
<para>
|
||||
<indexterm><primary>domain admin group</primary></indexterm>
|
||||
The <parameter>domain admin group</parameter> parameter has been removed in Samba-3 and should no longer
|
||||
be specified in &smb.conf;. This parameter was used to give the listed users membership in the
|
||||
<constant>Domain Admins</constant> Windows group which gave local admin rights on their workstations
|
||||
(in default configurations).
|
||||
</para>
|
||||
</warning>
|
||||
|
||||
<sect1>
|
||||
<title>Features and Benefits</title>
|
||||
|
||||
<para>
|
||||
Samba allows the administrator to create MS Windows NT4/200x group accounts and to
|
||||
arbitrarily associate them with UNIX/Linux group accounts.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>UID</primary></indexterm>
|
||||
<indexterm><primary>GID</primary></indexterm>
|
||||
Group accounts can be managed using the MS Windows NT4 or MS Windows 200x/XP Professional MMC tools.
|
||||
Appropriate interface scripts should be provided in &smb.conf; if it is desired that UNIX/Linux system
|
||||
accounts should be automatically created when these tools are used. In the absence of these scripts, and
|
||||
so long as <command>winbindd</command> is running, Samba group accounts that are created using these
|
||||
tools will be allocated UNIX UIDs/GIDs from the ID range specified by the
|
||||
<smbconfoption><name>idmap uid</name></smbconfoption>/<smbconfoption><name>idmap gid</name></smbconfoption>
|
||||
parameters in the &smb.conf; file.
|
||||
</para>
|
||||
|
||||
<figure id="idmap-sid2gid"><title>IDMAP: group SID to GID resolution.</title>
|
||||
<mediaobject>
|
||||
<imageobject role="latex"><imagedata fileref="projdoc/imagefiles/idmap-sid2gid" scale="50" scalefit="1"/></imageobject>
|
||||
<imageobject><imagedata fileref="projdoc/imagefiles/idmap-sid2gid.png" scale="50" scalefit="1"/></imageobject>
|
||||
</mediaobject>
|
||||
</figure>
|
||||
|
||||
<figure id="idmap-gid2sid"><title>IDMAP: GID resolution to matching SID.</title>
|
||||
<mediaobject>
|
||||
<imageobject role="latex"><imagedata fileref="projdoc/imagefiles/idmap-gid2sid" scale="50" scalefit="1"/></imageobject>
|
||||
<imageobject><imagedata fileref="projdoc/imagefiles/idmap-gid2sid.png" scale="50" scalefit="1"/></imageobject>
|
||||
</mediaobject>
|
||||
</figure>
|
||||
|
||||
<para>
|
||||
In both cases, when winbindd is not running, only locally resolvable groups can be recognized. Please refer to
|
||||
<link linkend="idmap-sid2gid"></link> and <link linkend="idmap-gid2sid"></link>. The <command>net groupmap</command> is
|
||||
used to establish UNIX group to NT SID mappings as shown in <link linkend="idmap-store-gid2sid"></link>.
|
||||
</para>
|
||||
|
||||
<figure id="idmap-store-gid2sid"><title>IDMAP storing group mappings.</title>
|
||||
<mediaobject>
|
||||
<imageobject role="latex"><imagedata fileref="projdoc/imagefiles/idmap-store-gid2sid" scale="50" scalefit="1"/></imageobject>
|
||||
<imageobject><imagedata fileref="projdoc/imagefiles/idmap-store-gid2sid.png" scale="50" scalefit="1"/></imageobject>
|
||||
</mediaobject>
|
||||
</figure>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>groupadd</primary></indexterm>
|
||||
<indexterm><primary>groupdel</primary></indexterm>
|
||||
Administrators should be aware that where &smb.conf; group interface scripts make
|
||||
direct calls to the UNIX/Linux system tools (the shadow utilities, <command>groupadd</command>,
|
||||
<command>groupdel</command>, and <command>groupmod</command>), the resulting UNIX/Linux group names will be subject
|
||||
to any limits imposed by these tools. If the tool does not allow upper case characters
|
||||
or space characters, then the creation of an MS Windows NT4/200x style group of
|
||||
<ntgroup>Engineering Managers</ntgroup> will attempt to create an identically named
|
||||
UNIX/Linux group, an attempt that will of course fail.
|
||||
</para>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>GID</primary></indexterm>
|
||||
<indexterm><primary>SID</primary></indexterm>
|
||||
There are several possible work-arounds for the operating system tools limitation. One
|
||||
method is to use a script that generates a name for the UNIX/Linux system group that
|
||||
fits the operating system limits, and that then just passes the UNIX/Linux group ID (GID)
|
||||
back to the calling Samba interface. This will provide a dynamic work-around solution.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Another work-around is to manually create a UNIX/Linux group, then manually create the
|
||||
MS Windows NT4/200x group on the Samba server and then use the <command>net groupmap</command>
|
||||
tool to connect the two to each other.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Discussion</title>
|
||||
|
||||
<para>
|
||||
When installing <application>MS Windows NT4/200x</application> on a computer, the installation
|
||||
program creates default users and groups, notably the <constant>Administrators</constant> group,
|
||||
and gives that group privileges necessary privileges to perform essential system tasks,
|
||||
such as the ability to change the date and time or to kill (or close) any process running on the
|
||||
local machine.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Administrator</primary></indexterm>
|
||||
The <constant>Administrator</constant> user is a member of the <constant>Administrators</constant> group, and thus inherits
|
||||
<constant>Administrators</constant> group privileges. If a <constant>joe</constant> user is created to be a member of the
|
||||
<constant>Administrators</constant> group, <constant>joe</constant> has exactly the same rights as the user,
|
||||
<constant>Administrator</constant>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When an MS Windows NT4/200x/XP machine is made a Domain Member, the <quote>Domain Admins</quote> group of the
|
||||
PDC is added to the local <constant>Administrators</constant> group of the workstation. Every member of the
|
||||
<constant>Domain Administrators</constant> group inherits the rights of the local <constant>Administrators</constant> group when
|
||||
logging on the workstation.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The following steps describe how to make Samba PDC users members of the <constant>Domain Admins</constant> group?
|
||||
</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
Create a UNIX group (usually in <filename>/etc/group</filename>), let's call it <constant>domadm</constant>.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Add to this group the users that must be <quote>Administrators</quote>. For example,
|
||||
if you want <constant>joe, john</constant> and <constant>mary</constant> to be administrators,
|
||||
your entry in <filename>/etc/group</filename> will look like this:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
domadm:x:502:joe,john,mary
|
||||
</programlisting>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Map this domadm group to the <quote>Domain Admins</quote> group by running the command:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
&rootprompt;<userinput>net groupmap add ntgroup="Domain Admins" UNIXgroup=domadm</userinput>
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Domain Admins group</primary></indexterm>
|
||||
The quotes around <quote>Domain Admins</quote> are necessary due to the space in the group name.
|
||||
Also make sure to leave no white-space surrounding the equal character (=).
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>
|
||||
Now <constant>joe, john</constant> and <constant>mary</constant> are domain administrators.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>groups</primary><secondary>domain</secondary></indexterm>
|
||||
It is possible to map any arbitrary UNIX group to any Windows NT4/200x group as well as
|
||||
making any UNIX group a Windows domain group. For example, if you wanted to include a
|
||||
UNIX group (e.g., acct) in an ACL on a local file or printer on a Domain Member machine,
|
||||
you would flag that group as a domain group by running the following on the Samba PDC:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
&rootprompt;<userinput>net groupmap add rid=1000 ntgroup="Accounting" UNIXgroup=acct</userinput>
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Be aware that the RID parameter is a unsigned 32-bit integer that should
|
||||
normally start at 1000. However, this RID must not overlap with any RID assigned
|
||||
to a user. Verification for this is done differently depending on the passdb backend
|
||||
you are using. Future versions of the tools may perform the verification automatically,
|
||||
but for now the burden is on you.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Default Users, Groups and Relative Identifiers</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Relative Identifier</primary><see>RID</see></indexterm>
|
||||
<indexterm><primary>RID</primary></indexterm>
|
||||
When first installed, Microsoft Windows NT4/200x/XP are preconfigured with certain User, Group, and
|
||||
Alias entities. Each has a well-known Relative Identifier (RID). These must be preserved for continued
|
||||
integrity of operation. Samba must be provisioned with certain essential Domain Groups that require
|
||||
the appropriate RID value. When Samba-3 is configured to use <constant>tdbsam</constant> the essential
|
||||
Domain Groups are automatically created. It is the LDAP administrators' responsibility to create
|
||||
(provision) the default NT Groups.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Each essential Domain Group must be assigned its respective well-kown RID. The default Users, Groups,
|
||||
Aliases, and RIDs are shown in <link linkend="WKURIDS"/>.
|
||||
</para>
|
||||
|
||||
<note><para>
|
||||
When the <parameter>passdb backend</parameter> uses LDAP (<constant>ldapsam</constant>) it is the
|
||||
admininstrators' responsibility to create the essential Domain Groups, and to assign each its default RID.
|
||||
</para></note>
|
||||
|
||||
<para>
|
||||
It is permissible to create any Domain Group that may be necessary, just make certain that the essential
|
||||
Domain Groups (well known) have been created and assigned its default RID. Other groups you create may
|
||||
be assigned any arbitrary RID you care to use.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Be sure to map each Domain Group to a UNIX system group. That is the only way to ensure that the group
|
||||
will be available for use as an NT Domain Group.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<table frame="all" id="WKURIDS">
|
||||
<title>Well-Known User Default RIDs</title>
|
||||
<tgroup cols="4" align="left">
|
||||
<colspec align="left"/>
|
||||
<colspec align="left"/>
|
||||
<colspec align="left"/>
|
||||
<colspec align="center"/>
|
||||
<thead>
|
||||
<row>
|
||||
<entry>Well-Known Entity</entry>
|
||||
<entry>RID</entry>
|
||||
<entry>Type</entry>
|
||||
<entry>Essential</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>Domain Administrator</entry>
|
||||
<entry>500</entry>
|
||||
<entry>User</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Domain Guest</entry>
|
||||
<entry>501</entry>
|
||||
<entry>User</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Domain KRBTGT</entry>
|
||||
<entry>502</entry>
|
||||
<entry>User</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Domain Admins</entry>
|
||||
<entry>512</entry>
|
||||
<entry>Group</entry>
|
||||
<entry>Yes</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Domain Users</entry>
|
||||
<entry>513</entry>
|
||||
<entry>Group</entry>
|
||||
<entry>Yes</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Domain Guests</entry>
|
||||
<entry>514</entry>
|
||||
<entry>Group</entry>
|
||||
<entry>Yes</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Domain Computers</entry>
|
||||
<entry>515</entry>
|
||||
<entry>Group</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Domain Controllers</entry>
|
||||
<entry>516</entry>
|
||||
<entry>Group</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Domain Certificate Admins</entry>
|
||||
<entry>517</entry>
|
||||
<entry>Group</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Domain Schema Admins</entry>
|
||||
<entry>518</entry>
|
||||
<entry>Group</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Domain Enterprise Admins</entry>
|
||||
<entry>519</entry>
|
||||
<entry>Group</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Domain Policy Admins</entry>
|
||||
<entry>520</entry>
|
||||
<entry>Group</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Builtin Admins</entry>
|
||||
<entry>544</entry>
|
||||
<entry>Alias</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Builtin users</entry>
|
||||
<entry>545</entry>
|
||||
<entry>Alias</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Builtin Guests</entry>
|
||||
<entry>546</entry>
|
||||
<entry>Alias</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Builtin Power Users</entry>
|
||||
<entry>547</entry>
|
||||
<entry>Alias</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Builtin Account Operators</entry>
|
||||
<entry>548</entry>
|
||||
<entry>Alias</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Builtin System Operators</entry>
|
||||
<entry>549</entry>
|
||||
<entry>Alias</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Builtin Print Operators</entry>
|
||||
<entry>550</entry>
|
||||
<entry>Alias</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Builtin Backup Operators</entry>
|
||||
<entry>551</entry>
|
||||
<entry>Alias</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Builtin Replicator</entry>
|
||||
<entry>552</entry>
|
||||
<entry>Alias</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>Builtin RAS Servers</entry>
|
||||
<entry>553</entry>
|
||||
<entry>Alias</entry>
|
||||
<entry>No</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Example Configuration</title>
|
||||
|
||||
<para>
|
||||
You can list the various groups in the mapping database by executing
|
||||
<command>net groupmap list</command>. Here is an example:
|
||||
</para>
|
||||
|
||||
<indexterm><primary>net</primary><secondary>groupmap</secondary></indexterm>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
&rootprompt; <userinput>net groupmap list</userinput>
|
||||
Domain Admins (S-1-5-21-2547222302-1596225915-2414751004-512) -> domadmin
|
||||
Domain Users (S-1-5-21-2547222302-1596225915-2414751004-513) -> domuser
|
||||
Domain Guests (S-1-5-21-2547222302-1596225915-2414751004-514) -> domguest
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For complete details on <command>net groupmap</command>, refer to the net(8) man page.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Configuration Scripts</title>
|
||||
|
||||
<para>
|
||||
Everyone needs tools. Some of us like to create our own, others prefer to use canned tools
|
||||
(i.e., prepared by someone else for general use).
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Sample &smb.conf; Add Group Script</title>
|
||||
|
||||
<para>
|
||||
A script to create complying group names for use by the Samba group interfaces
|
||||
is provided in <link linkend="smbgrpadd.sh"></link>.
|
||||
</para>
|
||||
|
||||
<indexterm><primary>smbgrpadd.sh</primary></indexterm>
|
||||
<para>
|
||||
<example id="smbgrpadd.sh">
|
||||
<title>smbgrpadd.sh</title>
|
||||
<programlisting>
|
||||
|
||||
#!/bin/bash
|
||||
|
||||
# Add the group using normal system groupadd tool.
|
||||
groupadd smbtmpgrp00
|
||||
|
||||
thegid=`cat /etc/group | grep smbtmpgrp00 | cut -d ":" -f3`
|
||||
|
||||
# Now change the name to what we want for the MS Windows networking end
|
||||
cp /etc/group /etc/group.bak
|
||||
cat /etc/group.bak | sed s/smbtmpgrp00/$1/g > /etc/group
|
||||
|
||||
# Now return the GID as would normally happen.
|
||||
echo $thegid
|
||||
exit 0
|
||||
</programlisting>
|
||||
</example>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The &smb.conf; entry for the above script would be something like that in <link linkend="smbgrpadd"/>.
|
||||
<smbconfexample id="smbgrpadd">
|
||||
<title>Configuration of &smb.conf; for the add group script.</title>
|
||||
<smbconfsection>[global]</smbconfsection>
|
||||
<member>...</member>
|
||||
<smbconfoption><name>add group script</name><value>/path_to_tool/smbgrpadd.sh %g</value></smbconfoption>
|
||||
<member>...</member>
|
||||
</smbconfexample>
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Script to Configure Group Mapping</title>
|
||||
|
||||
<para>
|
||||
In our example we have created a UNIX/Linux group called <ntgroup>ntadmin</ntgroup>.
|
||||
Our script will create the additional groups <ntgroup>Orks</ntgroup>, <ntgroup>Elves</ntgroup>, and <ntgroup>Gnomes</ntgroup>.
|
||||
It is a good idea to save this shell script for later re-use just in case you ever need to rebuild your mapping database.
|
||||
For the sake of concenience we elect to save this script as a file called <filename>initGroups.sh</filename>.
|
||||
This script is given in <link linkend="set-group-map"></link>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>initGroups.sh</primary></indexterm>
|
||||
<example id="set-group-map">
|
||||
<title>Script to Set Group Mapping</title>
|
||||
<programlisting>
|
||||
#!/bin/bash
|
||||
|
||||
net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmin
|
||||
net groupmap modify ntgroup="Domain Users" unixgroup=users
|
||||
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
|
||||
|
||||
groupadd Orks
|
||||
groupadd Elves
|
||||
groupadd Gnomes
|
||||
|
||||
net groupmap add ntgroup="Orks" unixgroup=Orks type=d
|
||||
net groupmap add ntgroup="Elves" unixgroup=Elves type=d
|
||||
net groupmap add ntgroup="Gnomes" unixgroup=Gnomes type=d
|
||||
</programlisting>
|
||||
</example>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Of course it is expected that the administrator will modify this to suit local needs.
|
||||
For information regarding the use of the <command>net groupmap</command> tool please
|
||||
refer to the man page.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Common Errors</title>
|
||||
|
||||
<para>
|
||||
At this time there are many little surprises for the unwary administrator. In a real sense
|
||||
it is imperative that every step of automated control scripts must be carefully tested
|
||||
manually before putting them into active service.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Adding Groups Fails</title>
|
||||
|
||||
<para>
|
||||
This is a common problem when the <command>groupadd</command> is called directly
|
||||
by the Samba interface script for the <smbconfoption><name>add group script</name></smbconfoption> in
|
||||
the &smb.conf; file.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The most common cause of failure is an attempt to add an MS Windows group account
|
||||
that has either an upper case character and/or a space character in it.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
There are three possible work-arounds. First, use only group names that comply
|
||||
with the limitations of the UNIX/Linux <command>groupadd</command> system tool.
|
||||
Second, it involves the use of the script mentioned earlier in this chapter, and
|
||||
third is the option is to manually create a UNIX/Linux group account that can substitute
|
||||
for the MS Windows group name, then use the procedure listed above to map that group
|
||||
to the MS Windows group.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Adding MS Windows Groups to MS Windows Groups Fails</title>
|
||||
|
||||
<indexterm><primary>groups</primary><secondary>nested</secondary></indexterm>
|
||||
|
||||
<para>
|
||||
Samba-3 does not support nested groups from the MS Windows control environment.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Adding <emphasis>Domain Users</emphasis> to the <emphasis>Power Users</emphasis> Group</title>
|
||||
|
||||
<para><quote>
|
||||
What must I do to add Domain Users to the Power Users group?
|
||||
</quote></para>
|
||||
|
||||
<indexterm><primary>Domain Users group</primary></indexterm>
|
||||
|
||||
<para>
|
||||
The Power Users group is a group that is local to each Windows 200x/XP Professional workstation.
|
||||
You cannot add the Domain Users group to the Power Users group automatically, it must be done on
|
||||
each workstation by logging in as the local workstation <emphasis>administrator</emphasis> and
|
||||
then using the following procedure:
|
||||
</para>
|
||||
|
||||
<procedure>
|
||||
<step><para>
|
||||
Click <guimenu>Start -> Control Panel -> Users and Passwords</guimenu>.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
Click the <guimenuitem>Advanced</guimenuitem> tab.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
Click the <guibutton>Advanced</guibutton> button.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
Click <constant>Groups</constant>.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
Double click <constant>Power Users</constant>. This will launch the panel to add users or groups
|
||||
to the local machine <constant>Power Uses</constant> group.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
Click the <guibutton>Add</guibutton> button.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
Select the domain from which the <constant>Domain Users</constant> group is to be added.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
Double click the <constant>Domain Users</constant> group.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
Click the <guibutton>Ok</guibutton> button. If a logon box is presented during this process
|
||||
please remember to enter the connect as <constant>DOMAIN\UserName</constant>. i.e., For the
|
||||
domain <constant>MIDEARTH</constant> and the user <constant>root</constant> enter
|
||||
<constant>MIDEARTH\root</constant>.
|
||||
</para></step>
|
||||
</procedure>
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -1,17 +0,0 @@
|
||||
<chapter id="SambaHA">
|
||||
<chapterinfo>
|
||||
&author.jht;
|
||||
</chapterinfo>
|
||||
|
||||
<title>High Availability Options</title>
|
||||
|
||||
<sect1>
|
||||
<title>Note</title>
|
||||
|
||||
<para>
|
||||
This chapter did not make it into this release.
|
||||
It is planned for the published release of this document.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
</chapter>
|
@ -1,712 +0,0 @@
|
||||
<chapter id="integrate-ms-networks">
|
||||
|
||||
<chapterinfo>
|
||||
&author.jht;
|
||||
<pubdate> (Jan 01 2001) </pubdate>
|
||||
</chapterinfo>
|
||||
|
||||
<title>Integrating MS Windows Networks with Samba</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>NetBIOS</primary></indexterm>
|
||||
This section deals with NetBIOS over TCP/IP name to IP address resolution. If
|
||||
your MS Windows clients are not configured to use NetBIOS over TCP/IP, then this
|
||||
section does not apply to your installation. If your installation
|
||||
involves the use of
|
||||
NetBIOS over TCP/IP then this section may help you to resolve networking problems.
|
||||
</para>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
NetBIOS over TCP/IP has nothing to do with NetBEUI. NetBEUI is NetBIOS
|
||||
over Logical Link Control (LLC). On modern networks it is highly advised
|
||||
to not run NetBEUI at all. Note also there is no such thing as
|
||||
NetBEUI over TCP/IP &smbmdash; the existence of such a protocol is a complete
|
||||
and utter misapprehension.
|
||||
</para>
|
||||
</note>
|
||||
|
||||
<sect1>
|
||||
<title>Features and Benefits</title>
|
||||
|
||||
<para>
|
||||
Many MS Windows network administrators have never been exposed to basic TCP/IP
|
||||
networking as it is implemented in a UNIX/Linux operating system. Likewise, many UNIX and
|
||||
Linux administrators have not been exposed to the intricacies of MS Windows TCP/IP-based
|
||||
networking (and may have no desire to be either).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This chapter gives a short introduction to the basics of how a name can be resolved to
|
||||
its IP address for each operating system environment.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Background Information</title>
|
||||
|
||||
<para>
|
||||
Since the introduction of MS Windows 2000, it is possible to run MS Windows networking
|
||||
without the use of NetBIOS over TCP/IP. NetBIOS over TCP/IP uses UDP port 137 for NetBIOS
|
||||
name resolution and uses TCP port 139 for NetBIOS session services. When NetBIOS over
|
||||
TCP/IP is disabled on MS Windows 2000 and later clients, then only the TCP port 445 will be
|
||||
used and the UDP port 137 and TCP port 139 will not.
|
||||
</para>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
When using Windows 2000 or later clients, if NetBIOS over TCP/IP is not disabled, then
|
||||
the client will use UDP port 137 (NetBIOS Name Service, also known as the Windows Internet
|
||||
Name Service or WINS), TCP port 139 and TCP port 445 (for actual file and print traffic).
|
||||
</para>
|
||||
</note>
|
||||
|
||||
<para>
|
||||
When NetBIOS over TCP/IP is disabled, the use of DNS is essential. Most installations that
|
||||
disable NetBIOS over TCP/IP today use MS Active Directory Service (ADS). ADS requires
|
||||
<indexterm><primary>DNS</primary><secondary>Dynamic</secondary></indexterm>
|
||||
Dynamic DNS with Service Resource Records (SRV RR) and with Incremental Zone Transfers (IXFR).
|
||||
<indexterm><primary>DHCP</primary></indexterm>
|
||||
Use of DHCP with ADS is recommended as a further means of maintaining central control
|
||||
over the client workstation network configuration.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Name Resolution in a Pure UNIX/Linux World</title>
|
||||
|
||||
<para>
|
||||
The key configuration files covered in this section are:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><filename>/etc/hosts</filename></para></listitem>
|
||||
<listitem><para><filename>/etc/resolv.conf</filename></para></listitem>
|
||||
<listitem><para><filename>/etc/host.conf</filename></para></listitem>
|
||||
<listitem><para><filename>/etc/nsswitch.conf</filename></para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<sect2>
|
||||
<title><filename>/etc/hosts</filename></title>
|
||||
|
||||
<para>
|
||||
This file contains a static list of IP addresses and names.
|
||||
</para>
|
||||
<para><programlisting>
|
||||
127.0.0.1 localhost localhost.localdomain
|
||||
192.168.1.1 bigbox.quenya.org bigbox alias4box
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
The purpose of <filename>/etc/hosts</filename> is to provide a
|
||||
name resolution mechanism so uses do not need to remember
|
||||
IP addresses.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Network packets that are sent over the physical network transport
|
||||
layer communicate not via IP addresses but rather using the Media
|
||||
Access Control address, or MAC address. IP addresses are currently
|
||||
32 bits in length and are typically presented as four (4) decimal
|
||||
numbers that are separated by a dot (or period). For example, 168.192.1.1.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>MAC Addresses</primary></indexterm>
|
||||
MAC Addresses use 48 bits (or 6 bytes) and are typically represented
|
||||
as two-digit hexadecimal numbers separated by colons: 40:8e:0a:12:34:56.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Every network interface must have a MAC address. Associated with
|
||||
a MAC address may be one or more IP addresses. There is no
|
||||
relationship between an IP address and a MAC address; all such assignments
|
||||
are arbitrary or discretionary in nature. At the most basic level, all
|
||||
network communications take place using MAC addressing. Since MAC
|
||||
addresses must be globally unique and generally remain fixed for
|
||||
any particular interface, the assignment of an IP address makes sense
|
||||
from a network management perspective. More than one IP address can
|
||||
be assigned per MAC address. One address must be the primary IP
|
||||
address &smbmdash;
|
||||
this is the address that will be returned in the ARP reply.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When a user or a process wants to communicate with another machine,
|
||||
the protocol implementation ensures that the <quote>machine name</quote> or <quote>host
|
||||
name</quote> is resolved to an IP address in a manner that is controlled
|
||||
by the TCP/IP configuration control files. The file
|
||||
<filename>/etc/hosts</filename> is one such file.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When the IP address of the destination interface has been
|
||||
determined, a protocol called ARP/RARP is used to identify
|
||||
the MAC address of the target interface. ARP stands for Address
|
||||
Resolution Protocol and is a broadcast-oriented method that
|
||||
uses User Datagram Protocol (UDP) to send a request to all
|
||||
interfaces on the local network segment using the all 1s MAC
|
||||
address. Network interfaces are programmed to respond to two
|
||||
MAC addresses only; their own unique address and the address
|
||||
ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will
|
||||
contain the MAC address and the primary IP address for each
|
||||
interface.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>/etc/hosts</primary></indexterm>
|
||||
The <filename>/etc/hosts</filename> file is foundational to all
|
||||
UNIX/Linux TCP/IP installations and as a minimum will contain
|
||||
the localhost and local network interface IP addresses and the
|
||||
primary names by which they are known within the local machine.
|
||||
This file helps to prime the pump so a basic level of name
|
||||
resolution can exist before any other method of name resolution
|
||||
becomes available.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
|
||||
<sect2>
|
||||
<title><filename>/etc/resolv.conf</filename></title>
|
||||
|
||||
<para>
|
||||
This file tells the name resolution libraries:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>The name of the domain to which the machine
|
||||
belongs.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>The name(s) of any domains that should be
|
||||
automatically searched when trying to resolve unqualified
|
||||
host names to their IP address.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>The name or IP address of available Domain
|
||||
Name Servers that may be asked to perform name-to-address
|
||||
translation lookups.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</sect2>
|
||||
|
||||
|
||||
<sect2>
|
||||
<title><filename>/etc/host.conf</filename></title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>/etc/host.conf</primary></indexterm>
|
||||
<filename>/etc/host.conf</filename> is the primary means by
|
||||
which the setting in <filename>/etc/resolv.conf</filename> may be effected. It is a
|
||||
critical configuration file. This file controls the order by
|
||||
which name resolution may proceed. The typical structure is:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
order hosts,bind
|
||||
multi on
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
then both addresses should be returned. Please refer to the
|
||||
man page for <filename>host.conf</filename> for further details.
|
||||
</para>
|
||||
|
||||
|
||||
</sect2>
|
||||
|
||||
|
||||
|
||||
<sect2>
|
||||
<title><filename>/etc/nsswitch.conf</filename></title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>/etc/nsswitch.conf</primary></indexterm>
|
||||
This file controls the actual name resolution targets. The
|
||||
file typically has resolver object specifications as follows:
|
||||
</para>
|
||||
|
||||
|
||||
<para><programlisting>
|
||||
# /etc/nsswitch.conf
|
||||
#
|
||||
# Name Service Switch configuration file.
|
||||
#
|
||||
|
||||
passwd: compat
|
||||
# Alternative entries for password authentication are:
|
||||
# passwd: compat files nis ldap winbind
|
||||
shadow: compat
|
||||
group: compat
|
||||
|
||||
hosts: files nis dns
|
||||
# Alternative entries for host name resolution are:
|
||||
# hosts: files dns nis nis+ hesiod db compat ldap wins
|
||||
networks: nis files dns
|
||||
|
||||
ethers: nis files
|
||||
protocols: nis files
|
||||
rpc: nis files
|
||||
services: nis files
|
||||
</programlisting></para>
|
||||
|
||||
<para>
|
||||
Of course, each of these mechanisms requires that the appropriate
|
||||
facilities and/or services are correctly configured.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It should be noted that unless a network request/message must be
|
||||
sent, TCP/IP networks are silent. All TCP/IP communications assume a
|
||||
principal of speaking only when necessary.
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>libnss_wins.so</primary></indexterm>
|
||||
Starting with version 2.2.0, Samba has Linux support for extensions to
|
||||
the name service switch infrastructure so Linux clients will
|
||||
be able to obtain resolution of MS Windows NetBIOS names to IP
|
||||
Addresses. To gain this functionality, Samba needs to be compiled
|
||||
with appropriate arguments to the make command (i.e., <userinput>make
|
||||
nsswitch/libnss_wins.so</userinput>). The resulting library should
|
||||
then be installed in the <filename>/lib</filename> directory and
|
||||
the <parameter>wins</parameter> parameter needs to be added to the <quote>hosts:</quote> line in
|
||||
the <filename>/etc/nsswitch.conf</filename> file. At this point, it
|
||||
will be possible to ping any MS Windows machine by its NetBIOS
|
||||
machine name, as long as that machine is within the workgroup to
|
||||
which both the Samba machine and the MS Windows machine belong.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
|
||||
<sect1>
|
||||
<title>Name Resolution as Used within MS Windows Networking</title>
|
||||
|
||||
<para>
|
||||
MS Windows networking is predicated about the name each machine
|
||||
is given. This name is known variously (and inconsistently) as
|
||||
the <quote>computer name,</quote> <quote>machine name,</quote> <quote>networking name,</quote> <quote>netbios name,</quote>
|
||||
or <quote>SMB name.</quote> All terms mean the same thing with the exception of
|
||||
<quote>netbios name</quote> that can also apply to the name of the workgroup or the
|
||||
domain name. The terms <quote>workgroup</quote> and <quote>domain</quote> are really just a
|
||||
simple name with which the machine is associated. All NetBIOS names
|
||||
are exactly 16 characters in length. The 16<superscript>th</superscript> character is reserved.
|
||||
It is used to store a one-byte value that indicates service level
|
||||
information for the NetBIOS name that is registered. A NetBIOS machine
|
||||
name is, therefore, registered for each service type that is provided by
|
||||
the client/server.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<link linkend="uniqnetbiosnames"/> and <link linkend="netbiosnamesgrp"/> list typical NetBIOS name/service type registrations.
|
||||
</para>
|
||||
|
||||
<table frame="all" id="uniqnetbiosnames">
|
||||
<title>Unique NetBIOS Names</title>
|
||||
<tgroup cols="2">
|
||||
<colspec align="left"/>
|
||||
<colspec align="justify"/>
|
||||
<tbody>
|
||||
<row><entry>MACHINENAME<00></entry><entry>Server Service is running on MACHINENAME</entry></row>
|
||||
<row><entry>MACHINENAME<03></entry><entry>Generic Machine Name (NetBIOS name)</entry></row>
|
||||
<row><entry>MACHINENAME<20></entry><entry>LanMan Server service is running on MACHINENAME</entry></row>
|
||||
<row><entry>WORKGROUP<1b></entry><entry>Domain Master Browser</entry></row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<table frame="all" id="netbiosnamesgrp">
|
||||
<title>Group Names</title>
|
||||
<tgroup cols="2">
|
||||
<colspec align="left"/>
|
||||
<colspec align="justify"/>
|
||||
<tbody>
|
||||
<row><entry>WORKGROUP<03></entry><entry>Generic Name registered by all members of WORKGROUP</entry></row>
|
||||
<row><entry>WORKGROUP<1c></entry><entry>Domain Controllers / Netlogon Servers</entry></row>
|
||||
<row><entry>WORKGROUP<1d></entry><entry>Local Master Browsers</entry></row>
|
||||
<row><entry>WORKGROUP<1e></entry><entry>Internet Name Resolvers</entry></row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>NetBIOS</primary></indexterm>
|
||||
It should be noted that all NetBIOS machines register their own
|
||||
names as per the above. This is in vast contrast to TCP/IP
|
||||
installations where traditionally the system administrator will
|
||||
determine in the <filename>/etc/hosts</filename> or in the DNS database what names
|
||||
are associated with each IP address.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>NetBIOS</primary></indexterm>
|
||||
One further point of clarification should be noted. The <filename>/etc/hosts</filename>
|
||||
file and the DNS records do not provide the NetBIOS name type information
|
||||
that MS Windows clients depend on to locate the type of service that may
|
||||
be needed. An example of this is what happens when an MS Windows client
|
||||
wants to locate a domain logon server. It finds this service and the IP
|
||||
address of a server that provides it by performing a lookup (via a
|
||||
NetBIOS broadcast) for enumeration of all machines that have
|
||||
registered the name type *<1c>. A logon request is then sent to each
|
||||
IP address that is returned in the enumerated list of IP addresses.
|
||||
Whichever machine first replies, it then ends up providing the logon services.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The name <quote>workgroup</quote> or <quote>domain</quote> really can be confusing since these
|
||||
have the added significance of indicating what is the security
|
||||
architecture of the MS Windows network. The term <quote>workgroup</quote> indicates
|
||||
that the primary nature of the network environment is that of a
|
||||
peer-to-peer design. In a WORKGROUP, all machines are responsible for
|
||||
their own security, and generally such security is limited to the use of
|
||||
just a password (known as Share Level security). In most situations
|
||||
with peer-to-peer networking, the users who control their own machines
|
||||
will simply opt to have no security at all. It is possible to have
|
||||
User Level Security in a WORKGROUP environment, thus requiring the use
|
||||
of a user name and a matching password.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
MS Windows networking is thus predetermined to use machine names
|
||||
for all local and remote machine message passing. The protocol used is
|
||||
called Server Message Block (SMB) and this is implemented using
|
||||
the NetBIOS protocol (Network Basic Input Output System). NetBIOS can
|
||||
be encapsulated using LLC (Logical Link Control) protocol &smbmdash; in which case
|
||||
the resulting protocol is called NetBEUI (Network Basic Extended User
|
||||
Interface). NetBIOS can also be run over IPX (Internetworking Packet
|
||||
Exchange) protocol as used by Novell NetWare, and it can be run
|
||||
over TCP/IP protocols &smbmdash; in which case the resulting protocol is called
|
||||
NBT or NetBT, the NetBIOS over TCP/IP.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
MS Windows machines use a complex array of name resolution mechanisms.
|
||||
Since we are primarily concerned with TCP/IP, this demonstration is
|
||||
limited to this area.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>The NetBIOS Name Cache</title>
|
||||
|
||||
<para>
|
||||
All MS Windows machines employ an in-memory buffer in which is
|
||||
stored the NetBIOS names and IP addresses for all external
|
||||
machines that machine has communicated with over the
|
||||
past 10-15 minutes. It is more efficient to obtain an IP address
|
||||
for a machine from the local cache than it is to go through all the
|
||||
configured name resolution mechanisms.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If a machine whose name is in the local name cache has been shut
|
||||
down before the name had been expired and flushed from the cache, then
|
||||
an attempt to exchange a message with that machine will be subject
|
||||
to time-out delays. Its name is in the cache, so a name resolution
|
||||
lookup will succeed, but the machine cannot respond. This can be
|
||||
frustrating for users but is a characteristic of the protocol.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>nbtstat</primary></indexterm>
|
||||
<indexterm><primary>nmblookup</primary></indexterm>
|
||||
The MS Windows utility that allows examination of the NetBIOS
|
||||
name cache is called <quote>nbtstat</quote>. The Samba equivalent of this
|
||||
is called <command>nmblookup</command>.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>The LMHOSTS File</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>LMHOSTS</primary></indexterm>
|
||||
This file is usually located in MS Windows NT 4.0 or Windows 200x/XP in the directory
|
||||
<filename>C:\WINNT\SYSTEM32\DRIVERS\ETC</filename> and contains the IP Address
|
||||
and the machine name in matched pairs. The <filename>LMHOSTS</filename> file
|
||||
performs NetBIOS name to IP address mapping.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It typically looks like this:
|
||||
</para>
|
||||
|
||||
<para><programlisting>
|
||||
# Copyright (c) 1998 Microsoft Corp.
|
||||
#
|
||||
# This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS
|
||||
# over TCP/IP) stack for Windows98
|
||||
#
|
||||
# This file contains the mappings of IP addresses to NT computernames
|
||||
# (NetBIOS) names. Each entry should be kept on an individual line.
|
||||
# The IP address should be placed in the first column followed by the
|
||||
# corresponding computername. The address and the computername
|
||||
# should be separated by at least one space or tab. The "#" character
|
||||
# is generally used to denote the start of a comment (see the exceptions
|
||||
# below).
|
||||
#
|
||||
# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
|
||||
# files and offers the following extensions:
|
||||
#
|
||||
# #PRE
|
||||
# #DOM:<domain>
|
||||
# #INCLUDE <filename>
|
||||
# #BEGIN_ALTERNATE
|
||||
# #END_ALTERNATE
|
||||
# \0xnn (non-printing character support)
|
||||
#
|
||||
# Following any entry in the file with the characters "#PRE" will cause
|
||||
# the entry to be preloaded into the name cache. By default, entries are
|
||||
# not preloaded, but are parsed only after dynamic name resolution fails.
|
||||
#
|
||||
# Following an entry with the "#DOM:<domain>" tag will associate the
|
||||
# entry with the domain specified by <domain>. This effects how the
|
||||
# browser and logon services behave in TCP/IP environments. To preload
|
||||
# the host name associated with #DOM entry, it is necessary to also add a
|
||||
# #PRE to the line. The <domain> is always preloaded although it will not
|
||||
# be shown when the name cache is viewed.
|
||||
#
|
||||
# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
|
||||
# software to seek the specified <filename> and parse it as if it were
|
||||
# local. <filename> is generally a UNC-based name, allowing a
|
||||
# centralized lmhosts file to be maintained on a server.
|
||||
# It is ALWAYS necessary to provide a mapping for the IP address of the
|
||||
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
|
||||
# In addition the share "public" in the example below must be in the
|
||||
# LanManServer list of "NullSessionShares" in order for client machines to
|
||||
# be able to read the lmhosts file successfully. This key is under
|
||||
# \machine\system\currentcontrolset\services\lanmanserver\
|
||||
# parameters\nullsessionshares
|
||||
# in the registry. Simply add "public" to the list found there.
|
||||
#
|
||||
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
|
||||
# statements to be grouped together. Any single successful include
|
||||
# will cause the group to succeed.
|
||||
#
|
||||
# Finally, non-printing characters can be embedded in mappings by
|
||||
# first surrounding the NetBIOS name in quotations, then using the
|
||||
# \0xnn notation to specify a hex value for a non-printing character.
|
||||
#
|
||||
# The following example illustrates all of these extensions:
|
||||
#
|
||||
# 102.54.94.97 rhino #PRE #DOM:networking #net group's DC
|
||||
# 102.54.94.102 "appname \0x14" #special app server
|
||||
# 102.54.94.123 popular #PRE #source server
|
||||
# 102.54.94.117 localsrv #PRE #needed for the include
|
||||
#
|
||||
# #BEGIN_ALTERNATE
|
||||
# #INCLUDE \\localsrv\public\lmhosts
|
||||
# #INCLUDE \\rhino\public\lmhosts
|
||||
# #END_ALTERNATE
|
||||
#
|
||||
# In the above example, the "appname" server contains a special
|
||||
# character in its name, the "popular" and "localsrv" server names are
|
||||
# preloaded, and the "rhino" server name is specified so it can be used
|
||||
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
|
||||
# system is unavailable.
|
||||
#
|
||||
# Note that the whole file is parsed including comments on each lookup,
|
||||
# so keeping the number of comments to a minimum will improve performance.
|
||||
# Therefore it is not advisable to simply add lmhosts file entries onto the
|
||||
# end of this file.
|
||||
</programlisting></para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>HOSTS File</title>
|
||||
|
||||
<para>
|
||||
This file is usually located in MS Windows NT 4.0 or Windows 200x/XP in
|
||||
the directory <filename>C:\WINNT\SYSTEM32\DRIVERS\ETC</filename> and contains
|
||||
the IP Address and the IP hostname in matched pairs. It can be
|
||||
used by the name resolution infrastructure in MS Windows, depending
|
||||
on how the TCP/IP environment is configured. This file is in
|
||||
every way the equivalent of the UNIX/Linux <filename>/etc/hosts</filename> file.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
|
||||
<sect2>
|
||||
<title>DNS Lookup</title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>DNS</primary></indexterm>
|
||||
This capability is configured in the TCP/IP setup area in the network
|
||||
configuration facility. If enabled, an elaborate name resolution sequence
|
||||
is followed, the precise nature of which is dependant on how the NetBIOS
|
||||
Node Type parameter is configured. A Node Type of 0 means that
|
||||
NetBIOS broadcast (over UDP broadcast) is used if the name
|
||||
that is the subject of a name lookup is not found in the NetBIOS name
|
||||
cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to
|
||||
Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the
|
||||
WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast
|
||||
lookup is used.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>WINS Lookup</title>
|
||||
|
||||
|
||||
<para>
|
||||
<indexterm><primary>WINS</primary></indexterm>
|
||||
A WINS (Windows Internet Name Server) service is the equivalent of the
|
||||
rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores
|
||||
the names and IP addresses that are registered by a Windows client
|
||||
if the TCP/IP setup has been given at least one WINS Server IP Address.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To configure Samba to be a WINS server, the following parameter needs
|
||||
to be added to the &smb.conf; file:
|
||||
</para>
|
||||
|
||||
<para><smbconfblock>
|
||||
<smbconfoption><name>wins support</name><value>Yes</value></smbconfoption>
|
||||
</smbconfblock></para>
|
||||
|
||||
<para>
|
||||
To configure Samba to use a WINS server, the following parameters are
|
||||
needed in the &smb.conf; file:
|
||||
</para>
|
||||
|
||||
<para><smbconfblock>
|
||||
<smbconfoption><name>wins support</name><value>No</value></smbconfoption>
|
||||
<smbconfoption><name>wins server</name><value>xxx.xxx.xxx.xxx</value></smbconfoption>
|
||||
</smbconfblock></para>
|
||||
|
||||
<para>
|
||||
where <replaceable>xxx.xxx.xxx.xxx</replaceable> is the IP address
|
||||
of the WINS server.
|
||||
</para>
|
||||
|
||||
<para>For information about setting up Samba as a WINS server, read
|
||||
<link linkend="NetworkBrowsing"/>.</para>
|
||||
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Common Errors</title>
|
||||
|
||||
<para>
|
||||
TCP/IP network configuration problems find every network administrator sooner or later.
|
||||
The cause can be anything from keyboard mishaps, forgetfulness, simple mistakes, and
|
||||
carelessness. Of course, no one is ever deliberately careless!
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Pinging Works Only in One Way</title>
|
||||
|
||||
<para>
|
||||
<quote>I can ping my Samba server from Windows, but I cannot ping my Windows
|
||||
machine from the Samba server.</quote>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<emphasis>Answer:</emphasis> The Windows machine was at IP Address 192.168.1.2 with netmask 255.255.255.0, the
|
||||
Samba server (Linux) was at IP Address 192.168.1.130 with netmask 255.255.255.128.
|
||||
The machines were on a local network with no external connections.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Due to inconsistent netmasks, the Windows machine was on network 192.168.1.0/24, while
|
||||
the Samba server was on network 192.168.1.128/25 &smbmdash; logically a different network.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Very Slow Network Connections</title>
|
||||
|
||||
<para>
|
||||
A common cause of slow network response includes:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>Client is configured to use DNS and the DNS server is down.</para></listitem>
|
||||
<listitem><para>Client is configured to use remote DNS server, but the
|
||||
remote connection is down.</para></listitem>
|
||||
<listitem><para>Client is configured to use a WINS server, but there is no WINS server.</para></listitem>
|
||||
<listitem><para>Client is not configured to use a WINS server, but there is a WINS server.</para></listitem>
|
||||
<listitem><para>Firewall is filtering our DNS or WINS traffic.</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Samba Server Name Change Problem</title>
|
||||
|
||||
<para>
|
||||
<quote>The name of the Samba server was changed, Samba was restarted, Samba server cannot be
|
||||
pinged by new name from MS Windows NT4 Workstation, but it does still respond to ping using
|
||||
the old name. Why?</quote>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
From this description, three things are obvious:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>WINS is not in use, only broadcast-based name resolution is used.</para></listitem>
|
||||
<listitem><para>The Samba server was renamed and restarted within the last 10-15 minutes.</para></listitem>
|
||||
<listitem><para>The old Samba server name is still in the NetBIOS name cache on the MS Windows NT4 Workstation.</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
To find what names are present in the NetBIOS name cache on the MS Windows NT4 machine,
|
||||
open a <command>cmd</command> shell and then:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
&dosprompt;<userinput>nbtstat -n</userinput>
|
||||
|
||||
NetBIOS Local Name Table
|
||||
|
||||
Name Type Status
|
||||
------------------------------------------------
|
||||
&example.workstation.windows; <03> UNIQUE Registered
|
||||
ADMINSTRATOR <03> UNIQUE Registered
|
||||
&example.workstation.windows; <00> UNIQUE Registered
|
||||
SARDON <00> GROUP Registered
|
||||
&example.workstation.windows; <20> UNIQUE Registered
|
||||
&example.workstation.windows; <1F> UNIQUE Registered
|
||||
|
||||
|
||||
&dosprompt;nbtstat -c
|
||||
|
||||
NetBIOS Remote Cache Name Table
|
||||
|
||||
Name Type Host Address Life [sec]
|
||||
--------------------------------------------------------------
|
||||
&example.server.samba; <20> UNIQUE 192.168.1.1 240
|
||||
|
||||
&dosprompt;
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In the above example, &example.server.samba; is the Samba server and &example.workstation.windows; is the MS Windows NT4 Workstation.
|
||||
The first listing shows the contents of the Local Name Table (i.e., Identity information on
|
||||
the MS Windows workstation) and the second shows the NetBIOS name in the NetBIOS name cache.
|
||||
The name cache contains the remote machines known to this workstation.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user