summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--WHATSNEW.txt8
-rw-r--r--docs/docbook/devdoc/dev-doc.xml2
-rw-r--r--docs/docbook/devdoc/registry.xml209
-rw-r--r--docs/htmldocs/using_samba/appa.html362
-rw-r--r--docs/htmldocs/using_samba/appb.html1840
-rw-r--r--docs/htmldocs/using_samba/appc.html4534
-rw-r--r--docs/htmldocs/using_samba/appd.html82
-rw-r--r--docs/htmldocs/using_samba/appe.html826
-rw-r--r--docs/htmldocs/using_samba/appf.html780
-rw-r--r--docs/htmldocs/using_samba/appg.html500
-rw-r--r--docs/htmldocs/using_samba/ch00.html368
-rw-r--r--docs/htmldocs/using_samba/ch01.html3193
-rw-r--r--docs/htmldocs/using_samba/ch02.html1849
-rw-r--r--docs/htmldocs/using_samba/ch03.html2086
-rw-r--r--docs/htmldocs/using_samba/ch04.html2556
-rw-r--r--docs/htmldocs/using_samba/ch05.html1779
-rw-r--r--docs/htmldocs/using_samba/ch06.html2727
-rw-r--r--docs/htmldocs/using_samba/ch07.html2139
-rw-r--r--docs/htmldocs/using_samba/ch08.html3744
-rw-r--r--docs/htmldocs/using_samba/ch09.html3448
-rw-r--r--docs/htmldocs/using_samba/ch10.html1695
-rw-r--r--docs/htmldocs/using_samba/ch11.html2123
-rw-r--r--docs/htmldocs/using_samba/ch12.html3341
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0101.gifbin0 -> 7665 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0102.gifbin0 -> 21795 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0103.gifbin0 -> 10700 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0104.gifbin0 -> 13928 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0105.gifbin0 -> 18031 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0106.gifbin0 -> 17191 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0107.gifbin0 -> 11492 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0108.gifbin0 -> 18629 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0109.gifbin0 -> 18727 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0110.gifbin0 -> 4794 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0111.gifbin0 -> 5251 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0112.gifbin0 -> 7330 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0113.gifbin0 -> 10850 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0114.gifbin0 -> 22017 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0201.gifbin0 -> 8734 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0202.gifbin0 -> 35825 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0203.gifbin0 -> 35921 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0204.gifbin0 -> 73792 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0301.gifbin0 -> 7580 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0302.gifbin0 -> 5703 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0303.gifbin0 -> 14966 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0304.gifbin0 -> 10735 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0305.gifbin0 -> 14728 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0306.gifbin0 -> 18300 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0307.gifbin0 -> 13970 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0308.gifbin0 -> 14879 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0309.gifbin0 -> 15071 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0310.gifbin0 -> 11721 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0311.gifbin0 -> 11759 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0312.gifbin0 -> 17058 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0313.gifbin0 -> 8350 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0314.gifbin0 -> 12776 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0315.gifbin0 -> 15011 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0316.gifbin0 -> 20310 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0317.gifbin0 -> 15084 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0318.gifbin0 -> 17269 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0319.gifbin0 -> 15653 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0320.gifbin0 -> 9507 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0321.gifbin0 -> 10245 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0322.gifbin0 -> 11067 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0323.gifbin0 -> 10528 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0324.gifbin0 -> 13707 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0325.gifbin0 -> 12024 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0326.gifbin0 -> 13686 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0327.gifbin0 -> 16603 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0328.gifbin0 -> 8453 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0329.gifbin0 -> 14858 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0330.gifbin0 -> 17140 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0331.gifbin0 -> 10450 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0332.gifbin0 -> 7011 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0333.gifbin0 -> 3784 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0334.gifbin0 -> 5820 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0335.gifbin0 -> 5928 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0336.gifbin0 -> 16622 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0337.gifbin0 -> 17157 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0338.gifbin0 -> 15670 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0339.gifbin0 -> 12941 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0340.gifbin0 -> 10493 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0341.gifbin0 -> 9531 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0342.gifbin0 -> 16674 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0343.gifbin0 -> 17796 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0344.gifbin0 -> 20926 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0345.gifbin0 -> 19423 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0346.gifbin0 -> 15320 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0347.gifbin0 -> 7563 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0348.gifbin0 -> 7634 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0349.gifbin0 -> 26522 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0350.gifbin0 -> 35358 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0351.gifbin0 -> 29480 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0352.gifbin0 -> 25568 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0353.gifbin0 -> 22024 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0354.gifbin0 -> 18138 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0355.gifbin0 -> 47008 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0356.gifbin0 -> 20807 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0357.gifbin0 -> 33800 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0358.gifbin0 -> 24628 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0359.gifbin0 -> 24233 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0360.gifbin0 -> 13343 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0361.gifbin0 -> 13356 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0401.gifbin0 -> 24274 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0402.gifbin0 -> 11721 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0403.gifbin0 -> 8500 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0404.gifbin0 -> 10769 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0405.gifbin0 -> 14430 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0406.gifbin0 -> 10133 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0407.gifbin0 -> 24997 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0408.gifbin0 -> 11005 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0409.gifbin0 -> 17776 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0410.gifbin0 -> 22502 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0411.gifbin0 -> 28112 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0412.gifbin0 -> 17096 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0413.gifbin0 -> 16881 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0414.gifbin0 -> 7370 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0415.gifbin0 -> 15906 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0416.gifbin0 -> 10504 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0417.gifbin0 -> 18004 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0501.gifbin0 -> 11580 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0502.gifbin0 -> 12753 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0503.gifbin0 -> 11949 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0504.gifbin0 -> 16743 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0505.gifbin0 -> 16510 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0506.gifbin0 -> 32191 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0507.gifbin0 -> 25309 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0508.gifbin0 -> 40920 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0601.gifbin0 -> 6044 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0602.gifbin0 -> 13383 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0603.gifbin0 -> 13631 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0604.gifbin0 -> 8752 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0605.gifbin0 -> 14388 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0701.gifbin0 -> 13517 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0801.gifbin0 -> 35667 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0802.gifbin0 -> 6906 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0803.gifbin0 -> 17604 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0804.gifbin0 -> 17326 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0805.gifbin0 -> 19273 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0806.gifbin0 -> 14242 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0807.gifbin0 -> 15799 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0808.gifbin0 -> 15894 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0809.gifbin0 -> 19323 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0810.gifbin0 -> 20065 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0811.gifbin0 -> 12228 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0901.gifbin0 -> 11925 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0902.gifbin0 -> 6760 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_0903.gifbin0 -> 4640 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_1001.gifbin0 -> 12687 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_1002.gifbin0 -> 15746 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_1003.gifbin0 -> 26173 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_1004.gifbin0 -> 8851 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_1005.gifbin0 -> 11687 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_1006.gifbin0 -> 13955 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_1101.gifbin0 -> 14447 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_1102.gifbin0 -> 5408 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_af01.gifbin0 -> 54745 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_af02.gifbin0 -> 42621 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_af03.gifbin0 -> 32704 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_af04.gifbin0 -> 57137 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_af05.gifbin0 -> 46773 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_af06.gifbin0 -> 53929 bytes
-rw-r--r--docs/htmldocs/using_samba/figs/sam2_af07.gifbin0 -> 50762 bytes
-rw-r--r--docs/htmldocs/using_samba/inx.html1814
-rw-r--r--docs/htmldocs/using_samba/samba2_s.gifbin0 -> 9733 bytes
-rw-r--r--docs/htmldocs/using_samba/samba2_xs.gifbin0 -> 4172 bytes
-rw-r--r--docs/htmldocs/using_samba/toc.html138
-rwxr-xr-xexamples/printing/smbprint.old95
-rw-r--r--make-tarball.sh43
-rw-r--r--packaging/RedHat/samba.spec.tmpl18
-rw-r--r--source/Makefile.in13
-rw-r--r--source/VERSION6
-rw-r--r--source/aclocal.m42
-rw-r--r--source/auth/auth_sam.c87
-rw-r--r--source/auth/auth_util.c17
-rw-r--r--source/auth/auth_winbind.c16
-rw-r--r--source/configure.in25
-rw-r--r--source/include/genparser.h78
-rw-r--r--source/include/genparser_samba.h58
-rw-r--r--source/include/gums.h240
-rw-r--r--source/include/intl.h1
-rw-r--r--source/include/passdb.h8
-rw-r--r--source/include/privileges.h2
-rw-r--r--source/include/rpc_client_proto.h231
-rw-r--r--source/include/rpc_dce.h11
-rw-r--r--source/include/rpc_lsa.h8
-rw-r--r--source/include/rpc_misc.h142
-rw-r--r--source/include/rpc_samr.h8
-rw-r--r--source/include/smbldap.h2
-rw-r--r--source/include/talloc.h21
-rw-r--r--source/include/tdbsam2.h95
-rw-r--r--source/intl/lang_tdb.c35
-rw-r--r--source/lib/afs.c2
-rw-r--r--source/lib/domain_namemap.c1317
-rw-r--r--source/lib/genparser.c786
-rw-r--r--source/lib/genparser_samba.c200
-rw-r--r--source/lib/getsmbpass.c148
-rw-r--r--source/lib/iconv.c2
-rw-r--r--source/lib/module.c9
-rw-r--r--source/lib/sysquotas.c100
-rw-r--r--source/lib/system.c8
-rw-r--r--source/lib/system_smbd.c2
-rw-r--r--source/lib/talloc.c21
-rw-r--r--source/lib/util_seaccess.c131
-rw-r--r--source/lib/util_sid.c2
-rw-r--r--source/lib/util_unistr.c12
-rw-r--r--source/libads/ldap.c3
-rw-r--r--source/libads/ldap_utils.c7
-rw-r--r--source/libsmb/errormap.c2
-rw-r--r--source/locking/brlock.c9
-rw-r--r--source/locking/locking.c43
-rw-r--r--source/modules/developer.c132
-rw-r--r--source/modules/vfs_recycle.c2
-rw-r--r--source/nmbd/nmbd_winsserver.c10
-rw-r--r--source/nsswitch/winbindd_ads.c15
-rw-r--r--source/nsswitch/winbindd_pam.c40
-rw-r--r--source/nsswitch/winbindd_passdb.c360
-rw-r--r--source/param/loadparm.c37
-rw-r--r--source/passdb/passdb.c22
-rw-r--r--source/passdb/pdb_get_set.c34
-rw-r--r--source/passdb/pdb_ldap.c22
-rw-r--r--source/passdb/pdb_mysql.c58
-rw-r--r--source/passdb/pdb_smbpasswd.c4
-rw-r--r--source/passdb/pdb_xml.c12
-rw-r--r--source/po/de.msg1746
-rw-r--r--source/po/en.msg1692
-rw-r--r--source/po/fr.msg1724
-rw-r--r--source/po/it.msg1730
-rw-r--r--source/po/ja.msg1946
-rw-r--r--source/po/pl.msg1750
-rw-r--r--source/po/tr.msg1717
-rw-r--r--source/printing/nt_printing.c6
-rw-r--r--source/python/py_ntsec.c2
-rw-r--r--source/python/py_spoolss_forms.c2
-rw-r--r--source/python/py_spoolss_forms_conv.c2
-rw-r--r--source/registry/reg_printing.c41
-rw-r--r--source/rpc_client/cli_lsarpc.c6
-rw-r--r--source/rpc_client/cli_pipe.c29
-rw-r--r--source/rpc_client/cli_srvsvc.c16
-rw-r--r--source/rpc_parse/parse_dfs.c20
-rw-r--r--source/rpc_parse/parse_ds.c6
-rw-r--r--source/rpc_parse/parse_lsa.c84
-rw-r--r--source/rpc_parse/parse_misc.c98
-rw-r--r--source/rpc_parse/parse_net.c108
-rw-r--r--source/rpc_parse/parse_prs.c147
-rw-r--r--source/rpc_parse/parse_reg.c64
-rw-r--r--source/rpc_parse/parse_rpc.c59
-rw-r--r--source/rpc_parse/parse_samr.c454
-rw-r--r--source/rpc_parse/parse_sec.c725
-rw-r--r--source/rpc_parse/parse_spoolss.c79
-rw-r--r--source/rpc_parse/parse_srv.c74
-rw-r--r--source/rpc_server/srv_dfs_nt.c12
-rw-r--r--source/rpc_server/srv_lsa.c2
-rw-r--r--source/rpc_server/srv_lsa_ds_nt.c6
-rw-r--r--source/rpc_server/srv_lsa_nt.c143
-rw-r--r--source/rpc_server/srv_pipe.c30
-rw-r--r--source/rpc_server/srv_samr_nt.c31
-rw-r--r--source/rpc_server/srv_samr_util.c26
-rw-r--r--source/rpc_server/srv_spoolss_nt.c16
-rw-r--r--source/rpc_server/srv_srvsvc_nt.c2
-rw-r--r--source/rpcclient/cmd_samr.c3
-rw-r--r--source/rpcclient/cmd_spoolss.c4
-rw-r--r--source/rpcclient/rpcclient.c50
-rw-r--r--source/sam/account.c305
-rw-r--r--source/sam/group.c193
-rw-r--r--source/sam/gumm_tdb.c1196
-rw-r--r--source/sam/gums.c161
-rw-r--r--source/sam/gums_api.c1470
-rw-r--r--source/sam/gums_helper.c610
-rw-r--r--source/sam/interface.c1338
-rwxr-xr-xsource/script/genstruct.pl299
-rwxr-xr-xsource/script/installbin.sh15
-rwxr-xr-xsource/script/installdat.sh2
-rwxr-xr-xsource/script/installdirs.sh8
-rwxr-xr-xsource/script/installman.sh2
-rwxr-xr-xsource/script/installmodules.sh4
-rw-r--r--source/script/installmsg.sh2
-rwxr-xr-xsource/script/installscripts.sh2
-rwxr-xr-xsource/script/installswat.sh2
-rw-r--r--source/script/mkproto.awk2
-rwxr-xr-xsource/script/uninstallbin.sh8
-rwxr-xr-xsource/script/uninstallman.sh2
-rwxr-xr-xsource/script/uninstallmodules.sh4
-rwxr-xr-xsource/script/uninstallscripts.sh2
-rw-r--r--source/smbd/blocking.c14
-rw-r--r--source/smbd/error.c5
-rw-r--r--source/smbd/notify_hash.c6
-rw-r--r--source/smbd/nttrans.c48
-rw-r--r--source/smbd/password.c10
-rw-r--r--source/smbd/reply.c219
-rw-r--r--source/smbd/service.c25
-rw-r--r--source/smbd/trans2.c32
-rw-r--r--source/tdb/tdbback.c14
-rw-r--r--source/tdb/tdbbackup.c12
-rw-r--r--source/utils/net_ads_cldap.c20
-rw-r--r--source/utils/net_rpc_samsync.c3
-rw-r--r--source/utils/profiles.c8
-rw-r--r--source/utils/smbcacls.c6
-rw-r--r--source/utils/testparm.c12
-rw-r--r--source/web/statuspage.c22
-rw-r--r--source/web/swat.c142
-rw-r--r--swat/help/welcome.html3
-rw-r--r--swat/lang/ja/help/welcome.html2
-rw-r--r--swat/lang/ja/images/globals.gifbin0 -> 1613 bytes
-rw-r--r--swat/lang/ja/images/home.gifbin0 -> 1881 bytes
-rw-r--r--swat/lang/ja/images/passwd.gifbin0 -> 1427 bytes
-rw-r--r--swat/lang/ja/images/printers.gifbin0 -> 1987 bytes
-rw-r--r--swat/lang/ja/images/samba.gifbin0 -> 3877 bytes
-rw-r--r--swat/lang/ja/images/shares.gifbin0 -> 1590 bytes
-rw-r--r--swat/lang/ja/images/status.gifbin0 -> 2582 bytes
-rw-r--r--swat/lang/ja/images/viewconfig.gifbin0 -> 1485 bytes
310 files changed, 54484 insertions, 13355 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 69036fae3c6..9b9ff24ad63 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -87,9 +87,9 @@ Changes since 3.0rc4
Please refer to the CVS log for the SAMBA_3_0 branch for complete
details:
-1) Fix bug that prevented restoring filenames of length
- >100 characters.
-2) Fix bug that prevented fast path code in strchr_m
+1) Fix bug that prevented filenames of length >100 characters
+ from being restored using smbclient's tar functionality.
+2) Fix bug that prevented fast path code in strchr_m()
from being used.
3) Make sure we store the desired access flag on incoming
SAMR rpc calls.
@@ -105,7 +105,7 @@ details:
if one of the SIDs could not be resolved (bug 470).
10) Remove -P option from smbclient printing scripts since it
has a different meaning in Samba 3.0 (bug 473).
-11) Sync smbldap-tools with latest version
+11) Sync smbldap-tools with latest version from idealx cvs tree.
12) Cleanup some warnings produced by the Sun C compiler.
13) Several fixes for SWAT relating to international character
sets.
diff --git a/docs/docbook/devdoc/dev-doc.xml b/docs/docbook/devdoc/dev-doc.xml
index e112a0f9e1e..7000d09c988 100644
--- a/docs/docbook/devdoc/dev-doc.xml
+++ b/docs/docbook/devdoc/dev-doc.xml
@@ -20,7 +20,6 @@
<!ENTITY contributing SYSTEM "contributing.xml">
<!ENTITY vfs SYSTEM "vfs.xml">
<!ENTITY windows-deb SYSTEM "windows-debug.xml">
-<!ENTITY registry SYSTEM "registry.xml">
]>
<book id="Samba-Developers-Guide">
@@ -83,7 +82,6 @@ url="http://www.fsf.org/licenses/gpl.txt">http://www.fsf.org/licenses/gpl.txt</u
&rpc-plugin;
&vfs;
&packagers;
-&registry;
&contributing;
</book>
diff --git a/docs/docbook/devdoc/registry.xml b/docs/docbook/devdoc/registry.xml
deleted file mode 100644
index b331ebce7f9..00000000000
--- a/docs/docbook/devdoc/registry.xml
+++ /dev/null
@@ -1,209 +0,0 @@
-<chapter id="registry">
- <chapterinfo>
- &author.jelmer;
- <pubdate>24 September 2003</pubdate>
- </chapterinfo>
-
- <title>The registry subsystem</title>
-
- <sect1><title>Planned backends</title>
-
-<para>
- The new registry subsystem will work with several different backends:
-</para>
-
-<itemizedlist>
- <listitem><para>NT4 (NT4 registry files)</para></listitem>
- <listitem><para>TDB (Samba TDB files)</para></listitem>
- <listitem><para>RPC (Remote Registry over RPC, reg pipe)</para></listitem>
- <listitem><para>wine (Wine Registry Files)</para></listitem>
- <listitem><para>gconf (The GNOME configuration backend)</para></listitem>
-</itemizedlist>
-
-</sect1>
-
-<sect1><title>Data structures</title>
-
-<para>
-The following structure describes a registry key:
-</para>
-
-<programlisting>
-typedef struct reg_key_s {
- char *name; /* Name of the key */
- smb_ucs2_t *class_name; /* Name of key class */
- int type; /* One of REG_ROOT_KEY or REG_SUB_KEY */
- NTTIME last_mod; /* Time last modified */
- struct reg_key_s *owner;
- struct key_list_s *sub_keys; /* NULL indicates keys not available in memory, function should be called */
- struct val_list_s *values; /* NULL indicates values not available in memory, function should be called */
- SEC_DESC *security;
- REG_HANDLE *handle; /* Pointer to REG_HANDLE this key belongs to */
- void *backend_data; /* Pointer used by the backend */
-} REG_KEY;
-</programlisting>
-
-<para>The following structure describes a registry value:</para>
-
-<programlisting>
-typedef struct val_key_s {
- char *name; /* NULL if name not available */
- int data_type;
- int data_len;
- void *data_blk; /* Might want a separate block */
- REG_HANDLE *handle; /* Pointer to REG_HANDLE this key belongs to */
- void *backend_data;
-} REG_VAL;
-</programlisting>
-
-<para>The following structures are used for lists of subkeys or values:</para>
-
-<programlisting>
-/* container for registry subkey names */
-typedef struct key_list_s {
- TALLOC_CTX *ctx;
- uint32 num_subkeys;
- REG_KEY **subkeys;
-} REG_KEY_LIST;
-
-/* container for registry values */
-typedef struct val_list_s {
- TALLOC_CTX *ctx;
- uint32 num_vals;
- REG_VAL **vals;
-} REG_VAL_LIST;
-</programlisting>
-
-<para>
-And this structure is used for an instance of a registry (a registry file that's opened, a remote registry pipe we're connected to, etc).
-</para>
-
-<programlisting>
-typedef struct reg_handle_s {
- REGISTRY_OPS *functions;
- REG_KEY *root; /* NULL if not available */
- void *backend_data;
-} REG_HANDLE;
-</programlisting>
-
-</sect1>
-
-<sect1>
- <title>External interface</title>
-
-<programlisting>
-REG_HANDLE *reg_open(char *backend, char *location, BOOL try_full_load);
-REG_KEY *reg_open_key(REG_KEY *parent, char *name);
-REG_VAL *reg_key_get_val(REG_KEY *key, char *name);
-REG_VAL_LIST *reg_key_get_vals(REG_KEY *key);
-REG_KEY_LIST *reg_key_get_subkeys(REG_KEY *key);
-BOOL reg_key_del(REG_KEY *key);
-BOOL reg_val_del(REG_VAL *val);
-BOOL reg_key_add(REG_KEY *parent, REG_KEY *key);
-BOOL reg_val_add(REG_KEY *parent, REG_VAL *val):
-BOOL reg_val_update(REG_VAL *val);
-BOOL reg_key_update(REG_KEY *key);
-void reg_free_key(REG_KEY *key);
-void reg_free_val(REG_VAL *val);
-void reg_free(REG_HANDLE *h);
-void reg_free_key_list(REG_KEY_LIST *list):
-void reg_free_val_list(REG_VAL_LIST *list):
-</programlisting>
-
-</sect1>
-
-<sect1>
- <title>Utility functions</title>
-
- <para>The following helper functions are available:</para>
-
- <programlisting>
-void reg_key_list_init( REG_KEY_LIST *ctr );
-int reg_key_list_addkey( REG_KEY_LIST *ctr, const char *keyname );
-int reg_key_list_numkeys( REG_KEY_LIST *ctr );
-char* reg_key_list_specific_key( REG_KEY_LIST *ctr, uint32 key_index );
-void reg_key_list_destroy( REG_KEY_LIST *ctr );
-void reg_val_list_init( REG_VAL_LIST *ctr );
-int reg_val_list_numvals( REG_VAL_LIST *ctr );
-void free_registry_value( REG_VAL *val );
-uint8* regval_data_p( REG_VAL *val );
-int regval_size( REG_VAL *val );
-char* regval_name( REG_VAL *val );
-uint32 regval_type( REG_VAL *val );
-TALLOC_CTX* reg_val_list_getctx( REG_VAL_LIST *val );
-int reg_val_list_addvalue( REG_VAL_LIST *ctr, const char *name, uint16 type,
- const char *data_p, size_t size );
-int reg_val_list_copyvalue( REG_VAL_LIST *ctr, REG_VAL *val );
-int reg_val_list_delvalue( REG_VAL_LIST *ctr, const char *name );
-void reg_val_list_destroy( REG_VAL_LIST *ctr );
-</programlisting>
-
-</sect1>
-
-<sect1>
- <title>Writing backends</title>
-
-<para>There are basically two ways of reading data from the registry: loading
-it all into memory and then working in this copy in memory, or
-re-reading/re-opening it every time necessary.</para>
-
-<para>This interface aims to support both types. </para>
-
-<para>A registry backend should provide the following functions:</para>
-
-<programlisting>
-typedef struct {
- REG_HANDLE *(*open_registry) (const char *location, BOOL try_complete_load);
- REG_KEY *(*open_root_key) (REG_HANDLE *);
- REG_KEY *(*open_key_rel) (REG_KEY *parent, const char *name);
- /* if open_key_abs is set to NULL, a default implementation will be provided. */
- REG_KEY *(*open_key_abs) (REG_HANDLE *, const char *name);
- REG_KEY_LIST *(*get_subkeys) (REG_KEY *);
- REG_VAL_LIST *(*get_values) (REG_KEY *);
- BOOL (*add_key)(REG_KEY *, REG_KEY *);
- BOOL (*update_key)(REG_KEY *);
- BOOL (*del_key)(REG_KEY *);
- BOOL (*add_value)(REG_KEY *, REG_VAL *);
- BOOL (*update_value)(REG_VAL *);
- BOOL (*del_value)(REG_VAL *);
- REG_VAL *(*get_value) (REG_KEY *, const char *name);
- /* It is not guaranteed that no data has been stored before save()
- * has been called. This function is only useful for backends that
- * store the data in memory and then write out the whole registry at once */
- BOOL (*save)(REG_HANDLE *, const char *location);
- BOOL (*close_registry) (REG_HANDLE *);
- void (*free_key)(REG_KEY *);
- void (*free_value)(REG_VAL *);
-} REGISTRY_OPS;
-</programlisting>
-
-<para>open_root_key() is optional. It's only called if the
- <parameter>root</parameter> field of the REG_HANDLE struct is NULL.</para>
-
-<para>open_key_abs() is optional. If it's NULL, the frontend will
- provide a replacement, using open_key_rel().</para>
-
-<para>get_values() and get_value() are optional. They're only called if
-the <parameter>values</parameter> field of the REG_KEY struct is NULL.</para>
-
-<para>get_subkeys() and get_key() are optional. THey're only called
- if the <parameter>subkeys</parameter> field of the REG_KEY struct is NULL.</para>
-
-</sect1>
-
-<sect1><title>Memory allocation</title>
-
-<para>Okay, so who's responsible for what parts of the memory? </para>
-
-<para>The memory is basically maintained by the backends. When the user
-is finished using a particular structure, it should call the related free
-function for the structure it's freeing.</para>
-
-<para>The backend should then decide what to do with the structure. It may
-choose to free it, or, if it's maintaining single copies of everything in
-memory, may choose to ignore the free and free it when the registry is closed.
-</para>
-
-</sect1>
-
-</chapter>
diff --git a/docs/htmldocs/using_samba/appa.html b/docs/htmldocs/using_samba/appa.html
new file mode 100644
index 00000000000..9f3dc4b56f3
--- /dev/null
+++ b/docs/htmldocs/using_samba/appa.html
@@ -0,0 +1,362 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+<h1 class="head0">Appendix A. Example Configuration Files</h1>
+
+
+<p>Earlier in this book, we provided information on how to set
+parameters inside the Samba configuration file, but rarely have we
+shown an example of a complete file that can actually be used to run
+a server. In this appendix, we provide examples of complete
+configuration files for running Samba in the various modes
+we've discussed. Using one of these examples, you
+can run Samba as a workgroup authentication server, workgroup server,
+primary domain controller, or domain member server.</p>
+
+<p>We have kept the examples simple so that they have the most universal
+application. They can be used as starting templates, which you can
+easily modify to fit your own needs, to get a Samba server up and
+running with minimal delay. The comments inside the files indicate
+what needs to be changed, and how, to work on a particular system on
+your network.</p>
+
+
+
+<div class="sect1"><a name="samba2-APP-A-SECT-1"/>
+
+<h2 class="head1">Samba in a Workgroup</h2>
+
+<p>If your network is configured as a workgroup, adding a Samba server
+is pretty simple. Samba even lets you add features, such as
+user-level security and WINS, that would normally require an
+expensive Windows NT/2000 Server.</p>
+
+
+<div class="sect2"><a name="samba2-APP-A-SECT-1.1"/>
+
+<h3 class="head2">Authentication and WINS Server</h3>
+
+<p>In a workgroup environment, Samba can be set up with share-level
+security and without offering WINS name service. This works and is
+simple, but we generally recommend that user-level security be
+enabled to allow Windows 95/98/Me systems to make use of it. Also, it
+only takes a single parameter to enable Samba as a WINS server,
+resulting in far better network efficiency.
+<a name="INDEX-1"/><a name="INDEX-2"/><a name="INDEX-3"/>Here is the configuration file
+that does it:</p>
+
+<blockquote><pre class="code">[global]
+ # replace &quot;toltec&quot; with your system's hostname
+
+ netbios name = toltec
+
+ # replace &quot;METRAN&quot; with the name of your workgroup
+
+ workgroup = METRAN
+
+ security = user
+ encrypt passwords = yes
+
+ # Run a WINS server
+
+ wins support = yes
+
+ # The following three lines ensure that the Samba
+ # server will maintain the role of master browser.
+ # Make sure no other Samba server has its OS level
+ # set higher than it is here.
+
+ local master = yes
+ preferred master = yes
+ os level = 65
+
+# Make home directories on the server available to users.
+
+[homes]
+ comment = %u's Home Directory
+ browsable = no
+ read only = no
+ map archive = yes
+
+# This is a shared directory, accessible by all
+# users. Use your own share name and path.
+
+[d]
+ path = /d
+ create mask = 0700
+ read only = no</pre></blockquote>
+
+<p>Generally, you will use a configuration file similar to this one when
+<a name="INDEX-4"/><a name="INDEX-5"/>adding your first Samba server to the
+workgroup.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-A-SECT-1.2"/>
+
+<h3 class="head2">Workgroup Server</h3>
+
+<p><a name="INDEX-6"/><a name="INDEX-7"/>Things are a
+little different if another system&mdash;either a Samba server or
+Windows NT/2000 server&mdash;is already handling WINS and/or
+authentication. In this case, Samba is configured to use that server
+for WINS. Here is a configuration file that does this:</p>
+
+<blockquote><pre class="code">[global]
+ # replace &quot;mixtec&quot; with your system's hostname
+
+ netbios name = mixtec
+
+ # replace &quot;METRAN&quot; with your workgroup name
+
+ workgroup = METRAN
+
+ security = user
+ encrypt passwords = yes
+
+ # Replace &quot;172.16.1.1&quot; with the IP address
+ # of your WINS server. If there is none,
+ # omit this line.
+
+ wins server = 172.16.1.1
+
+ # The OS level is set to 17 to allow
+ # this system to win over all Windows
+ # versions, but not the Samba server
+ # that uses the configuration file
+ # in the previous section.
+
+ os level = 17
+
+[homes]
+ comment = %u's Home Directory
+ browsable = no
+ read only = no
+
+# This is a shared directory, accessible by all
+# users. Use your own share name and path.
+
+[d]
+ path = /d
+ create mask = 0700
+ read only = no</pre></blockquote>
+
+<p>Once you have a server in your workgroup handling authentication and
+WINS, this is the configuration file to use when adding additional
+Samba servers to the workgroup.</p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-APP-A-SECT-2"/>
+
+<h2 class="head1">Samba in a Windows NT Domain</h2>
+
+<p>When operating in a Windows NT domain, Samba can act either as a
+primary domain controller or as a domain member server.</p>
+
+
+<div class="sect2"><a name="samba2-APP-A-SECT-2.1"/>
+
+<h3 class="head2">Primary Domain Controller</h3>
+
+<p><a name="INDEX-8"/><a name="INDEX-9"/>Setting up Samba as a primary domain
+controller is more complicated than the other configurations.
+However, the extra difficulty is offset by having a more secure
+network and additional features such as logon scripts and roaming
+profiles. In the following configuration file, we also include
+support for a Microsoft Dfs share:</p>
+
+<blockquote><pre class="code">[global]
+ # Replace &quot;toltec&quot; with the hostname of your system.
+
+ netbios name = toltec
+
+ # Replace &quot;METRAN&quot; with the name of your Windows NT domain.
+
+ workgroup = METRAN
+
+ # Run a WINS server
+
+ wins support = yes
+
+ # Always act as the local master browser
+ # and domain master browser. Do not allow
+ # any other system to take over these roles!
+
+ domain master = yes
+ local master = yes
+ preferred master = yes
+ os level = 255
+
+ # Perform domain authentication.
+
+ security = user
+ encrypt passwords = yes
+ domain logons = yes
+
+ # The location of user profiles for Windows NT/2000/XP.
+
+ logon path = \\%L\profiles\%u\%m
+
+ # Users' Windows home directories and storage of Win95/98/Me roaming profiles.
+
+ logon drive = G:
+ logon home = \\toltec\%u\.win_profile\%m
+
+ # The following line is optional because
+ # Samba always offers NetBIOS time service.
+ # This causes it to also be advertised:
+
+ time server = yes
+
+ # The logon script used for all users,
+ # Relative to [netlogon] share directory.
+
+ logon script = logon.bat
+
+ # The group identifying administrative users.
+ # If you have domain users in the Domain Admins
+ # group, use them here instead of &quot;jay&quot;.
+
+ domain admin group = root jay
+
+ # For adding machine accounts automatically.
+ # This example works on Linux. For other host
+ # operating systems, you might need a different
+ # command.
+
+ add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
+
+ # Provide Microsoft Dfs support.
+
+ host msdfs = yes
+
+# The netlogon share is required for
+# functioning as the primary domain controller.
+# Make sure the directory used for the path exists.
+
+[netlogon]
+ path = /usr/local/samba/lib/netlogon
+ writable = no
+ browsable = no
+
+# The profiles share is for storing
+# Windows NT/2000/XP roaming profiles.
+# Use your own path, and make sure
+# the directory exists.
+
+[profiles]
+ path = /home/samba-ntprof
+ writable = yes
+ create mask = 0600
+ directory mask = 0700
+ browsable = no
+
+[homes]
+ comment = Home Directory
+ browsable = no
+ read only = no
+ map archive = yes
+
+# The Dfs share.
+# Use your own path, making
+# sure the directory exists.
+
+[dfs]
+ comment = Dfs share
+ path = /usr/local/samba/dfs
+ msdfs root = yes
+
+# A shared directory, accessible by all domain users.
+# Use your own share name and path.
+
+[d]
+ comment = %u's Home Directory
+ path = /d
+ create mask = 0700
+ read only = no</pre></blockquote>
+
+<p>See <a href="ch04.html">Chapter 4</a> for more information on configuring
+Samba as a primary domain controller, and see <a href="ch08.html">Chapter 8</a> for more information about setting up a
+Microsoft Dfs share. <a name="INDEX-10"/><a name="INDEX-11"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-A-SECT-2.2"/>
+
+<h3 class="head2">Domain Member Server</h3>
+
+<p><a name="INDEX-12"/><a name="INDEX-13"/>In a domain that
+already has either a Samba PDC or Windows NT/2000 Server PDC,
+additional Samba servers can be added as domain member servers using
+the following configuration file:</p>
+
+<blockquote><pre class="code">[global]
+ # Replace &quot;mixtec&quot; with the system's hostname.
+
+ netbios name = mixtec
+
+ # Replace &quot;METRAN&quot; with the name of your domain.
+
+ workgroup = METRAN
+
+ # Replace &quot;172.16.1.1&quot; with the
+ # IP address of your WINS server.
+
+ wins server = 172.16.1.1
+
+ os level = 33
+
+ security = domain
+ encrypt passwords = yes
+ password server = *
+
+# Home directories.
+
+[homes]
+ comment = %u's Home Directory
+ browsable = no
+ read only = no
+ map archive = yes
+
+# This is an example printers
+# share, which works for Linux.
+
+[printers]
+ printable = yes
+ printing = BSD
+ print command = /usr/bin/lpr -P%p %s
+ path = /var/tmp
+ min print space = 2000
+
+# A shared directory, accessible by all domain users.
+# Use your own share name and path.
+
+[d]
+ path = /d
+ create mask = 0755
+ read only = no</pre></blockquote>
+
+<p>See <a href="ch10.html">Chapter 10</a> for more information on sharing
+printers with Samba.</p>
+
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+</body></html>
diff --git a/docs/htmldocs/using_samba/appb.html b/docs/htmldocs/using_samba/appb.html
new file mode 100644
index 00000000000..9cb6d957a8e
--- /dev/null
+++ b/docs/htmldocs/using_samba/appb.html
@@ -0,0 +1,1840 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Appendix B. Samba Configuration Option Quick Reference</h1>
+
+
+<p>The first section of this appendix lists each option that can be used
+in a Samba configuration file, which is usually named
+<em class="filename">smb.conf</em>. Most configuration files contain a
+global section of options that apply to all services (shares) and a
+separate section for various individual shares. If an option applies
+only to the global section, <tt class="literal">[global]</tt> appears to
+the right of its name in the following reference section.</p>
+
+<p>Except where noted, when specifying elements of a list, the elements
+can be separated by spaces, tabs, commas, semicolons, escaped
+newlines, or escaped carriage returns.</p>
+
+<p>Following this reference section is a glossary of value types, and a
+list of variables Samba recognizes.</p>
+
+
+
+<div class="sect1"><a name="samba2-APP-B-SECT-1"/>
+
+<h2 class="head1">Configuration File Options</h2>
+
+</div>
+
+
+<a name="INDEX-1"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>abort shutdown script = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that stops the shutdown procedure started by
+<tt class="literal">shutdown script</tt>. The command will be run with the
+UID of the connected user. New in Samba 3.0.</p></div>
+<a name="INDEX-2"/><a name="INDEX-3"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>add printer command = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that creates a new
+<a name="INDEX-3"/>printer on the system hosting the Samba
+server. This command runs as <tt class="literal">root</tt> when the Windows
+NT/2000/XP Add Printer Wizard is run. The command will be passed a
+printer name, share name, port name, driver name, Windows NT/2000/XP
+driver location, and Windows 95/98/Me driver location, in that order.
+It will need to add the printer to the system and a share definition
+for the printer to <em class="filename">smb.conf.</em> See also
+<tt class="literal">add printer wizard</tt>, <tt class="literal">printing</tt>,
+and <tt class="literal">show add printer wizard</tt>.</p></div>
+<a name="INDEX-4"/><a name="INDEX-5"/><a name="INDEX-6"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>add machine script = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that adds a computer to the Samba
+server's <a name="INDEX-5"/><a name="INDEX-6"/>domain. New in Samba 3.0.</p></div>
+<a name="INDEX-7"/><a name="INDEX-8"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>add share command = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that creates a new
+<a name="INDEX-8"/>share on the Samba server. This command
+runs as <tt class="literal">root</tt> when a share is created using the
+Windows NT/2000/XP Server Manager. The client user must be logged on
+as the <tt class="literal">root</tt> user. The command will be passed the
+name of the Samba configuration file, the name of the share to be
+created, the full pathname of a directory on the Samba server (which
+must already exist), and a string to use as a comment for the share,
+in that order. The command must add a share definition for the share
+to <em class="filename">smb.conf.</em> See also <tt class="literal">add printer
+command</tt>, for adding a print share.</p></div>
+<a name="INDEX-9"/><a name="INDEX-10"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>add user script = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that creates a new
+<a name="INDEX-10"/>user on the system hosting the Samba
+server. This command runs as <tt class="literal">root</tt> when access to a
+Samba share is attempted by a Windows user who does not have an
+account on the hosting system, but does have an account maintained by
+a primary domain controller on a different system. The command should
+accept the name of the user as a single argument that matches the
+behavior of typical <em class="emphasis">adduser</em> commands. Samba
+honors the <tt class="literal">%u</tt> value (username) as the argument to
+the command. Requires <tt class="literal">security</tt>
+<tt class="literal">=</tt> <tt class="literal">server</tt> or
+<tt class="literal">security</tt> <tt class="literal">=</tt>
+<tt class="literal">domain</tt>. See also <tt class="literal">delete user</tt>
+<tt class="literal">script</tt>.</p></div>
+<a name="INDEX-11"/><a name="INDEX-12"/><a name="INDEX-13"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>admin users = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p><a name="INDEX-12"/>Specifies users who will be granted
+<a name="INDEX-13"/><tt class="literal">root</tt>
+permissions on the share by Samba.</p></div>
+<a name="INDEX-14"/><a name="INDEX-15"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ads server = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: DNS hostname or IP address</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Specifies the <a name="INDEX-15"/>Active Directory server, used by
+Samba 3.0 for authenticating clients. Requires
+<tt class="literal">security</tt> <tt class="literal">= ads</tt>. New in Samba
+3.0.</p></div>
+<a name="INDEX-16"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>algorithmic rid base = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive integer</p><p><b class="emphasis-bold">Default</b>: 1000</p><p>Specifies the base value that Samba uses when calculating Windows
+domain security identifier equivalents to Unix UIDs. See also
+<tt class="literal">non unix account range</tt>. New in Samba 3.0.</p></div>
+<a name="INDEX-17"/><a name="INDEX-18"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>allow hosts = host list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies systems that can connect to the share or
+<a name="INDEX-18"/>shares. If NULL, any
+system can access the share unless there is a <tt class="literal">hosts
+deny</tt> option. Synonym for <tt class="literal">hosts</tt>
+<tt class="literal">allow</tt>.</p></div>
+<a name="INDEX-19"/><a name="INDEX-20"/><a name="INDEX-21"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>allow trusted domains = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows access to users who lack accounts on the Samba server but have
+accounts in another, trusted <a name="INDEX-20"/><a name="INDEX-21"/>domain.
+Requires <tt class="literal">security</tt> <tt class="literal">= server</tt> or
+<tt class="literal">security</tt> <tt class="literal">=</tt>
+<tt class="literal">domain</tt>.</p></div>
+<a name="INDEX-22"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>announce as = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NT, Win95, Wf W</p><p><b class="emphasis-bold">Default</b>: NT</p><p>Has Samba announce itself as something other than an NT server.
+Discouraged because it interferes with serving browse lists.</p></div>
+<a name="INDEX-23"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>announce version = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: two numbers separated by a dot character</p><p><b class="emphasis-bold">Default</b>: 4.5</p><p>Instructs Samba to announce itself as a different version SMB server.
+Discouraged.</p></div>
+<a name="INDEX-24"/><a name="INDEX-25"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>auth methods = list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: guest, sam, ntdomain</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Specifies what methods Samba tries in turn to
+<a name="INDEX-25"/>authenticate users. New in Samba
+3.0.</p></div>
+<a name="INDEX-26"/><a name="INDEX-27"/><a name="INDEX-28"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>auto services = service list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: service list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of <a name="INDEX-27"/><a name="INDEX-28"/>shares that always appear in
+browse lists. Also called <tt class="literal">preload</tt>.</p></div>
+<a name="INDEX-29"/><a name="INDEX-30"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>available = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to NO, denies access to a share. The
+<a name="INDEX-30"/>share appears in the browse list, but
+attempts to access it will fail.</p></div>
+<a name="INDEX-31"/><a name="INDEX-32"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>bind interfaces only = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, shares and browsing are provided only on interfaces in
+an <a name="INDEX-32"/>interfaces list (see
+<tt class="literal">interfaces</tt>). If you set this option to YES, be
+sure to add 127.0.0.1 to the interfaces list to allow
+<em class="emphasis">smbpasswd</em> to connect to the local system to
+change passwords. This is a convenience option; it does not improve
+security.</p></div>
+<a name="INDEX-33"/><a name="INDEX-34"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>block size = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer</p><p><b class="emphasis-bold">Default</b>: 1024</p><p>Sets the size of disk blocks as reported by <em class="emphasis">smbd</em>
+to the client. <a name="INDEX-34"/>Obsolete
+starting with Samba 3.0.</p></div>
+<a name="INDEX-35"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>blocking locks = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, honors byte range lock requests with time limits. Samba will
+queue the requests and retry them until the time period expires.</p></div>
+<a name="INDEX-36"/><a name="INDEX-37"/><a name="INDEX-38"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>browsable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p><a name="INDEX-37"/><a name="INDEX-38"/>Allows a share to be announced
+in browse lists. Also called <tt class="literal">browseable</tt>.</p></div>
+<a name="INDEX-39"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>browse list = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, serves the browse list to other systems on the network. Avoid
+changing.</p></div>
+<a name="INDEX-40"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>browseable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Synonym for <tt class="literal">browsable</tt>.</p></div>
+<a name="INDEX-41"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>case sensitive = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, uses the exact case the client supplied when trying to
+resolve a filename. If NO, matches either upper- or lowercase name.
+Avoid changing. Also called <tt class="literal">casesignames</tt>.</p></div>
+<a name="INDEX-42"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>casesignames = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Synonym for <tt class="literal">case</tt> <tt class="literal">sensitive</tt>.</p></div>
+<a name="INDEX-43"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>change notify timeout = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive number</p><p><b class="emphasis-bold">Default</b>: 60</p><p>Sets the number of seconds between checks when a client asks for
+notification of changes in a directory. Avoid lowering.</p></div>
+<a name="INDEX-44"/><a name="INDEX-45"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>change share command = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that modifies a
+<a name="INDEX-45"/>share
+definition on the Samba server. This command runs as
+<tt class="literal">root</tt> when a share is created using the Windows
+NT/2000/XP Server Manager. The client user must be logged on as the
+<tt class="literal">root</tt> user. The command is passed the name of the
+Samba configuration file, the name of the share to be modified, the
+full pathname of a directory on the Samba server (which must already
+exist), and a string to use as a comment for the share, in that
+order. The command modifies the share definition for the share in
+<em class="filename">smb.conf.</em> See also <tt class="literal">add share
+command</tt> and <tt class="literal">delete share command</tt>.</p></div>
+<a name="INDEX-46"/><a name="INDEX-47"/><a name="INDEX-48"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>character set = name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: ISO8859-1, ISO8859-2, ISO8859-5, KOI8-R</p><p><b class="emphasis-bold">Default</b>: NULL</p><p><a name="INDEX-47"/>If set, translates from DOS code
+pages to the Western European (ISO8859-1), Eastern European
+(ISO8859-2), Russian Cyrillic (ISO8859-5), or Alternate Russian
+(KOI8-R) character set. The <tt class="literal">client</tt>
+<tt class="literal">code</tt> <tt class="literal">page</tt> option must be set to
+850. <a name="INDEX-48"/>Obsolete starting with Samba 3.0.</p></div>
+<a name="INDEX-49"/><a name="INDEX-50"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>client code page = name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: see <a href="ch11.html#samba2-CHP-11-TABLE-4">Table 11-4</a> in <a href="ch11.html">Chapter 11</a></p><p><b class="emphasis-bold">Default</b>: 850 (MS-DOS Latin 1)</p><p>Sets the DOS code page explicitly, overriding any previous
+<tt class="literal">valid</tt> <tt class="literal">chars</tt> settings. Examples
+of values are 850 for Western European, 437 for the U.S. standard,
+and 932 for Japanese Shift-JIS. <a name="INDEX-50"/>Obsolete starting with Samba 3.0.</p></div>
+<a name="INDEX-51"/><a name="INDEX-52"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>code page directory = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full directory name</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/samba/lib/codepages</em></p><p>Specifies the directory that stores code pages.
+<a name="INDEX-52"/>Obsolete starting with Samba 3.0.</p></div>
+<a name="INDEX-53"/><a name="INDEX-54"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>coding system = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: euc, cap, hex, hexN, sjis, j8bb, j8bj, jis8, j8bh,
+j8@b, j8@j,j8@h, j7bb, j7bj, jis7, j7bh, j7@b, j7@j, j7@h, jubb,
+jubj, junet, jubh, ju@b, ju@j, ju@h</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the coding system used, notably for Kanji. This is employed for
+filenames and should correspond to the code page in use. The
+<tt class="literal">client</tt> <tt class="literal">code</tt>
+<tt class="literal">page</tt> option must be set to 932 ( Japanese
+Shift-JIS). <a name="INDEX-54"/>Obsolete starting with Samba 3.0.</p></div>
+<a name="INDEX-55"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>comment = string</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: string</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the comment corresponding to a share. The comment appears in
+places such as a <em class="emphasis">net view</em> listing or through the
+Network Neighborhood. See also the <tt class="literal">server</tt>
+<tt class="literal">string</tt> configuration option.</p></div>
+<a name="INDEX-56"/><a name="INDEX-57"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>config file = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: \filename</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Selects a new Samba <a name="INDEX-57"/>configuration file to read instead of the
+current one. Used to relocate the configuration file or used with
+<tt class="literal">%</tt> variables to select custom configuration files
+for some users or systems.</p></div>
+<a name="INDEX-58"/><a name="INDEX-59"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>copy = section name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: existing section's name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Copies the configuration of an already defined share into the
+<a name="INDEX-59"/>share in which this option
+appears. Used with <tt class="literal">%</tt> variables to select custom
+configurations for systems, architectures, and users. Each option
+specified or copied takes precedence over earlier specifications of
+the option.</p></div>
+<a name="INDEX-60"/><a name="INDEX-61"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>create mask = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0744</p><p>Sets the maximum allowable <a name="INDEX-61"/>permissions for new files (e.g.,
+0755). See also <tt class="literal">directory</tt> <tt class="literal">mask</tt>.
+To require certain permissions to be set, see
+<tt class="literal">force</tt> <tt class="literal">create</tt>
+<tt class="literal">mask</tt> and <tt class="literal">force</tt>
+<tt class="literal">directory</tt> <tt class="literal">mask</tt>. Also called
+<tt class="literal">create</tt> <tt class="literal">mode</tt>.</p></div>
+<a name="INDEX-62"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>create mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0744</p><p>Synonym for <tt class="literal">create</tt> <tt class="literal">mask</tt>.</p></div>
+<a name="INDEX-63"/><a name="INDEX-64"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>csc policy = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: manual, documents, programs, or disable</p><p><b class="emphasis-bold">Default</b>: manual</p><p>Sets the client-side <a name="INDEX-64"/>caching policy, telling them how to
+cache files offline if they are capable of doing so.</p></div>
+<a name="INDEX-65"/><a name="INDEX-66"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>deadtime = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Specifies the time in minutes before an unused
+<a name="INDEX-66"/>connection will be
+terminated. Zero means never. Used to keep clients from tying up
+server resources for long periods of time. If used, clients must
+autoreconnect after the specified period of inactivity. See also
+<tt class="literal">keepalive</tt>.</p></div>
+<a name="INDEX-67"/><a name="INDEX-68"/><a name="INDEX-69"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>debug hires timestamp = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Changes the <a name="INDEX-68"/><a name="INDEX-69"/>timestamps in log entries from seconds
+to microseconds. Useful for measuring performance.</p></div>
+<a name="INDEX-70"/><a name="INDEX-71"/><a name="INDEX-72"/><a name="INDEX-73"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>debug pid = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Adds the process ID of the Samba server to <a name="INDEX-71"/><a name="INDEX-72"/><a name="INDEX-73"/>log lines, making it easier to
+debug a particular server. Requires debug <tt class="literal">timestamp =
+yes</tt> to work.</p></div>
+<a name="INDEX-74"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>debug timestamp = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Timestamps all log messages. Can be turned off when
+it's not useful (e.g., in debugging ). Also called
+<tt class="literal">timestamp</tt> <tt class="literal">logs</tt>.</p></div>
+<a name="INDEX-75"/><a name="INDEX-76"/><a name="INDEX-77"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>debug uid = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p><a name="INDEX-76"/><a name="INDEX-77"/>Adds the real and effective
+user ID and group ID of the user being served to the logs, making it
+easier to debug one particular user.</p></div>
+<a name="INDEX-78"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>debuglevel = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Sets the logging level used. Values of 3 or more slow Samba
+noticeably. Also called <tt class="literal">log</tt>
+<tt class="literal">level</tt>. Recommended value is 1.</p></div>
+<a name="INDEX-79"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>default = service name</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: share name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies the name of a service (share) to provide if someone
+requests a service he doesn't have permission to use
+or that doesn't exist. The path is set from the name
+the client specified, with any underscore ( _ ) characters changed to
+slash ( / ) characters, allowing access to any directory on the Samba
+server. Use is discouraged. See also <tt class="literal">load
+printers</tt>. Also called <tt class="literal">default service</tt>.</p></div>
+<a name="INDEX-80"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>default case = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: LOWER, UPPER</p><p><b class="emphasis-bold">Default</b>: LOWER</p><p>Sets the case in which to store new filenames. LOWER indicates
+lowercase, and UPPER indicates uppercase.</p></div>
+<a name="INDEX-81"/><a name="INDEX-82"/><a name="INDEX-83"/><a name="INDEX-84"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>default devmode = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Used with printer shares being accessed by Windows NT/2000/XP clients
+to set a default device mode for the
+<a name="INDEX-82"/><a name="INDEX-83"/><a name="INDEX-84"/>printer. Can be
+problematic. Use with care.</p></div>
+<a name="INDEX-85"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>default service = share name</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: share name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">default</tt>.</p></div>
+<a name="INDEX-86"/><a name="INDEX-87"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>delete printer command = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that removes a
+<a name="INDEX-87"/>printer from the system hosting the
+Samba server and deletes its service definition from
+<em class="filename">smb.conf</em>. The command is passed a printer name
+as its only argument. See also <tt class="literal">add printer
+command</tt>, <tt class="literal">printing</tt>, and <tt class="literal">show add
+printer wizard</tt>.</p></div>
+<a name="INDEX-88"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>delete readonly = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NO, YES</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, allows delete requests to remove read-only files. This
+is not allowed in MS-DOS/Windows, but it is normal in Unix, which has
+separate directory permissions. Used with programs such as RCS.</p></div>
+<a name="INDEX-89"/><a name="INDEX-90"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>delete share command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command that deletes a
+<a name="INDEX-90"/>share
+from the Samba server. The command runs when a user logged in as the
+<tt class="literal">root</tt> user on a Windows NT/2000/XP system deletes a
+share using Server Manager. The command is passed the name of the
+Samba configuration file and the name of the share to be deleted. The
+command must remove the definition of the share from the
+configuration file. See also <tt class="literal">add share command</tt> and
+<tt class="literal">change share command</tt>.</p></div>
+<a name="INDEX-91"/><a name="INDEX-92"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>delete user script = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to script</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the command to run as <tt class="literal">root</tt> when a user
+connects who no longer has an account on the
+domain's PDC. Honors <tt class="literal">%u</tt>. Can be
+used to delete the
+<a name="INDEX-92"/>user account automatically from
+the Samba server's host. Requires
+<tt class="literal">security</tt> <tt class="literal">=</tt>
+<tt class="literal">domain</tt> or <tt class="literal">security = user</tt>. Use
+with caution. See also <tt class="literal">add user script</tt>.</p></div>
+<a name="INDEX-93"/><a name="INDEX-94"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>delete veto files = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NO, YES</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, allows delete requests for a
+<a name="INDEX-94"/>directory containing
+files or subdirectories the user can't see due to
+the <tt class="literal">veto</tt> <tt class="literal">files</tt> option. If set
+to NO, the directory is not deleted and still contains invisible
+files.</p></div>
+<a name="INDEX-95"/><a name="INDEX-96"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>deny hosts = host list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of systems from which to refuse
+<a name="INDEX-96"/>connections.
+Also called <tt class="literal">hosts</tt> <tt class="literal">deny</tt>.</p></div>
+<a name="INDEX-97"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dfree command = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Specifies a command to run on the server to return free disk space.
+Not needed unless the Samba host system's
+<em class="emphasis">dfree</em> command does not work properly.</p></div>
+<a name="INDEX-98"/><a name="INDEX-99"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>directory = directory</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: Unix directory name</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the path to the
+<a name="INDEX-99"/>directory provided by a file share or
+used by a printer share. If the option is omitted in the
+<tt class="literal">[homes]</tt> share, it is set automatically to the
+user's home directory; otherwise, it defaults
+to<em class="filename"> /tmp</em>. For a printer share, the directory is
+used to spool printer files. Honors the <tt class="literal">%u</tt> (user)
+and <tt class="literal">%m</tt> (machine) variables. Synonym for
+<tt class="literal">path</tt>.</p></div>
+<a name="INDEX-100"/><a name="INDEX-101"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>directory mask = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0755</p><p>Sets the maximum allowable permissions for newly created
+<a name="INDEX-101"/>directories. To require
+that certain permissions be set, see the <tt class="literal">force</tt>
+<tt class="literal">create</tt> <tt class="literal">mask</tt> and
+<tt class="literal">force</tt> <tt class="literal">directory</tt>
+<tt class="literal">mask</tt> options. Also called
+<tt class="literal">directory</tt> <tt class="literal">mode</tt>.</p></div>
+<a name="INDEX-102"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>directory mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0755</p><p>Synonym for <tt class="literal">directory</tt> <tt class="literal">mask</tt>.</p></div>
+<a name="INDEX-103"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>directory security mask = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: same as <tt class="literal">directory</tt> <tt class="literal">mode</tt></p><p>Controls which permission bits can be changed if a user edits the
+Unix permissions of directories on the Samba server from a Windows
+system. Any bit that is set in the mask can be changed by the user;
+any bit that is clear remains the same on the directory even if the
+user tries to change it. Requires <tt class="literal">nt</tt>
+<tt class="literal">acl</tt> <tt class="literal">support</tt>
+<tt class="literal">=</tt> <tt class="literal">YES</tt>.</p></div>
+<a name="INDEX-104"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>disable spools = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, Windows NT/2000/XP systems will downgrade to
+Lanman-style printing. Prevents printer driver uploading and
+downloading from working. Use with care. See also <tt class="literal">use client
+driver</tt>.</p></div>
+<a name="INDEX-105"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dns proxy = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES and if <tt class="literal">wins</tt>
+<tt class="literal">server</tt> <tt class="literal">=</tt>
+<tt class="literal">YES</tt>, looks up hostnames in DNS when they are not
+found using WINS.</p></div>
+<a name="INDEX-106"/><a name="INDEX-107"/><a name="INDEX-108"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>domain admin group = user list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: usernames and/or group names</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies users who are in the <a name="INDEX-107"/>Domain Admins group and have
+<a name="INDEX-108"/>domain
+administrator authority when Samba is the PDC. See also
+<tt class="literal">domain guest group</tt> and <tt class="literal">domain
+logons</tt>. Useful in Samba 2.2 only. Obsolete in Samba 3.0.</p></div>
+<a name="INDEX-109"/><a name="INDEX-110"/><a name="INDEX-111"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>domain guest group = user/group list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of usernames and/or group names</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies users who are in the <a name="INDEX-110"/>Domain Guest group when Samba is the PDC.
+See also <tt class="literal">domain admin group</tt> and <tt class="literal">domain
+logons</tt>. Useful in Samba 2.2 only. <a name="INDEX-111"/>Obsolete in Samba 3.0.</p></div>
+<a name="INDEX-112"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>domain logons = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Causes Samba to serve domain logons. This is one of the basic
+functions required when Samba is acting as the PDC.</p></div>
+<a name="INDEX-113"/><a name="INDEX-114"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>domain master = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: automatic</p><p>Makes Samba a <a name="INDEX-114"/>domain master browser for its domain. When
+domain logons are enabled, <tt class="literal">domain master</tt> defaults
+to YES. Otherwise, it defaults to NO.</p></div>
+<a name="INDEX-115"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dont descend = list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of directories</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Prohibits a change directory or search in the directories specified.
+This is a browsing-convenience option; it doesn't
+provide any extra security.</p></div>
+<a name="INDEX-116"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dos filemode = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Allows anyone with write permissions to change permissions on a file,
+as allowed by MS-DOS.</p></div>
+<a name="INDEX-117"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dos filetime resolution = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Sets file times on Unix to match MS-DOS standards (rounding to the
+next even second). Recommended if using Visual C++ or a PC
+<em class="emphasis">make</em> program to avoid remaking the programs
+unnecessarily. Use with the <tt class="literal">dos</tt>
+<tt class="literal">filetimes</tt> option.</p></div>
+<a name="INDEX-118"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>dos filetimes = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Allows nonowners to change file times if they can write to the files,
+matching the behavior of MS-DOS and Windows. See also
+<tt class="literal">dos</tt> <tt class="literal">filetime</tt>
+<tt class="literal">resolution</tt>.</p></div>
+<a name="INDEX-119"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>encrypt passwords = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO in Samba 2.2, YES in Samba 3.0</p><p>If enabled, Samba will use password encryption. Requires an
+<em class="filename">smbpasswd</em> file on the Samba server.</p></div>
+<a name="INDEX-120"/><a name="INDEX-121"/><a name="INDEX-122"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>enhanced browsing = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Automatically synchronizes <a name="INDEX-121"/><a name="INDEX-122"/>browse lists with all domain master
+browsers known to the WINS server. Makes cross-subnet browsing more
+reliable, but also can cause empty workgroups to persist forever in
+browse lists.</p></div>
+<a name="INDEX-123"/><a name="INDEX-124"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>enumports command = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Allows for a command to provide clients with customized
+MS-DOS/Windows <a name="INDEX-124"/>port names (e.g., PRN:) corresponding
+to printers. Samba's default behavior is to return
+<tt class="literal">Samba Printer Port</tt>. The command must return a
+series of lines, with one port name per line.</p></div>
+<a name="INDEX-125"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>exec = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a command to run as the user before connecting to the share.
+Synonym for <tt class="literal">preexec</tt>. See also the
+<tt class="literal">postexec</tt>, <tt class="literal">root</tt>
+<tt class="literal">preexec</tt>, and <tt class="literal">root postexec</tt>
+options.</p></div>
+<a name="INDEX-126"/><a name="INDEX-127"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>fake directory create times = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>A bug fix for users of Microsoft
+<em class="emphasis">nmake</em><a name="INDEX-127"/>. If YES, Samba sets directory create
+times such that <em class="emphasis">nmake</em> won't
+remake all files every time.</p></div>
+<a name="INDEX-128"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>fake oplocks = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, returns YES whenever a client asks if it can lock a file and
+cache it locally but does not enforce the lock on the server. Results
+in performance improvement for read-only shares. <em class="emphasis">Never use
+with read/write shares!</em> See also
+<tt class="literal">oplocks</tt> and <tt class="literal">veto</tt>
+<tt class="literal">oplock</tt> <tt class="literal">files</tt>.</p></div>
+<a name="INDEX-129"/><a name="INDEX-130"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>follow symlinks = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES, Samba follows <a name="INDEX-130"/>symlinks in a file share(s). See the
+<tt class="literal">wide</tt> <tt class="literal">links</tt> option if you want
+to restrict symlinks to just the current share.</p></div>
+<a name="INDEX-131"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force create mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Takes effect when a user on a Windows client creates a file that
+resides on the Samba server. This option ensures that bits set in
+this mask will always be set on the new file. Used with the
+<tt class="literal">create mask</tt> configuration option.</p></div>
+<a name="INDEX-132"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force directory mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Takes effect when a user on a Windows client creates a directory on
+the Samba server. This option ensures that bits set in the mask will
+be set on every newly created directory. Used with <tt class="literal">directory
+mask</tt>.</p></div>
+<a name="INDEX-133"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force directory security mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: same as <tt class="literal">force</tt>
+<tt class="literal">directory</tt> <tt class="literal">mode</tt></p><p>Takes effect when a user on a Windows client edits the Unix
+permissions of a directory on the Samba server. This option ensures
+that bits set in this mask will be set on the directory. Requires
+<tt class="literal">nt</tt> <tt class="literal">acl</tt>
+<tt class="literal">support</tt> <tt class="literal">=</tt>
+<tt class="literal">YES</tt>.</p></div>
+<a name="INDEX-134"/><a name="INDEX-135"/><a name="INDEX-136"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force group = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: a Unix group name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the effective group name assigned to all users accessing a
+share. Used to override a
+<a name="INDEX-135"/><a name="INDEX-136"/>user's
+normal group memberships.</p></div>
+<a name="INDEX-137"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force security mode = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: same as <tt class="literal">force</tt> <tt class="literal">create</tt>
+<tt class="literal">mode</tt></p><p>Takes effect when a user on a Windows client edits the Unix
+permissions of a file on the Samba server. This option ensures that
+bits set in the mask will always be set on the file. Requires
+<tt class="literal">nt</tt> <tt class="literal">acl</tt>
+<tt class="literal">support</tt> <tt class="literal">=</tt>
+<tt class="literal">YES</tt>. See also <tt class="literal">force directory security
+mode</tt> for directories.</p></div>
+<a name="INDEX-138"/><a name="INDEX-139"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force unknown acl user = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>When set, unknown users or groups in Windows NT ACLs will be mapped
+to the user or group of the connected user. <a name="INDEX-139"/>Obsolete starting with Samba
+3.0.</p></div>
+<a name="INDEX-140"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>force user = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: a single username</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the effective username assigned to all users accessing a share.
+Discouraged.</p></div>
+<a name="INDEX-141"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>fstype = string</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NTFS, FAT, Samba</p><p><b class="emphasis-bold">Default</b>: NTFS</p><p>Sets the filesystem type reported to the client. Avoid changing.</p></div>
+<a name="INDEX-142"/><a name="INDEX-143"/><a name="INDEX-144"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>getwd cache = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Caches the current <a name="INDEX-143"/><a name="INDEX-144"/>directory for performance.
+Recommended with the <tt class="literal">wide</tt> <tt class="literal">links</tt>
+option.</p></div>
+<a name="INDEX-145"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>group = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: a Unix group name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">force</tt> <tt class="literal">group</tt>.</p></div>
+<a name="INDEX-146"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>guest account = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: a single username</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the name of the unprivileged Unix account to use for tasks such
+as printing and for accessing shares marked with
+<tt class="literal">guest</tt> <tt class="literal">ok</tt>. The default is
+specified at compile time and is usually set to
+<tt class="literal">nobody</tt>.</p></div>
+<a name="INDEX-147"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>guest ok = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, doesn't need passwords for this
+share. Used with <tt class="literal">security = share</tt>. Synonym for
+<tt class="literal">public</tt>.</p></div>
+<a name="INDEX-148"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>guest only = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Forces users of a share to log on as the guest account. Requires
+<tt class="literal">guest</tt> <tt class="literal">ok</tt> or
+<tt class="literal">public</tt> to be YES. Also called
+<tt class="literal">only</tt> <tt class="literal">guest</tt>.</p></div>
+<a name="INDEX-149"/><a name="INDEX-150"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hide dot files = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Treats files with names beginning with a dot as if they had the
+MS-DOS <a name="INDEX-150"/>hidden
+attribute set. The files are either not displayed on a Windows client
+or appear grayed-out, depending on the settings on the client.</p></div>
+<a name="INDEX-151"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hide files = slash-separated list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: patterns, separated by <tt class="literal">/</tt>
+characters</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of file or directory names on which to set the
+MS-DOS hidden attribute. Names can contain <tt class="literal">?</tt> or
+<tt class="literal">*</tt> pattern characters and <tt class="literal">%</tt>
+variables. See also <tt class="literal">hide</tt> <tt class="literal">dot</tt>
+<tt class="literal">files</tt> and <tt class="literal">veto</tt>
+<tt class="literal">files</tt>.</p></div>
+<a name="INDEX-152"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hide local users = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, hides Unix-specific dummy accounts
+(<tt class="literal">root</tt>, <tt class="literal">wheel</tt>,
+<tt class="literal">floppy</tt>, etc.) from clients.</p></div>
+<a name="INDEX-153"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hide unreadable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, hides all unreadable files.</p></div>
+<a name="INDEX-154"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>homedir map = name</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NIS map name</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Used with <tt class="literal">nis</tt> <tt class="literal">homedir</tt> to locate
+a user's Unix home directory from Sun NIS (not
+NIS+).</p></div>
+<a name="INDEX-155"/><a name="INDEX-156"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>host msdfs = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p><a name="INDEX-156"/>If set to YES and Samba was
+configured with the <tt class="literal">--with-msdfs</tt> option, provides
+Microsoft Distributed filesystem (Dfs) service, allowing Dfs-capable
+clients to browse Dfs trees on the Samba server. See also
+<tt class="literal">msdfs root</tt>.</p></div>
+<a name="INDEX-157"/><a name="INDEX-158"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hosts allow = host list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of systems that can access the
+<a name="INDEX-158"/>share. If NULL, any system can access
+the share unless there is a <tt class="literal">hosts</tt>
+<tt class="literal">deny</tt> option. Synonym for <tt class="literal">allow</tt>
+<tt class="literal">hosts</tt>.</p></div>
+<a name="INDEX-159"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hosts deny = host list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of systems that cannot connect to the share. Synonym
+for <tt class="literal">deny</tt> <tt class="literal">hosts</tt>.</p></div>
+<a name="INDEX-160"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>hosts equiv = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies the path to a file of trusted systems from which
+passwordless logons are allowed. Strongly discouraged because Windows
+NT/2000/XP users can always override the username&mdash;the only
+security in this scheme.</p></div>
+<a name="INDEX-161"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>include = filename</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Includes the named file in <em class="filename">smb.conf</em> at the line
+where it appears. This option accepts most variables, but not
+<tt class="literal">%u</tt> (user), <tt class="literal">%P</tt> (current
+share's <tt class="literal">root</tt> directory), or
+<tt class="literal">%S</tt> (current share's name) because
+they are not set at the time the file is read.</p></div>
+<a name="INDEX-162"/><a name="INDEX-163"/><a name="INDEX-164"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>inherit acls = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, files and subdirectories are created with the same
+<a name="INDEX-163"/>ACLs
+as their parent directories. Directories are given Unix permissions
+of 0777 (full permissions) ensuring that the ACL on the directory
+will govern the actual permissions given to clients. Requires
+<a name="INDEX-164"/>POSIX ACL
+support to be provided on the Samba host system.</p></div>
+<a name="INDEX-165"/><a name="INDEX-166"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>inherit permissions = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, files and subdirectories are created with the same
+<a name="INDEX-166"/>permissions as their parent
+directories. This allows Unix directory permissions to be propagated
+automatically to new files and subdirectories, especially in the
+<tt class="literal">[homes]</tt> share. This option overrides
+<tt class="literal">create</tt> <tt class="literal">mask</tt>,
+<tt class="literal">directory</tt> <tt class="literal">mask</tt>,
+<tt class="literal">force</tt> <tt class="literal">create</tt>
+<tt class="literal">mode</tt>, and <tt class="literal">force</tt>
+<tt class="literal">directory</tt> <tt class="literal">mode</tt>, but not
+<tt class="literal">map</tt> <tt class="literal">archive</tt>,
+<tt class="literal">map</tt> <tt class="literal">hidden</tt>, or
+<tt class="literal">map</tt> <tt class="literal">system</tt>. Samba never sets
+the <tt class="literal">setuid</tt> bit when creating a file or directory.</p></div>
+<a name="INDEX-167"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>interfaces = interface list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: interface list</p><p><b class="emphasis-bold">Default</b>: NULL (all interfaces except 127.0.0.1)</p><p>Sets the interfaces to which Samba will respond. The default is the
+system's primary interface only. Recommended on
+multihomed systems or to override erroneous addresses and netmasks.
+Allows interface names such as <tt class="literal">eth0</tt>, DNS names,
+address/netmask pairs, and broadcast/netmask pairs. See also
+<tt class="literal">bind interfaces only</tt>.</p></div>
+<a name="INDEX-168"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>invalid users = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of users not permitted access to the share.</p></div>
+<a name="INDEX-169"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>keepalive = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 300</p><p>Sets the number of seconds between checks for a crashed client. The
+value of 0 causes no checks to be performed. Setting
+<tt class="literal">keepalive = 3600</tt> will turn on checks every hour. A
+value of 600 (every 10 minutes) is recommended if you want more
+frequent checks. See also <tt class="literal">socket</tt>
+<tt class="literal">options</tt> for another approach.</p></div>
+<a name="INDEX-170"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>kernel oplocks = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Breaks the oplock when a local Unix process or NFS operation accesses
+an oplocked file, thus preventing corruption. This works only on
+operating systems that support kernel-based oplocks, such as Linux
+2.4 and Irix. Avoid changing. See also <tt class="literal">oplocks</tt> and
+<tt class="literal">level2</tt> <tt class="literal">oplocks</tt>.</p></div>
+<a name="INDEX-171"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lanman auth = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES, allows clients to use the (weak) LANMAN password hash
+used by Windows 95/98/Me. If set to NO, allows only the better NT1
+hash used by Windows NT/2000/XP.</p></div>
+<a name="INDEX-172"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>large readwrite = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO in Samba 2.2, YES in Samba 3.0</p><p>If set to YES, allows Windows 2000/XP to read and write 64KB at a
+time to improve performance. Requires Samba to be hosted by a 64-bit
+OS, such as Linux 2.4, Irix, or Solaris. Somewhat experimental.</p></div>
+<a name="INDEX-173"/><a name="INDEX-174"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap admin dn = string</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: Distinguished Name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the Distinguished Name used by Samba when contacting the LDAP
+server. Requires Samba to be configured with the
+<tt class="literal">--with-ldapsam</tt> configuration option. Experimental
+option added in Samba 2.2.3 and <a name="INDEX-174"/>obsolete in Samba 3.0.</p></div>
+<a name="INDEX-175"/><a name="INDEX-176"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap filter = string</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: LDAP search filter</p><p><b class="emphasis-bold">Default</b>: <tt class="literal">(&amp;(uid=%u)(objectclass=sambaAccount))</tt></p><p>Sets the LDAP search filter. Requires that Samba be configured with
+the <tt class="literal">--with-ldapsam</tt> configuration option.
+Experimental option added in Samba 2.2.3 and
+<a name="INDEX-176"/>obsolete in Samba 3.0.</p></div>
+<a name="INDEX-177"/><a name="INDEX-178"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap port = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive integer</p><p><b class="emphasis-bold">Default</b>: In Samba 2.2, 636 if <tt class="literal">ldap ssl = on</tt>;
+otherwise 389</p><p>Sets the TCP port number for contacting the LDAP server. Requires
+that Samba be configured with the <tt class="literal">--with-ldapsam</tt>
+configuration option. Experimental option added in Samba 2.2.3 and
+<a name="INDEX-178"/>obsolete
+starting with Samba 3.0. See also <tt class="literal">ldap ssl</tt>.</p></div>
+<a name="INDEX-179"/><a name="INDEX-180"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap server = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: fully qualified domain name</p><p><b class="emphasis-bold">Default</b>: localhost</p><p>Sets the domain name of the LDAP server. Requires that Samba be
+configured with the <tt class="literal">--with-ldapsam</tt> configuration
+option. Experimental option added in Samba 2.2.3 and
+<a name="INDEX-180"/>obsolete starting with Samba 3.0.</p></div>
+<a name="INDEX-181"/><a name="INDEX-182"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap ssl = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: ON, OFF, START TLS</p><p><b class="emphasis-bold">Default</b>: ON</p><p>Sets whether Samba uses SSL to contact the LDAP server. ON and OFF
+turn SSL encryption on or off. The START TLS setting causes Samba to
+use LDAPv3 StartTLS extended operation. Requires that Samba be
+configured with the <tt class="literal">--with-ldapsam</tt> configuration
+option. Experimental option added in Samba 2.2.3 and
+<a name="INDEX-182"/>obsolete
+in Samba 3.0.</p></div>
+<a name="INDEX-183"/><a name="INDEX-184"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ldap suffix = string</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: Distinguished Name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the base Distinguished Name to use for LDAP searches. Requires
+that Samba be configured with the <tt class="literal">--with-ldapsam</tt>
+configuration option. Experimental option added in Samba 2.2.3 and
+<a name="INDEX-184"/>obsolete in Samba 3.0.</p></div>
+<a name="INDEX-185"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>level2 oplocks = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows files to be cached read-only on the client when multiple
+clients have opened the file. This allows executables to be cached
+locally, improving performance.</p></div>
+<a name="INDEX-186"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lm announce = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: AUTO, YES, NO</p><p><b class="emphasis-bold">Default</b>: AUTO</p><p>Produces OS/2 SMB broadcasts at an interval specified by the
+<tt class="literal">lm</tt> <tt class="literal">interval</tt> option. YES/NO
+turns them on/off unconditionally. AUTO causes the Samba server to
+wait for a LAN manager announcement from another client before
+sending one out. Required for OS/2 client browsing.</p></div>
+<a name="INDEX-187"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lm interval = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 60</p><p>Sets the time period, in seconds, between OS/2 SMB broadcast
+announcements.</p></div>
+<a name="INDEX-188"/><a name="INDEX-189"/><a name="INDEX-190"/><a name="INDEX-191"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>load printers = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Loads all printer names from the system's
+<em class="emphasis">printcap</em><a name="INDEX-189"/> file into the
+<a name="INDEX-190"/><a name="INDEX-191"/>browse
+list. Uses configuration options from the
+<tt class="literal">[printers]</tt> section.</p></div>
+<a name="INDEX-192"/><a name="INDEX-193"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>local master = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows Samba to participate in <a name="INDEX-193"/>elections for the local master
+browser. See also <tt class="literal">domain</tt> <tt class="literal">master</tt>
+and <tt class="literal">os</tt> <tt class="literal">level</tt>.</p></div>
+<a name="INDEX-194"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lock dir = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: <em class="emphasis">/usr/local/samba/var/locks</em></p><p>Synonym for <tt class="literal">lock</tt> <tt class="literal">directory</tt>.</p></div>
+<a name="INDEX-195"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lock directory = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: <em class="emphasis">/usr/local/samba/var/locks</em></p><p>Sets a directory in which to keep lock files. The directory must be
+writable by Samba and readable by everyone. Also called
+<tt class="literal">lock</tt> <tt class="literal">dir</tt>.</p></div>
+<a name="INDEX-196"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lock spin count = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive integer</p><p><b class="emphasis-bold">Default</b>: 2</p><p>Sets the number of attempts to attain a byte range lock. See also
+<tt class="literal">lock spin time</tt>.</p></div>
+<a name="INDEX-197"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lock spin time = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of microseconds</p><p><b class="emphasis-bold">Default</b>: 10</p><p>Sets the number of microseconds between attempts to attain a lock.
+See also <tt class="literal">lock</tt> <tt class="literal">spin</tt>
+<tt class="literal">count</tt>.</p></div>
+<a name="INDEX-198"/><a name="INDEX-199"/><a name="INDEX-200"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>locking = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Performs <a name="INDEX-199"/><a name="INDEX-200"/>file locking. If set to NO, Samba
+accepts lock requests but won't actually lock
+resources. Turn off for read-only filesystems.</p></div>
+<a name="INDEX-201"/><a name="INDEX-202"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>log file = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the name and location of the <a name="INDEX-202"/>log file. Allows all <tt class="literal">%</tt>
+variables.</p></div>
+<a name="INDEX-203"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>log level = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Sets the logging level used. Values of 3 or more slow the system
+noticeably. Recommended value is 1. Synonym for
+<tt class="literal">debug</tt> <tt class="literal">level</tt>.</p></div>
+<a name="INDEX-204"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>logon drive = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: MS-DOS drive name</p><p><b class="emphasis-bold">Default</b>: Z:</p><p>Sets the drive to be used as a home directory for domain logons by
+Windows NT/2000/XP clients. See also <tt class="literal">logon</tt>
+<tt class="literal">home</tt>.</p></div>
+<a name="INDEX-205"/><a name="INDEX-206"/><a name="INDEX-207"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>logon home = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: UNC of shared directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">\\ %N \ %U</em></p><p>Sets the home <a name="INDEX-206"/><a name="INDEX-207"/>directory of a Windows 95/98/Me or
+NT/2000/XP user. Allows <tt class="literal">NET</tt> <tt class="literal">USE</tt>
+<tt class="literal">H:/HOME</tt> from the command prompt if Samba is acting
+as a logon server. Append <tt class="literal">\profile</tt> or other
+directory to the value of this parameter if storing Windows 95/98/Me
+profiles in a subdirectory of the user's home
+directory. See <tt class="literal">logon path</tt> for Windows NT/2000/XP
+roaming profiles.</p></div>
+<a name="INDEX-208"/><a name="INDEX-209"/><a name="INDEX-210"/><a name="INDEX-211"/><a name="INDEX-212"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>logon path = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: UNC of shared directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">\\ %N \ %U \ profile</em></p><p>Sets the path to the directory where Windows NT/2000/XP
+<a name="INDEX-209"/><a name="INDEX-210"/><a name="INDEX-211"/><a name="INDEX-212"/>roaming profiles are stored. See
+also <tt class="literal">logon home</tt> for Windows 95/98/Me roaming
+profiles.</p></div>
+<a name="INDEX-213"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>logon script = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: UNC of shared file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the pathname (relative to the <tt class="literal">[netlogon]</tt>
+share) of an MS-DOS/NT command to run on the client at logon time.
+Allows all <tt class="literal">%</tt> variables.</p></div>
+<a name="INDEX-214"/><a name="INDEX-215"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lppause command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command to pause a <a name="INDEX-215"/>print job.
+Honors the <tt class="literal">%p</tt> (printer name) and
+<tt class="literal">%j</tt> (job number) variables.</p></div>
+<a name="INDEX-216"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lpq cache time = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 10</p><p>Sets how long to keep print queue status cached, in seconds.</p></div>
+<a name="INDEX-217"/><a name="INDEX-218"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lpq command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command used to get <a name="INDEX-218"/>printer status. Usually
+initialized to a default value by the <tt class="literal">printing</tt>
+option. Honors the <tt class="literal">%p</tt> (printer name) variable.</p></div>
+<a name="INDEX-219"/><a name="INDEX-220"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lpresume command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command to resume a paused <a name="INDEX-220"/>print job.
+Honors the <tt class="literal">%p</tt> (printer name) and
+<tt class="literal">%j</tt> ( job number) variables.</p></div>
+<a name="INDEX-221"/><a name="INDEX-222"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>lprm command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command to delete a <a name="INDEX-222"/>print job.
+Usually initialized to a default value by the
+<tt class="literal">printing</tt> option. Honors the <tt class="literal">%p</tt>
+(printer name) and <tt class="literal">%j</tt> (job number) variables.</p></div>
+<a name="INDEX-223"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>machine password timeout = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 604800 (1 week)</p><p>Sets the period between (NT domain) computer account password changes.</p></div>
+<a name="INDEX-224"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>magic output = filename</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="replaceable">command</em><em class="emphasis">.out</em></p><p>Sets the output file for the <tt class="literal">magic</tt>
+<tt class="literal">scripts</tt> option. Default is the command name,
+followed by the <em class="emphasis">.out</em> extension.</p></div>
+<a name="INDEX-225"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>magic script = filename</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a filename for execution via a shell whenever the file is closed
+from the client, allowing clients to run commands on the server. The
+scripts will be deleted on completion, if permissions allow. Use is
+discouraged.</p></div>
+<a name="INDEX-226"/><a name="INDEX-227"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangle case = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p><a name="INDEX-227"/>Mangles a
+name if it is in mixed case.</p></div>
+<a name="INDEX-228"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangled map = map list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of to/from pairs</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets up a table of names to remap (e.g., <em class="emphasis">.html</em>
+to <em class="emphasis">.htm</em>).</p></div>
+<a name="INDEX-229"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangled names = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Sets Samba to abbreviate to the MS-DOS 8.3 style names that are too
+long or have unsupported characters.</p></div>
+<a name="INDEX-230"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangled stack = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 50</p><p>Sets the size of the cache of recently mangled filenames.</p></div>
+<a name="INDEX-231"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangling char = character</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: character</p><p><b class="emphasis-bold">Default</b>: ~</p><p>Sets the unique mangling character used in all mangled names.</p></div>
+<a name="INDEX-232"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>mangling method = string</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: hash, hash2</p><p><b class="emphasis-bold">Default</b>: hash</p><p>Sets the algorithm used to mangle filenames. The
+<tt class="literal">hash2</tt> method is a newer method introduced in Samba
+2.2.x, and it creates different filenames than the
+<tt class="literal">hash</tt> method.</p></div>
+<a name="INDEX-233"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>map archive = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, Samba sets the executable-by-user (0100) bit on Unix files if
+the MS-DOS archive attribute is set. If used, the
+<tt class="literal">create</tt> <tt class="literal">mask</tt> must contain the
+0100 bit.</p></div>
+<a name="INDEX-234"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>map hidden = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, Samba sets the executable-by-other (0001) bit on Unix files
+if the MS-DOS hidden attribute is set. If used, the <tt class="literal">create
+mask</tt> option must contain the 0001 bit.</p></div>
+<a name="INDEX-235"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>map system = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, Samba sets the executable-by-group (0010) bit on Unix files
+if the MS-DOS system attribute is set. If used, the
+<tt class="literal">create</tt> <tt class="literal">mask</tt> must contain the
+0010 bit.</p></div>
+<a name="INDEX-236"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>map to guest = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: Never, Bad User, Bad Password</p><p><b class="emphasis-bold">Default</b>: Never</p><p>If set to Bad User, allows users without accounts on the Samba system
+to log in and be assigned the guest account. This option can be used
+as part of making public shares for anyone to use. If set to Bad
+Password, users who mistype their passwords will be logged in to the
+guest account instead of their own. Because no warning is given, the
+Bad Password value can be extremely confusing: we recommend against
+it. The default setting of Never prevents users without accounts from
+logging in.</p></div>
+<a name="INDEX-237"/><a name="INDEX-238"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max connections = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0 (infinity)</p><p>Sets the maximum number of
+<a name="INDEX-238"/>share connections allowed from each
+client system.</p></div>
+<a name="INDEX-239"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max disk size = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: size in MB</p><p><b class="emphasis-bold">Default</b>: 0 (no limit)</p><p>Sets the maximum disk size/free-space size (in megabytes) to return
+to the client. Some clients or applications can't
+understand large maximum disk sizes.</p></div>
+<a name="INDEX-240"/><a name="INDEX-241"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max log size = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: size in KB</p><p><b class="emphasis-bold">Default</b>: 5000</p><p>Sets the size (in kilobytes) at which Samba will start a new
+<a name="INDEX-241"/>log file. The current log file will be
+renamed with a <em class="emphasis">.old</em> extension, replacing any
+existing file with that name.</p></div>
+<a name="INDEX-242"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max mux = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 50</p><p>Sets the number of simultaneous SMB operations that Samba clients can
+make. Avoid changing.</p></div>
+<a name="INDEX-243"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max open files = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 10000</p><p>Limits the number of files a Samba process will try to keep open at
+one time. Samba allows you to set this to less than the maximum
+imposed by the Unix host operating system. Avoid changing.</p></div>
+<a name="INDEX-244"/><a name="INDEX-245"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max print jobs = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive integer</p><p><b class="emphasis-bold">Default</b>: 1000</p><p>Limits the number of jobs that can be in the queue for this
+<a name="INDEX-245"/>printer share at any one time. The printer
+will report <tt class="literal">out of space</tt> if the limit is exceeded.
+See also <tt class="literal">total print jobs</tt>.</p></div>
+<a name="INDEX-246"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max protocol = name</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: CORE, COREPLUS, LANMAN1, LANMAN2, NT1</p><p><b class="emphasis-bold">Default</b>: NT1</p><p>If set, limits the negotiation to the protocol specified, or older.
+See <tt class="literal">min protocol</tt>. Avoid using.</p></div>
+<a name="INDEX-247"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max smbd processes = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer</p><p><b class="emphasis-bold">Default</b>: 0 (no limit)</p><p>Limits the number of users who can connect to the server. Used to
+prevent degraded service under an overload, at the cost of refusing
+services entirely.</p></div>
+<a name="INDEX-248"/><a name="INDEX-249"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max ttl = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 259200 (3 days)</p><p>Sets the <a name="INDEX-249"/>time to live (TTL) of NetBIOS names in the
+<em class="emphasis">nmbd</em> WINS cache. Avoid changing.</p></div>
+<a name="INDEX-250"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max wins ttl = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 518400 (6 days)</p><p>Limits the TTL, in seconds, of a NetBIOS name in the
+<em class="emphasis">nmbd</em> WINS cache. Avoid changing. See also
+<tt class="literal">min wins ttl</tt>.</p></div>
+<a name="INDEX-251"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>max xmit = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: size in bytes</p><p><b class="emphasis-bold">Default</b>: 65535</p><p>Sets the maximum packet size negotiated by Samba. This is a tuning
+parameter for slow links and bugs in older clients. Values less than
+2048 are discouraged.</p></div>
+<a name="INDEX-252"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>message command = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the command to run on the server when a WinPopup message arrives
+from a client. If it does not complete quickly, the command must end
+in <tt class="literal">&amp;</tt> to allow immediate return. Honors all
+<tt class="literal">%</tt> variables except <tt class="literal">%u</tt> (user)
+and supports the extra variables <tt class="literal">%s</tt> (filename the
+message is in), <tt class="literal">%t</tt> (destination system), and
+<tt class="literal">%f</tt> (from).</p></div>
+<a name="INDEX-253"/><a name="INDEX-254"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>min passwd length = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer</p><p><b class="emphasis-bold">Default</b>: 5</p><p><a name="INDEX-254"/>Synonym for <tt class="literal">min</tt>
+<tt class="literal">password</tt> <tt class="literal">length</tt>.</p></div>
+<a name="INDEX-255"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>min password length = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer</p><p><b class="emphasis-bold">Default</b>: 5</p><p>Sets the shortest Unix password allowed by Samba when updating a
+user's password on its system. Also called
+<tt class="literal">min</tt> <tt class="literal">passwd</tt>
+<tt class="literal">length</tt>.</p></div>
+<a name="INDEX-256"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>min print space = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: space in kilobytes</p><p><b class="emphasis-bold">Default</b>: 0 (unlimited)</p><p>Sets the minimum spool space required before accepting a print
+request.</p></div>
+<a name="INDEX-257"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>min protocol = name</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: CORE, COREPLUS, LANMAN1, LANMAN2, NT1</p><p><b class="emphasis-bold">Default</b>: CORE</p><p>If set, prevents use of old (less secure) protocols. Using NT1
+disables MS-DOS clients. See also <tt class="literal">lanman auth</tt>.</p></div>
+<a name="INDEX-258"/><a name="INDEX-259"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>min wins ttl = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 21600 (6 hours)</p><p>Sets the minimum <a name="INDEX-259"/>TTL, in seconds, of a NetBIOS name in the
+<em class="emphasis">nmbd</em> WINS cache. Avoid changing.</p></div>
+<a name="INDEX-260"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>msdfs root = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Makes the share a Dfs <tt class="literal">root</tt>. Requires the
+<tt class="literal">--with-msdfs</tt> configure option. Any symbolic links
+of the form <tt class="literal">msdfs:server\share</tt> will be seen as Dfs
+links. See also <tt class="literal">host msdfs</tt>.</p></div>
+<a name="INDEX-261"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>name resolve order = list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: lmhosts, wins, host, bcast</p><p><b class="emphasis-bold">Default</b>: lmhosts, host, wins, bcast</p><p>Sets the order of lookup when trying to get IP addresses from names.
+The host parameter carries out a regular name lookup using the
+server's normal sources:
+<em class="emphasis">/etc/hosts</em>, DNS, NIS, or a combination of these.</p></div>
+<a name="INDEX-262"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>netbios aliases = list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of NetBIOS names</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Adds additional NetBIOS names by which the Samba server will
+advertise itself.</p></div>
+<a name="INDEX-263"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>netbios name = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: local hostname</p><p><b class="emphasis-bold">Default</b>: DNS name of system</p><p>Sets the NetBIOS name by which a Samba server is known, or the
+primary name if NetBIOS aliases exist. See also <tt class="literal">netbios
+aliases</tt>.</p></div>
+<a name="INDEX-264"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>netbios scope = string</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: string</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the NetBIOS scope string, an early predecessor of workgroups.
+Samba will not communicate with a system with a different scope. This
+option is not recommended.</p></div>
+<a name="INDEX-265"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nis homedir = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, the <tt class="literal">homedir</tt> <tt class="literal">map</tt> is used
+to look up the server hosting the user's home
+directory and return it to the client. The client will contact that
+system to connect to the share. This avoids mounting from a system
+that doesn't actually have the directory, which
+would cause the data to be transmitted twice. The system with the
+home directories must be an SMB server.</p></div>
+<a name="INDEX-266"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>non unix account range = numeric range</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: range of positive integers</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Specifies a range of Unix UIDs for Samba to use for user accounts and
+computer accounts that are maintained outside of
+<em class="filename">/etc/passwd</em>. The UIDs in this range must not
+overlap those of regular Unix users in
+<em class="filename">/etc/passwd</em>. See also <tt class="literal">algorithmic rid
+base</tt>. New in Samba 3.0.</p></div>
+<a name="INDEX-267"/><a name="INDEX-268"/><a name="INDEX-269"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nt acl support = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Causes the Samba server to map Unix
+<a name="INDEX-268"/><a name="INDEX-269"/>permissions to Windows NT
+ACLs.</p></div>
+<a name="INDEX-270"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nt pipe support = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows turning off of NT-specific pipe calls. This is a
+developer/benchmarking option and might be removed in the future.
+Avoid changing.</p></div>
+<a name="INDEX-271"/><a name="INDEX-272"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nt smb support = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, allows the use of NT-specific SMBs. This is a
+developer/benchmarking option that is <a name="INDEX-272"/>obsolete in Samba 3.0. Avoid changing.</p></div>
+<a name="INDEX-273"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nt status support = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, allows the use of NT-specific status messages. This is a
+developer/benchmarking option and might be removed in the future.
+Avoid changing.</p></div>
+<a name="INDEX-274"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>null passwords = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, allows access to accounts that have null passwords. Strongly
+discouraged.</p></div>
+<a name="INDEX-275"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>obey pam restrictions = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, Samba will adhere to the PAM's account and
+session restrictions. Requires <tt class="literal">--with-pam</tt>
+configuration option.</p></div>
+<a name="INDEX-276"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>only guest = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Forces users of a share to log on as the guest account. Synonym for
+<tt class="literal">guest</tt> <tt class="literal">only</tt>. Requires
+<tt class="literal">guest</tt> <tt class="literal">ok</tt> or
+<tt class="literal">public</tt> to be YES.</p></div>
+<a name="INDEX-277"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>only user = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Requires that users of the share be in the list specified by the
+<tt class="literal">user</tt> option.</p></div>
+<a name="INDEX-278"/><a name="INDEX-279"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>oplock break wait time = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p><a name="INDEX-279"/>This is an advanced tuning parameter and
+is recommended only for experts who know how Samba handles oplocks.
+This option might need to be set if a Windows system fails to release
+an oplock in response to a break request from the Samba server. Due
+to bugs on some Windows systems, they might fail to respond if Samba
+responds too quickly; the default on this option can be lengthened in
+such cases.</p></div>
+<a name="INDEX-280"/><a name="INDEX-281"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>oplock contention limit = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of milliseconds</p><p><b class="emphasis-bold">Default</b>: 2</p><p><a name="INDEX-281"/>This is an advanced tuning
+parameter and is recommended only for experts who know how Samba
+handles oplocks. It causes Samba to refuse to grant an oplock if the
+number of clients contending for a file exceeds the specified value.</p></div>
+<a name="INDEX-282"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>oplocks = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If YES, supports local caching of oplocked files on the client. This
+option is recommended because it improves performance by about 30%.
+See also <tt class="literal">fake</tt> <tt class="literal">oplocks</tt> and
+<tt class="literal">veto</tt> <tt class="literal">oplock</tt>
+<tt class="literal">files</tt>.</p></div>
+<a name="INDEX-283"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>os level = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer</p><p><b class="emphasis-bold">Default</b>: 20</p><p>Sets the candidacy of the server when electing a browse master. Used
+with the <tt class="literal">domain</tt> <tt class="literal">master</tt> or
+<tt class="literal">local</tt> <tt class="literal">master</tt> options. You can
+set a higher value than a competing operating system if you want
+Samba to win. Windows for Workgroups and Windows 95/98/Me use 1.
+Windows NT/2000/XP, when not acting as a PDC, use 16 and, when acting
+as a PDC, use 32. Warning: this can override non-Samba browse masters
+unexpectedly.</p></div>
+<a name="INDEX-284"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>os2 driver map = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a file containing mappings of Windows NT printer driver
+names to OS/2 printer driver names.</p></div>
+<a name="INDEX-285"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>pam password change = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, and if Samba is configured with
+<tt class="literal">--with-pam</tt>, PAM is allowed to handle password
+changes from clients, instead of using the program defined by the
+<tt class="literal">passwd</tt> <tt class="literal">program</tt> parameter.</p></div>
+<a name="INDEX-286"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>panic action = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the command to run when Samba panics. Honors all
+<tt class="literal">%</tt> variables. For Samba developers and testers,
+<tt class="literal">/usr/bin/X11/xterm</tt> <tt class="literal">-display</tt>
+<tt class="literal">:0</tt> <tt class="literal">-e</tt> <tt class="literal">gdb</tt>
+<tt class="literal">/samba/bin/smbd</tt> <tt class="literal">%d</tt> is a
+possible value.</p></div>
+<a name="INDEX-287"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>passdb backend = list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: smbpasswd, smbpasswd_nua, tdbsam, tdbsam_nua, plugin</p><p><b class="emphasis-bold">Default</b>: smbpasswd</p><p>Specifies methods Samba uses to store and retrieve passwords when
+using a method other than the Unix system's
+<em class="filename">/etc/passwd</em>. See also <tt class="literal">non unix account
+range</tt>. New in Samba 3.0.</p></div>
+<a name="INDEX-288"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>passwd chat = string</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: sequence of strings</p><p><b class="emphasis-bold">Default</b>: compiled-in value</p><p>Sets the chat strings used to change passwords on the server.
+Supports the variables <tt class="literal">%o</tt> (old password) and
+<tt class="literal">%n</tt> (new password) and allows the escapes
+<tt class="literal">\r</tt>, <tt class="literal">\n</tt>, <tt class="literal">\t</tt>,
+and <tt class="literal">\s</tt> (space) in the sequence. See also
+<tt class="literal">unix password sync</tt>, <tt class="literal">passwd
+program</tt>, <tt class="literal">passwd chat debug</tt>, and
+<tt class="literal">pam</tt> <tt class="literal">password change</tt>.</p></div>
+<a name="INDEX-289"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>passwd chat debug = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Logs an entire password chat, including passwords passed, with a log
+level of 100. For debugging only. See also <tt class="literal">passwd
+chat</tt>, <tt class="literal">pam password change</tt>, and
+<tt class="literal">passwd program</tt>.</p></div>
+<a name="INDEX-290"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>passwd program = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/bin/passwd</em></p><p>Sets the command used to change a user's password.
+Will be run as <tt class="literal">root</tt>. Supports
+<tt class="literal">%u</tt> (user). See also <tt class="literal">unix password
+sync</tt>.</p></div>
+<a name="INDEX-291"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>password level = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Specifies the number of uppercase-letter permutations used to match
+passwords. A workaround for clients that change passwords to a single
+case before sending them to the Samba server. Causes repeated login
+attempts with mixed-case passwords, which can trigger account
+lockouts. Required for Windows 95/98/Me, plain-text passwords, and
+mixed-case passwords. Try to avoid using.</p></div>
+<a name="INDEX-292"/><a name="INDEX-293"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>password server = list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of NetBIOS names</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of SMB servers that validate
+<a name="INDEX-293"/>passwords. Used with a Windows
+NT/2000 password server (PDC or BDC) and the
+<tt class="literal">security</tt> <tt class="literal">=</tt>
+<tt class="literal">server</tt> or <tt class="literal">security</tt>
+<tt class="literal">=</tt> <tt class="literal">domain</tt> configuration options.
+Caution: a Windows NT/2000 password server must allow logins from the
+Samba server. If set to <tt class="literal">*</tt>, Samba will look up the
+PDC by resolving the NetBIOS name WORKGROUP&lt;1C&gt;.</p></div>
+<a name="INDEX-294"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>path = directory</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the path to the directory provided by a file share or used by a
+printer share. If the option is omitted, it is set automatically in
+the <tt class="literal">[homes]</tt> share to the user's
+home directory; otherwise, defaults to<em class="filename"> /tmp</em>.
+Honors the <tt class="literal">%u</tt> (user) and <tt class="literal">%m</tt>
+(machine) variables.</p></div>
+<a name="INDEX-295"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>pid directory = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/samba/var/locks</em></p><p>Sets the path to the directory where PID files are located.</p></div>
+<a name="INDEX-296"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>posix locking = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES, Samba will map file locks owned by SMB clients to
+POSIX locks. Avoid changing.</p></div>
+<a name="INDEX-297"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>postexec = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a command to run as the user after disconnecting from the share.
+See also the <tt class="literal">preexec</tt>, <tt class="literal">root</tt>
+<tt class="literal">preexec</tt>, and <tt class="literal">root</tt>
+<tt class="literal">postexec</tt> options.</p></div>
+<a name="INDEX-298"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>postscript = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Forces a printer to recognize a file as PostScript by inserting
+<tt class="literal">%!</tt> as the first line. Works only if the printer is
+actually PostScript-compatible.</p></div>
+<a name="INDEX-299"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>preexec = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a command to run as the user before connecting to the share.
+Synonym for <tt class="literal">exec</tt>. See also the
+<tt class="literal">postexec</tt>, <tt class="literal">root</tt>
+<tt class="literal">preexec</tt>, and <tt class="literal">root</tt>
+<tt class="literal">postexec</tt> options.</p></div>
+<a name="INDEX-300"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>preexec close = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, allows the <tt class="literal">preexec</tt> command to decide if
+the share can be accessed by the user. If the command returns a
+nonzero return code, the user is denied permission to connect.</p></div>
+<a name="INDEX-301"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>preferred master = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: auto</p><p>If YES, Samba is the preferred master browser. Causes Samba to call a
+browsing election when it comes online. See also <tt class="literal">os
+level</tt>.</p></div>
+<a name="INDEX-302"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>prefered master = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: auto</p><p>Synonym for <tt class="literal">preferred master</tt>.</p></div>
+<a name="INDEX-303"/><a name="INDEX-304"/><a name="INDEX-305"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>preload = service list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of shares</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of shares that always appears in
+<a name="INDEX-304"/><a name="INDEX-305"/>browse lists. Synonym for
+<tt class="literal">auto</tt> <tt class="literal">services</tt>. See also
+<tt class="literal">load printers</tt>.</p></div>
+<a name="INDEX-306"/><a name="INDEX-307"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>preserve case = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p><a name="INDEX-307"/>Leaves filenames in the case
+sent by the client. If NO, it forces filenames to the case specified
+by the <tt class="literal">default</tt> <tt class="literal">case</tt> option. See
+also <tt class="literal">short</tt> <tt class="literal">preserve</tt>
+<tt class="literal">case</tt>.</p></div>
+<a name="INDEX-308"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Sets a share to be a print share. Required for all printers. Synonym
+for <tt class="literal">print</tt> <tt class="literal">ok</tt>.</p></div>
+<a name="INDEX-309"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printcap name = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="emphasis">/etc/printcap</em></p><p>Sets the path to the printer capabilities file used by the
+<tt class="literal">[printers]</tt> share. The default value changes to
+<em class="filename">/etc/qconfig</em> under AIX and
+<em class="filename">lpstat</em> on System V. Also called
+<tt class="literal">printcap</tt>.</p></div>
+<a name="INDEX-310"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>print command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command used to send a spooled file to the printer. Usually
+initialized to a default value corresponding to the
+<tt class="literal">printing</tt> option. This option honors the
+<tt class="literal">%p</tt> (printer name), <tt class="literal">%s</tt> (spool
+file), and <tt class="literal">%f</tt> (spool file as a relative path)
+variables. The command must delete the spool file.</p></div>
+<a name="INDEX-311"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer = name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: printer name</p><p><b class="emphasis-bold">Default</b>: lp</p><p>Sets the name of the Unix printer used by the share. Also called
+<tt class="literal">printer</tt> <tt class="literal">name</tt>.</p></div>
+<a name="INDEX-312"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer admin = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies users who can administer a printer using the remote printer
+administration interface on a Windows system. The
+<tt class="literal">root</tt> user always has these privileges.</p></div>
+<a name="INDEX-313"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer driver = name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: exact printer driver string used by Windows</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the string to pass to Windows when asked which driver to use to
+prepare files for a printer share. Note that the value is
+case-sensitive. Part of pre-2.2 printing system. Deprecated.</p></div>
+<a name="INDEX-314"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer driver file = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="emphasis">/usr/local/samba/printers/printers.def</em></p><p>Sets the location of a <em class="emphasis">msprint.def</em> file. Usable
+by Windows 95/98/Me. Part of pre-2.2 printing system. Deprecated.</p></div>
+<a name="INDEX-315"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer driver location = directory</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: UNC of shared directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">\\ server\ PRINTER$</em></p><p>Sets the location of the driver for a particular printer. The value
+is the pathname of the share that stores the printer driver files.
+Part of pre-2.2 printing system. Deprecated.</p></div>
+<a name="INDEX-316"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printer name = name</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">printer</tt>.</p></div>
+<a name="INDEX-317"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>printing = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: bsd, sysv, hpux, aix, qnx, plp, softq, lprng, cups</p><p><b class="emphasis-bold">Default</b>: bsd</p><p>Sets the printing style to a value other than that in which
+you've compiled. This sets initial values of at
+least <tt class="literal">print</tt> <tt class="literal">command</tt> ,
+<tt class="literal">lpq</tt> <tt class="literal">command</tt> , and
+<tt class="literal">lprm</tt> <tt class="literal">command</tt>.</p></div>
+<a name="INDEX-318"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>print ok = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Synonym for <tt class="literal">printable</tt>.</p></div>
+<a name="INDEX-319"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>private directory = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/samba/private</em></p><p>Specifies the directory used for storing security-sensitive files
+such as <em class="filename">smbpasswd</em> and
+<em class="filename">secrets.tdb</em>. New in Samba 3.0.</p></div>
+<a name="INDEX-320"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>protocol = name</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: NT1, LANMAN2, LANMAN1, COREPLUS, CORE</p><p><b class="emphasis-bold">Default</b>: NT1</p><p>Synonym for <tt class="literal">max protocol</tt>.</p></div>
+<a name="INDEX-321"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>public = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If YES, passwords are not needed for this share. Also called
+<tt class="literal">guest</tt> <tt class="literal">ok</tt>.</p></div>
+<a name="INDEX-322"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>queuepause command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to script</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command used to pause a print queue. Usually initialized to
+a default value by the <tt class="literal">printing</tt> option.</p></div>
+<a name="INDEX-323"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>queueresume command = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to script</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Sets the command used to resume a print queue. Usually initialized to
+a default value by the <tt class="literal">printing</tt> option.</p></div>
+<a name="INDEX-324"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>read bmpx = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, supports the &quot;Read Block
+Multiplex&quot; message. Avoid changing.</p></div>
+<a name="INDEX-325"/><a name="INDEX-326"/><a name="INDEX-327"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>read list = list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of user and/or group names</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of <a name="INDEX-326"/><a name="INDEX-327"/>users given read-only access
+to a writable share.</p></div>
+<a name="INDEX-328"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>read only = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Sets a share to read-only. Antonym of <tt class="literal">writable</tt>,
+<tt class="literal">writeable</tt>, and <tt class="literal">write ok</tt>.</p></div>
+<a name="INDEX-329"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>read raw = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows clients to read data using a 64K packet size. Recommended.</p></div>
+<a name="INDEX-330"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>read size = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: positive integer</p><p><b class="emphasis-bold">Default</b>: 16384</p><p>Allows disk reads and writes to overlap network reads and writes. A
+tuning parameter. Do not set larger than the default.</p></div>
+<a name="INDEX-331"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>realm = string</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: Kerberos realm name</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Specifies the realm name for Kerberos 5 authentication. Requires the
+<tt class="literal">--with-krb5</tt> configure option. New in Samba 3.0.</p></div>
+<a name="INDEX-332"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>remote announce = remote list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of remote addresses</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Adds workgroups to the list on which the Samba server will announce
+itself. Specified as an IP address and optional workgroup (for
+instance, 192.168.220.215/SIMPLE) with multiple entries separated by
+spaces. Addresses can be the specific address of the browse master on
+a subnet or on directed broadcasts (i.e., ###.###.###.255). The
+server will appear on those workgroups' browse
+lists. Does not require WINS.</p></div>
+<a name="INDEX-333"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>remote browse sync = list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: IP addresses</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Perform browse list synchronization with other Samba local master
+browsers. Addresses can be specific addresses or directed broadcasts
+(i.e., ###.###.###.255). The latter causes Samba to locate the local
+master browser on that subnet.</p></div>
+<a name="INDEX-334"/><a name="INDEX-335"/><a name="INDEX-336"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>restrict anonymous = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p><a name="INDEX-335"/><a name="INDEX-336"/>Denies access to users who do not
+supply a username. This is disabled by default because when the Samba
+server acts as the domain's PDC, the option can keep
+a client from revalidating its computer account when someone new logs
+in. Use of the option is recommended only when all clients are
+Windows NT/2000/XP systems.</p></div>
+<a name="INDEX-337"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">root</tt> <tt class="literal">directory</tt>.</p></div>
+<a name="INDEX-338"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root dir = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">root</tt> <tt class="literal">directory</tt>.</p></div>
+<a name="INDEX-339"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root directory = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: /</p><p>Specifies a directory to <em class="emphasis">chroot( )</em> before
+starting daemons. Prevents any access outside that directory tree.
+See also the <tt class="literal">wide</tt> <tt class="literal">links</tt>
+configuration option. Also called <tt class="literal">root</tt> and
+<tt class="literal">root</tt> <tt class="literal">dir</tt>.</p></div>
+<a name="INDEX-340"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root postexec = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a command to run as <tt class="literal">root</tt> after disconnecting
+from the share. See also the <tt class="literal">preexec</tt>,
+<tt class="literal">postexec</tt>, and <tt class="literal">root</tt>
+<tt class="literal">preexec</tt> configuration options. Runs after the
+user's <tt class="literal">postexec</tt> command. Use with
+caution.</p></div>
+<a name="INDEX-341"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root preexec = command</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a command to run as <tt class="literal">root</tt> before connecting to
+the share. See also the <tt class="literal">preexec</tt>,
+<tt class="literal">postexec</tt>, and <tt class="literal">root</tt>
+<tt class="literal">postexec</tt> configuration options. Runs before the
+user's <tt class="literal">preexec</tt> command. Use with
+caution.</p></div>
+<a name="INDEX-342"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>root preexec close = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set, allows the <tt class="literal">root</tt> <tt class="literal">preexec</tt>
+command to decide if the share can be accessed by the user. If the
+command returns a nonzero return code, the user will be denied
+permission to connect.</p></div>
+<a name="INDEX-343"/><a name="INDEX-344"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>security = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: share, user, server, domain</p><p><b class="emphasis-bold">Default</b>: user</p><p>Sets the client
+<a name="INDEX-344"/>authentication method. If
+<tt class="literal">security</tt> <tt class="literal">=</tt>
+<tt class="literal">share</tt>, services are password-protected, available
+to everyone who knows the password. If <tt class="literal">security</tt>
+<tt class="literal">=</tt> <tt class="literal">user</tt>, users have accounts and
+passwords, and are required to authenticate with the server before
+accessing services. If <tt class="literal">security</tt>
+<tt class="literal">=</tt> <tt class="literal">server</tt>, users have accounts
+and passwords as with <tt class="literal">security = user</tt>, and a
+separate system authenticates them for Samba. If
+<tt class="literal">security</tt> <tt class="literal">=</tt>
+<tt class="literal">domain</tt>, Windows NT domain authentication is
+implemented using a Windows NT/2000 or other Samba server to validate
+accounts. See also the <tt class="literal">password server</tt> and
+<tt class="literal">encrypted</tt> <tt class="literal">passwords</tt>
+configuration options.</p></div>
+<a name="INDEX-345"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>security mask = value</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: octal value from 0 to 0777</p><p><b class="emphasis-bold">Default</b>: 0777</p><p>Controls which permission bits can be changed if a user on a Windows
+NT/2000/XP system edits the Unix permissions of files on the Samba
+server using the Windows system's ACL editing dialog
+box. Any bit that is set in the mask can be changed by the user; any
+bit that is clear remains the same on the file even if the user tries
+to change it. Requires <tt class="literal">nt</tt> <tt class="literal">acl</tt>
+<tt class="literal">support</tt> <tt class="literal">=</tt>
+<tt class="literal">YES</tt>. Note that some rarely used bits map to the
+DOS system, hidden, and archive bits in the file attributes in a
+nonintuitive way.</p></div>
+<a name="INDEX-346"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>server string = string</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: string</p><p><b class="emphasis-bold">Default</b>: Samba <tt class="literal">%v</tt></p><p>Sets the name that corresponds to the Samba server in browse lists.
+Honors the <tt class="literal">%v</tt> (Samba version number) and
+<tt class="literal">%h</tt> (hostname) variables.</p></div>
+<a name="INDEX-347"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>set directory = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Allows the DEC Pathworks client to use the <em class="emphasis">set
+dir</em> command.</p></div>
+<a name="INDEX-348"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>share modes = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Directs Samba to support Windows-style whole-file (deny mode) locks.
+Do not change.</p></div>
+<a name="INDEX-349"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>short preserve case = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES, leaves mangled 8.3-style filenames in the case sent by
+the client. If NO, forces the case to that specified by the
+<tt class="literal">default</tt> <tt class="literal">case</tt> option. See also
+<tt class="literal">preserve</tt> <tt class="literal">case</tt>.</p></div>
+<a name="INDEX-350"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>show add printer wizard = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set, tells clients that the Add Printer Wizard can be used to add
+a Samba printer from Windows NT/2000/XP clients. See also
+<tt class="literal">add printer command</tt>, <tt class="literal">delete
+printer</tt> <tt class="literal">comamnd</tt>, and <tt class="literal">printer
+admin</tt>.</p></div>
+<a name="INDEX-351"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>shutdown script = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: command</p><p><b class="emphasis-bold">Default</b>: NONE</p><p>Specifies a command that initiates a system shutdown. The command is
+run with the UID of the connected user. The <tt class="literal">%m</tt>
+(message), <tt class="literal">%t</tt> (delay time), <tt class="literal">%r</tt>
+(reboot), and <tt class="literal">%f</tt> (force) options are supported.
+See also <tt class="literal">abort shutdown script</tt>. New in Samba 3.0.</p></div>
+<a name="INDEX-352"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smb passwd file = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/samba/private/smbpasswd</em></p><p>Overrides the compiled-in path to the encrypted password file. See
+also <tt class="literal">encrypted</tt> <tt class="literal">passwords</tt> and
+<tt class="literal">private dir</tt>.</p></div>
+<a name="INDEX-353"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>socket address = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: IP address</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the address on which to listen for connections. Default is to
+listen to all addresses.</p></div>
+<a name="INDEX-354"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>socket options = list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: socket option list</p><p><b class="emphasis-bold">Default</b>: TCP_NODELAY</p><p>Sets OS-specific socket options. SO_KEEPALIVE makes TCP check clients
+every four hours to see if they are still accessible. TCP_NODELAY
+sends even tiny packets to keep delay low. Both are recommended
+wherever the operating system supports them.</p></div>
+<a name="INDEX-355"/><a name="INDEX-356"/><a name="INDEX-357"/><a name="INDEX-358"/><a name="INDEX-359"/><a name="INDEX-360"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>source environment = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Causes Samba to read a list of <a name="INDEX-356"/>environment variables from a file upon
+startup. This can be useful when setting up Samba in a
+<a name="INDEX-357"/><a name="INDEX-358"/><a name="INDEX-359"/><a name="INDEX-360"/>clustered environment. The
+filename can begin with a &quot;|&quot;
+(pipe) character, in which case it causes Samba to run the file as a
+command to obtain the variables.</p><p>The file must be owned by <tt class="literal">root</tt> and must not be
+world-writable. If the filename begins with a
+&quot;|&quot; character, it must point to a
+command that is neither world-writable nor resides in a
+world-writable directory.</p><p>The data should be in the form of lines such as
+SAMBA_NETBIOS_NAME=<em class="replaceable">myhostname</em>. This value
+will then be available in the <em class="filename">smb.conf</em> files as
+%$SAMBA_NETBIOS_NAME.</p></div>
+<a name="INDEX-361"/><a name="INDEX-362"/><a name="INDEX-363"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p><a name="INDEX-362"/><a name="INDEX-363"/>Makes
+Samba use SSL for data exchange with some or all hosts. Requires
+<tt class="literal">--with-ssl</tt> configure option.Obsolete starting with
+Samba 3.0.</p></div>
+<a name="INDEX-364"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl CA certDir = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/ssl/certs</em></p><p>Specifies a directory containing a file for each Certification
+Authority (CA) that the Samba server trusts so that Samba can verify
+client certificates. Part of SSL support. Requires
+<tt class="literal">--with-ssl</tt> configure option. Obsolete starting
+with Samba 3.0.</p></div>
+<a name="INDEX-365"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl CA certFile = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/ssl/certs/trustedCAs.pem</em></p><p>Specifies a file that contains information for each CA that the Samba
+server trusts so that Samba can verify client certificates. Part of
+SSL support. Requires <tt class="literal">--with-ssl</tt> configure option.
+Obsolete starting with Samba 3.0.</p></div>
+<a name="INDEX-366"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl ciphers = list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of ciphers</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies which ciphers should be offered during SSL negotiation. Not
+recommended. Requires <tt class="literal">--with-ssl</tt> configure option.
+Obsolete starting with Samba 3.0.</p></div>
+<a name="INDEX-367"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl client cert = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/ssl/certs/smbclient.pem</em></p><p>Specifies a file containing the server's SSL
+certificate, for use by <em class="emphasis">smbclient</em> if
+certificates are required in this environment. Requires
+<tt class="literal">--with-ssl</tt> configure option. Obsolete starting
+with Samba 3.0.</p></div>
+<a name="INDEX-368"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl client key = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/usr/local/ssl/private/smbclient.pem</em></p><p>Specifies a file containing the server's private SSL
+key, for use by <em class="emphasis">smbclient</em>. Requires
+<tt class="literal">--with-ssl</tt> configure option. Obsolete starting
+with Samba 3.0.</p></div>
+<a name="INDEX-369"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl compatibility = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Determines whether SSLeay should be configured for bug compatibility
+with other SSL implementations. Not recommended. Requires
+<tt class="literal">--with-ssl</tt> configure option. Obsolete starting
+with Samba 3.0.</p></div>
+<a name="INDEX-370"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl hosts = host list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Requires that SSL be used with the hosts listed. By default, if the
+<tt class="literal">ssl</tt> option is set, the server requires SSL with
+all hosts. Requires <tt class="literal">--with-ssl</tt> configure option.
+Obsolete starting with Samba 3.0.</p></div>
+<a name="INDEX-371"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl hosts resign = host list</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of hosts or networks</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Suppresses the use of SSL with the hosts listed. By default, if the
+<tt class="literal">ssl</tt> option is set, the server requires SSL with
+all hosts. Requires <tt class="literal">--with-ssl</tt> configure option.
+Obsolete starting with Samba 3.0.</p></div>
+<a name="INDEX-372"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl require clientcert = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Requires clients to use certificates when SSL is in use. This option
+is recommended if SSL is used. Requires <tt class="literal">--with-ssl</tt>
+configure option. Obsolete starting with Samba 3.0.</p></div>
+<a name="INDEX-373"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl require servercert = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>When SSL is in use, <em class="emphasis">smbclient</em> requires servers
+to use certificates. This option is recommended if SSL is used.
+Requires <tt class="literal">--with-ssl</tt> configure option. Obsolete
+starting with Samba 3.0.</p></div>
+<a name="INDEX-374"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl server cert = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a file containing the server's SSL
+certificate. Requires <tt class="literal">--with-ssl</tt> configure option.
+Obsolete starting with Samba 3.0.</p></div>
+<a name="INDEX-375"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl server key = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a file containing the server's private SSL
+key. If no file is specified and SSL is in use, the server looks up
+its key in its server certificate. Requires
+<tt class="literal">--with-ssl</tt> configure option. Obsolete starting
+with Samba 3.0.</p></div>
+<a name="INDEX-376"/><a name="INDEX-377"/><a name="INDEX-378"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>ssl version = string</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: &quot;ssl2&quot;,
+&quot;ssl3&quot;,
+&quot;ssl2or3&quot;,
+&quot;tls1&quot;</p><p><b class="emphasis-bold">Default</b>: &quot;ssl2or3&quot;</p><p>Defines which versions of the SSL protocol the server can use:
+Version 2 only (&quot;ssl2&quot;), Version 3
+only (&quot;ssl3&quot;), Version 2 or 3
+dynamically negotiated (&quot;ssl2or3&quot;),
+or Transport Layer Security
+(&quot;tls1&quot;). Requires
+<tt class="literal">--with-ssl</tt> configure option. Obsolete starting
+with Samba 3.0.<a name="INDEX-377"/><a name="INDEX-378"/></p></div>
+<a name="INDEX-379"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>stat cache = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Makes the Samba server cache client names for faster resolution.
+Should not be changed.</p></div>
+<a name="INDEX-380"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>stat cache size = number </i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 50</p><p>Determines the number of client names cached for faster resolution.
+Should not be changed.</p></div>
+<a name="INDEX-381"/><a name="INDEX-382"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>status = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to YES, logs connections to a file (or shared memory)
+accessible to <em class="filename">smbstatus</em>.
+<a name="INDEX-382"/>Obsolete
+starting with Samba 3.0.</p></div>
+<a name="INDEX-383"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>strict allocate = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, allocates all disk blocks when creating or extending
+the size of files, instead of using the normal sparse file allocation
+used on Unix. This slows the server, but results in behavior that
+matches that of Windows and helps Samba correctly report
+&quot;out of quota&quot; messages.</p></div>
+<a name="INDEX-384"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>strict locking = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, checks locks on every access, not just on demand and
+at open time. Not recommended.</p></div>
+<a name="INDEX-385"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>strict sync = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, Samba synchronizes to disk whenever the client sets
+the sync bit in a packet. If set to NO, Samba flushes data to disk
+whenever buffers fill. Defaults to NO because Windows 98 Explorer
+sets the bit (incorrectly) in all packets.</p></div>
+<a name="INDEX-386"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>strip dot = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Removes trailing dots from filenames. Dysfunctional in Samba 2.2; use
+<tt class="literal">mangled</tt> <tt class="literal">map</tt> instead.</p></div>
+<a name="INDEX-387"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>sync always = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, Samba forces the data to disk through <em class="emphasis">fsync</em>
+(3) after every write. Avoid except to debug crashing
+servers.</p></div>
+<a name="INDEX-388"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>syslog = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 1</p><p>Sets the level of Samba log messages to send to
+<em class="filename">syslog</em>. Higher is more verbose. The
+<em class="filename">syslog.conf</em> file must have suitable logging
+enabled.</p></div>
+<a name="INDEX-389"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>syslog only = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, logs only to <em class="emphasis">syslog</em> instead of
+the standard Samba log files.</p></div>
+<a name="INDEX-390"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>template homedir = path</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to directory</p><p><b class="emphasis-bold">Default</b>: /home/<tt class="literal">%D</tt>/<tt class="literal">%U</tt></p><p>Sets the home directory for Unix login sessions for users
+authenticated through winbind. <tt class="literal">%D</tt> will be replaced
+with user's domain name; <tt class="literal">%U</tt> by
+the username.</p></div>
+<a name="INDEX-391"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>template shell = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to shell</p><p><b class="emphasis-bold">Default</b>: <em class="filename">/bin/false</em></p><p>Sets the shell for Unix login sessions for users authenticated
+through winbind. The default value prevents all Windows domain user
+logins.</p></div>
+<a name="INDEX-392"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>time offset = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of minutes</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Sets the number of minutes to add to the system time-zone
+calculation. Provided to fix a client daylight-savings bug. Not
+recommended.</p></div>
+<a name="INDEX-393"/><a name="INDEX-394"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>time server = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, <em class="emphasis">nmbd</em><a name="INDEX-394"/>
+advertises itself as a provider of SMB time service to clients. This
+option only affects whether the time service is advertised. It does
+not enable or disable time service.</p></div>
+<a name="INDEX-395"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>timestamp logs = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Synonym for <tt class="literal">debug</tt> <tt class="literal">timestamp</tt>.</p></div>
+<a name="INDEX-396"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>total print jobs = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0 (no limit)</p><p>Limits total number of current print jobs on server. See also
+<tt class="literal">max print jobs</tt>.</p></div>
+<a name="INDEX-397"/><a name="INDEX-398"/><a name="INDEX-399"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>unix extensions = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, supports
+<a name="INDEX-398"/>CIFS Unix extensions, providing
+better filesystem support for Unix clients. <a name="INDEX-399"/>Obsolete in Samba 3.0, which always
+offers support.</p></div>
+<a name="INDEX-400"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>unix password sync = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, attempts to change the user's Unix
+password whenever the user changes her SMB password. Used to ease
+synchronization of Unix and Microsoft password databases. See also
+<tt class="literal">password program</tt> and <tt class="literal">passwd</tt>
+<tt class="literal">chat</tt>.</p></div>
+<a name="INDEX-401"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>update encrypted = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Updates the encrypted password file when a user logs on with an
+unencrypted password. Provided to ease conversion from unencrypted to
+encrypted passwords.</p></div>
+<a name="INDEX-402"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>use client driver = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>Used for avoiding <tt class="literal">Access Denied; Unable to connect</tt>
+messages when connecting to a Samba printer from Windows NT/2000/XP
+clients. Necessary only when the client has a local printer driver
+for the Samba printer.</p></div>
+<a name="INDEX-403"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>use mmap = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: varies</p><p>Tells Samba whether the <em class="emphasis">mmap( )</em> system call
+works correctly on the Samba host. Default is automatically set
+correctly. Do not change.</p></div>
+<a name="INDEX-404"/><a name="INDEX-405"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>use rhosts = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, users' <em class="filename">~/.rhosts</em>
+files will be used to identify systems from which users can connect
+without providing a password. Discouraged. <a name="INDEX-405"/>Obsolete
+in Samba 3.0.</p></div>
+<a name="INDEX-406"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>use sendfile = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If yes, Samba will perform some data transfers for exclusively
+oplocked files using the <em class="emphasis">sendfile( )</em> system
+call, which results in significant performance improvements. This is
+available if Samba has been configured with the
+<tt class="literal">--with-sendfile-support</tt> option. This is an
+experimental option and is new in Samba 2.2.5.</p></div>
+<a name="INDEX-407"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>user = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">username</tt>.</p></div>
+<a name="INDEX-408"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>username = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets a list of users that are tried when logging on with share-level
+security in effect. Also called <tt class="literal">user</tt> or
+<tt class="literal">users</tt>. Discouraged. Use <tt class="literal">NET</tt>
+<tt class="literal">USE</tt>
+<tt class="literal">\\</tt><em class="replaceable">server</em><tt class="literal">\</tt><em class="replaceable">share
+</em><tt class="literal">%</tt><em class="replaceable">user</em>
+from the client instead.</p></div>
+<a name="INDEX-409"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>username level = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number</p><p><b class="emphasis-bold">Default</b>: 0</p><p>Specifies the number of uppercase-letter permutations allowed to
+match Unix usernames. A workaround for Windows'
+single-case usernames. Use is discouraged.</p></div>
+<a name="INDEX-410"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>username map = filename</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of file</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Names a file of Unix-to-Windows name pairs; used to map different
+spellings of account names and Windows usernames longer than eight
+characters.</p></div>
+<a name="INDEX-411"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>users = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Synonym for <tt class="literal">username</tt>.</p></div>
+<a name="INDEX-412"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>utmp = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>This is available if Samba has been configured with the
+<tt class="literal">--with-utmp</tt> option. If set, Samba adds
+<em class="emphasis">utmp</em>/<em class="emphasis">utmpx</em> records whenever
+a connection is made to a Samba server. Sites can use this option to
+record each connection to a Samba share as a system login.</p></div>
+<a name="INDEX-413"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>utmp directory = directory</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: name of directory</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>This is available if Samba has been configured with the
+<tt class="literal">--with-utmp</tt> option. If this option and
+<tt class="literal">utmp</tt> are set, Samba will look in the specified
+directory rather than the default system directory for
+<em class="filename">utmp</em>/<em class="filename">utmpx</em> files.</p></div>
+<a name="INDEX-414"/><a name="INDEX-415"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>valid chars = list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: list of numeric values</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Adds national characters to a character set map. See also
+<tt class="literal">client</tt> <tt class="literal">code</tt>
+<tt class="literal">page</tt>. <a name="INDEX-415"/>Obsolete in Samba 3.0.</p></div>
+<a name="INDEX-416"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>valid users = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL (allows everyone)</p><p>Specifies a list of users that can connect to a share. See also
+<tt class="literal">invalid users</tt>.</p></div>
+<a name="INDEX-417"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>veto files = slash-separated list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: slash-separated list of filenames</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of files that the client will not see when listing a
+directory's contents. See also
+<tt class="literal">delete</tt> <tt class="literal">veto</tt>
+<tt class="literal">files</tt> and <tt class="literal">hide files</tt>.</p></div>
+<a name="INDEX-418"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>veto oplock files = slash-separated list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: slash-separated list of filenames</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of files not to oplock (and cache on clients). See
+also <tt class="literal">oplocks</tt> and <tt class="literal">fake</tt>
+<tt class="literal">oplocks</tt>.</p></div>
+<a name="INDEX-419"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>vfs object = filename</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to shared library</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies the shared library to use for Samba's
+Virtual File System (VFS). Requires the <tt class="literal">--with-vfs</tt>
+configure option.</p></div>
+<a name="INDEX-420"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>vfs options = string</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: space-separated list of options</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies parameters to the VFS. Requires the
+<tt class="literal">--with-vfs</tt> configure option. See <tt class="literal">vfs
+object</tt>.</p></div>
+<a name="INDEX-421"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>volume = string</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: share name</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the volume label of a disk share. Especially useful with shared
+CD-ROMs.</p></div>
+<a name="INDEX-422"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wide links = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set, Samba follows symlinks out of the disk share. See also the
+<tt class="literal">root</tt> <tt class="literal">dir</tt> and
+<tt class="literal">follow</tt> <tt class="literal">symlinks</tt> options.</p></div>
+<a name="INDEX-423"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind cache time = number</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: number of seconds</p><p><b class="emphasis-bold">Default</b>: 15</p><p>Sets the amount of time that the <em class="emphasis">winbindd</em> daemon
+caches user and group information.</p></div>
+<a name="INDEX-424"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind enum users = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES/NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to NO, enumeration of users is suppressed by winbind.
+Discouraged.</p></div>
+<a name="INDEX-425"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind enum groups = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES/NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>If set to NO, enumeration of groups is suppressed by winbind.
+Discouraged.</p></div>
+<a name="INDEX-426"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind gid = numeric range</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer-integer</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies the group ID range winbind uses for Windows NT domain users
+connecting to Samba.</p></div>
+<a name="INDEX-427"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind separator = character</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: ASCII character</p><p><b class="emphasis-bold">Default</b>: \</p><p>Specifies the character winbind uses to separate a domain name and
+username.</p></div>
+<a name="INDEX-428"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbind uid = numeric range</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: integer-integer</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies the user ID range winbind will use for Windows NT domain
+users connecting to Samba.</p></div>
+<a name="INDEX-429"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wins hook = command</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: full path to script</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a command to run whenever the WINS server updates its
+database. Allows WINS to be synchronized with DNS or other services.
+The command is passed one of the arguments <tt class="literal">add</tt>,
+<tt class="literal">delete</tt>, or <tt class="literal">refresh</tt>, followed by
+the NetBIOS name, the name type (two hexadecimal digits), the TTL in
+seconds, and the IP addresses corresponding to the NetBIOS name.
+Requires <tt class="literal">wins</tt> <tt class="literal">service</tt>
+<tt class="literal">=</tt> <tt class="literal">YES</tt>.</p></div>
+<a name="INDEX-430"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wins proxy = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, <em class="emphasis">nmbd</em> proxies resolution requests
+to WINS servers on behalf of old clients, which use broadcasts. The
+WINS server is typically on another subnet.</p></div>
+<a name="INDEX-431"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wins server = value</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: hostname or IP address</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Sets the DNS name or IP address of the WINS server.</p></div>
+<a name="INDEX-432"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wins support = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: NO</p><p>If set to YES, activates the WINS service. The
+<tt class="literal">wins</tt> <tt class="literal">server</tt> option must not be
+set if <tt class="literal">wins</tt> <tt class="literal">support</tt>
+<tt class="literal">=</tt> <tt class="literal">YES</tt>.</p></div>
+<a name="INDEX-433"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>workgroup = name</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: workgroup name</p><p><b class="emphasis-bold">Default</b>: compiled-in</p><p>Sets the workgroup or domain to which the Samba server belongs.
+Overrides the compiled-in default of WORKGROUP. Choosing a name other
+than WORKGROUP is highly recommended.</p></div>
+<a name="INDEX-434"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>writable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Antonym for <tt class="literal">read</tt> <tt class="literal">only</tt>;
+<tt class="literal">writeable</tt> and <tt class="literal">write</tt>
+<tt class="literal">ok</tt> are synonyms.</p></div>
+<a name="INDEX-435"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>writeable = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Antonym for <tt class="literal">read</tt> <tt class="literal">only</tt>;
+<tt class="literal">writable</tt> and <tt class="literal">write</tt>
+<tt class="literal">ok</tt> are synonyms.</p></div>
+<a name="INDEX-436"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>write cache size = number</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: decimal number of bytes</p><p><b class="emphasis-bold">Default</b>: 0 (disabled)</p><p>Allocates a write buffer of the specified size in which Samba
+accumulates data before a write to disk. This option can be used to
+ensure that each write has the optimal size for a given filesystem.
+It is typically used with RAID drives, which have a preferred write
+size, and with systems that have large memory and slow disks.</p></div>
+<a name="INDEX-437"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>write list = user list</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: user list</p><p><b class="emphasis-bold">Default</b>: NULL</p><p>Specifies a list of users that are given read/write access to a
+read-only share. See also <tt class="literal">read</tt>
+<tt class="literal">list</tt>.</p></div>
+<a name="INDEX-438"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>write ok = boolean</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Synonym for <tt class="literal">writable</tt>.</p></div>
+<a name="INDEX-439"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>write raw = boolean</i></b></font></td><td align="right"><i>[global]
+</i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p><b class="emphasis-bold">Allowable values</b>: YES, NO</p><p><b class="emphasis-bold">Default</b>: YES</p><p>Allows fast-streaming writes over TCP using 64KB buffers. Recommended.</p></div>
+
+
+
+<div class="sect1"><a name="samba2-APP-B-SECT-2"/>
+
+<h2 class="head1">Glossary of Configuration Value Types</h2>
+
+<dl>
+<dt><b><a name="INDEX-440"/><em class="emphasis">boolean</em></b></dt>
+<dd>
+<p>One of two values, either YES or NO.</p>
+</dd>
+
+
+
+<dt><b>character</b></dt>
+<dd>
+<p>A single ASCII character.</p>
+</dd>
+
+
+
+<dt><b>command</b></dt>
+<dd>
+<p>A Unix script or compiled program, with an absolute path specified
+for the executable and parameters.</p>
+</dd>
+
+
+
+<dt><b>directory</b></dt>
+<dd>
+<p>An absolute path specification to a directory. For example:</p>
+
+<blockquote><pre class="code">/usr/local/samba/lib</pre></blockquote>
+</dd>
+
+</dl>
+
+<dl>
+<dt><b>filename</b></dt>
+<dd>
+<p>An absolute path specification to a file. For example:</p>
+
+<blockquote><pre class="code">/etc/printcap</pre></blockquote>
+</dd>
+
+
+<dt><b>host list</b></dt>
+<dd>
+<p>A list of hosts. Allows IP addresses, address masks, domain names,
+ALL, and EXCEPT.</p>
+</dd>
+
+
+
+<dt><b>interface list</b></dt>
+<dd>
+<p>A list of interfaces, in either address/netmask or address/n-bits
+format. For example:</p>
+
+
+<blockquote><pre class="code">192.168.2.10/255.255.255.0, 192.168.2.10/24</pre></blockquote>
+</dd>
+
+
+<dt><b>map list</b></dt>
+<dd>
+<p>A list of filename remapping strings such as
+<tt class="literal">(*.html</tt> <tt class="literal">*.htm)</tt>.</p>
+</dd>
+
+
+
+<dt><b>name</b></dt>
+<dd>
+<p>A single name of a type of object, as specified in the
+option's description.</p>
+</dd>
+
+
+
+<dt><b>number</b></dt>
+<dd>
+<p>A positive integer.</p>
+</dd>
+
+
+
+<dt><b>numeric range</b></dt>
+<dd>
+<p>Two numbers separated by a dash, specifying a minimum and a maximum
+value. For example:</p>
+
+
+<blockquote><pre class="code">100-250</pre></blockquote>
+</dd>
+
+
+<dt><b>remote list</b></dt>
+<dd>
+<p>A list of subnet-broadcast-address/workgroup pairs. For example:</p>
+
+<blockquote><pre class="code">192.168.2.255/SERVERS 192.168.4.255/STAFF</pre></blockquote>
+</dd>
+
+
+<dt><b>service (share) list</b></dt>
+<dd>
+<p>A list of service (share) names, without the enclosing parentheses.</p>
+</dd>
+
+
+
+<dt><b>slash-separated list</b></dt>
+<dd>
+<p>A list of filenames, separated by
+&quot;/&quot; characters to allow embedded
+spaces. For example:</p>
+
+
+<blockquote><pre class="code">/.*/My Documents/*.doc/</pre></blockquote>
+</dd>
+
+
+<dt><b>string</b></dt>
+<dd>
+<p>One line of arbitrary text.</p>
+</dd>
+
+
+
+<dt><b>user list</b></dt>
+<dd>
+<p>A list of usernames and/or group names.
+<tt class="literal">@</tt><em class="replaceable">group_name</em> includes
+whomever is in the NIS netgroup
+<em class="replaceable">group_name</em>, if one exists, or otherwise
+whomever is in the Unix group <em class="replaceable">group_name</em>.
+In addition,
+<tt class="literal">+</tt><em class="replaceable">group_name</em> is a Unix
+group, <tt class="literal">&amp;</tt><em class="replaceable">group_name</em>
+is an NIS netgroup, and <tt class="literal">&amp;+</tt> and
+<tt class="literal">+&amp;</tt> cause an ordered search of both Unix and
+NIS groups.</p>
+</dd>
+
+
+
+<dt><b>value</b></dt>
+<dd>
+<p>A value of some miscellaneous type, as specified in the
+option's description.<a name="INDEX-441"/></p>
+</dd>
+
+</dl>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-APP-B-SECT-3"/>
+
+<h2 class="head1">Configuration File Variables</h2>
+
+<p><a href="appb.html#samba2-APP-B-TABLE-1">Table B-1</a> lists the Samba configuration file
+variables.</p>
+
+<a name="samba2-APP-B-TABLE-1"/><h4 class="head4">Table B-1. Configuration file variables</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Name</p>
+</th>
+<th>
+<p>Meaning</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">%a</tt></p>
+</td>
+<td>
+<p>Client's architecture (Samba, WfWg, WinNT, Win95, or
+UNKNOWN)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%d</tt></p>
+</td>
+<td>
+<p>Current server process's process ID</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%D</tt></p>
+</td>
+<td>
+<p>User's Windows NT Domain</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%f</tt></p>
+</td>
+<td>
+<p>Printer spool file as a relative path (printing only)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%f</tt></p>
+</td>
+<td>
+<p>User from which a message was sent (messages only)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%G</tt></p>
+</td>
+<td>
+<p>Primary group name of <tt class="literal">%U</tt> (requested username)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%g</tt></p>
+</td>
+<td>
+<p>Primary group name of <tt class="literal">%u</tt> (actual username)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%H</tt></p>
+</td>
+<td>
+<p>Home directory of <tt class="literal">%u</tt> (actual username)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%h</tt></p>
+</td>
+<td>
+<p>Samba server's (Internet) hostname</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%I</tt></p>
+</td>
+<td>
+<p>Client's IP address</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%j</tt></p>
+</td>
+<td>
+<p>Print job number (printing only)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%L</tt></p>
+</td>
+<td>
+<p>Samba server's NetBIOS name (virtual servers have
+multiple names)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%M</tt></p>
+</td>
+<td>
+<p>Client's (Internet) hostname</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%m</tt></p>
+</td>
+<td>
+<p>Client's NetBIOS name</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%N</tt></p>
+</td>
+<td>
+<p>Name of the NIS home directory server (without NIS, same as
+<tt class="literal">%L</tt>)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%n</tt></p>
+</td>
+<td>
+<p>New password (password change only)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%o</tt></p>
+</td>
+<td>
+<p>Old password (password change only)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%P</tt></p>
+</td>
+<td>
+<p>Current share's root directory (actual)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%p</tt></p>
+</td>
+<td>
+<p>Current share's root directory (in an NIS homedir
+map)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%p</tt></p>
+</td>
+<td>
+<p>Print filename (printing only)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%R</tt></p>
+</td>
+<td>
+<p>Protocol level in use (CORE, COREPLUS, LANMAN1, LANMAN2, or NT1)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%S</tt></p>
+</td>
+<td>
+<p>Current share's name</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%s</tt></p>
+</td>
+<td>
+<p>Name of the file in which the message resides (messages only)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%s</tt></p>
+</td>
+<td>
+<p>Printer spool filename (printing only)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%T</tt></p>
+</td>
+<td>
+<p>Current date and time</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%t</tt></p>
+</td>
+<td>
+<p>Destination system (messages only)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%U</tt></p>
+</td>
+<td>
+<p>Requested username for current share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%u</tt></p>
+</td>
+<td>
+<p>Current share's username</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%v</tt></p>
+</td>
+<td>
+<p>Samba version</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>%$<em class="replaceable">name</em></p>
+</td>
+<td>
+<p>Value of environment variable <em class="replaceable">name</em></p>
+</td>
+</tr>
+
+</table>
+
+
+</div>
+
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+
+</body></html>
diff --git a/docs/htmldocs/using_samba/appc.html b/docs/htmldocs/using_samba/appc.html
new file mode 100644
index 00000000000..22ec5a51150
--- /dev/null
+++ b/docs/htmldocs/using_samba/appc.html
@@ -0,0 +1,4534 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Appendix C. Summary of Samba Daemons and Commands</h1>
+
+
+<p>This appendix is a reference listing of command-line options and
+other information to help you use the programs that come with the
+Samba distribution.</p>
+
+
+
+<div class="sect1"><a name="samba2-APP-C-SECT-1"/>
+
+<h2 class="head1">Samba Daemons</h2>
+
+<p>The following sections provide information about the command-line
+parameters for <em class="emphasis">smbd</em>, <em class="emphasis">nmbd</em>,
+and <em class="emphasis">winbindd</em>.</p>
+
+</div>
+
+
+<a name="INDEX-1"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbd</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbd</em> program provides
+Samba's file and printer services, using one TCP/IP
+stream and one daemon per client. It is controlled from
+<em class="filename">/usr/local/samba/lib/smb.conf</em>, the default
+configuration file, which can be overridden by command-line options.</p><p>The configuration file is automatically reevaluated every minute. If
+it has changed, most new options are immediately effective. You can
+force Samba to reload the configuration file immediately by sending a
+SIGHUP signal to <em class="emphasis">smbd</em>. Reloading the
+configuration file does not affect any clients that are already
+connected. To escape this condition, a client would need to
+disconnect and reconnect, or the server itself would have to be
+restarted, forcing all clients to reconnect.</p>
+<div class="sect1"><a name="appc-5-fm2xml"/>
+
+<h4 class="refsect1">Other Signals</h4>
+<p>To shut down an <em class="emphasis">smbd</em> process, send it the
+termination signal SIGTERM (15), which allows it to die gracefully,
+instead of a SIGKILL (9). With Samba versions prior to 2.2, the
+debugging level could be raised or lowered using SIGUSR1 or SIGUSR2.
+This is no longer supported. Use <em class="emphasis">smbcontrol</em>
+instead.</p>
+
+</div>
+
+<div class="sect1"><a name="appc-6-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">smbd <em class="replaceable">[options]</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-7-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-a</tt></b></dt>
+<dd>
+<p>Causes each new connection to the Samba server to append all logging
+messages to the log file. This option is the opposite of
+<tt class="literal">-o</tt> and is the default.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-D</tt></b></dt>
+<dd>
+<p>Runs the <em class="emphasis">smbd</em> program as a daemon. This is the
+recommended way to use <em class="emphasis">smbd</em>. It is also the
+default action when <em class="emphasis">smbd</em> is run from an
+interactive command line. In addition, <em class="emphasis">smbd</em> can
+be run from <em class="emphasis">inetd</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">debug_level</em></b></dt>
+<dd>
+<p>Sets the debug (sometimes called logging) level. The level can range
+from 0 to 10. Specifying the value on the command line overrides the
+value specified in the <em class="filename">smb.conf</em> file. Debug
+level 0 logs only the most important messages; level 1 is normal;
+levels 3 and above are primarily for debugging and slow
+<em class="emphasis">smbd</em> considerably.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-h</tt> </b></dt>
+<dd>
+<p>Prints usage information for the <em class="emphasis">smbd</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-i</tt></b></dt>
+<dd>
+<p>Runs <em class="emphasis">smbd</em> interactively, rather than as a
+daemon. This option is used to override the default daemon mode when
+<em class="emphasis">smbd</em> is run from the command line.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-l</tt> <em class="replaceable">log_ directory</em></b></dt>
+<dd>
+<p>Sends the log messages to somewhere other than the location compiled
+into the executable or specified in the <em class="filename">smb.conf</em>
+file. The default is often
+<em class="filename">/usr/local/samba/var/</em>,
+<em class="filename">/usr/samba/var/</em>, or
+<em class="filename">/var/log/</em>. The log file is placed in the
+specified directory and named <em class="filename">log.smbd</em>. If the
+directory does not exist, Samba's compiled-in
+default will be used.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-O</tt> <em class="replaceable">socket_options</em></b></dt>
+<dd>
+<p>Sets the TCP/IP socket options, using the same parameters as the
+<tt class="literal">socket options</tt> configuration option. Often used
+for performance tuning and testing.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-o</tt></b></dt>
+<dd>
+<p>Causes log files to be overwritten when opened (the opposite of
+<tt class="literal">-a</tt>). Using this option saves you from hunting for
+the right log entries if you are performing a series of tests and
+inspecting the log file each time.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-p</tt> <em class="replaceable">port_number</em></b></dt>
+<dd>
+<p>Sets the TCP/IP port number from which the server will accept
+requests. All Microsoft clients send to the default port of 139,
+except for Windows 2000/XP, which can use port 445 for SMB
+networking, without the NetBIOS protocol layer.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-P</tt></b></dt>
+<dd>
+<p>Causes <em class="emphasis">smbd</em> to run in
+&quot;passive&quot; mode, in which it just
+listens, and does not transmit any network traffic. This is useful
+only for debugging by developers.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">configuration_ file</em></b></dt>
+<dd>
+<p>Specifies the location of the Samba configuration file. Although the
+file defaults to <em class="filename">/usr/local/samba/lib/smb.conf</em>,
+you can override it on the command line. Typically used for
+debugging.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-v</tt></b></dt>
+<dd>
+<p>Prints the current version of Samba.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-2"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nmbd</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">nmbd</em> program is Samba's
+NetBIOS name service and browsing daemon. It replies to NetBIOS over
+TCP/IP (also called NetBT or NBT) name-service requests broadcast
+from SMB clients, and optionally to Microsoft's
+Windows Internet Name Service (WINS) requests. Both are versions of
+the name-to-address lookup required by SMB clients. The broadcast
+version uses UDP broadcast on the local subnet only, while WINS uses
+TCP, which can be routed. If running as a WINS server,
+<em class="emphasis">nmbd</em> keeps a current name and address database
+in the file <em class="filename">/usr/local/samba/var/locks/wins.dat</em>.</p><p>An active <em class="emphasis">nmbd</em> daemon also responds to browsing
+protocol requests used by the Windows Network Neighborhood. This
+protocol provides a dynamic directory of servers, as well as the
+disks and printers that the servers are providing. As with WINS, this
+was initially done by making UDP broadcasts on the local subnet. With
+the addition of the local master browser to the network architecture,
+it is done by making TCP connections to a server. If
+<em class="emphasis">nmbd</em> is acting as a local master browser, it
+stores the browsing database in the file
+<em class="filename">/usr/local/samba/var/locks/browse.dat</em>.</p><p>Some clients (especially older ones) cannot use the WINS protocol. To
+support these clients, <em class="emphasis">nmbd</em> can act as a WINS
+proxy, accepting broadcast requests from the non-WINS clients,
+contacting a WINS server on their behalf, and returning the WINS
+server's response to them.</p>
+<div class="sect1"><a name="appc-9-fm2xml"/>
+
+<h4 class="refsect1">Signals</h4>
+<p>Like <em class="emphasis">smbd</em>, the <em class="emphasis">nmbd</em> program
+responds to several Unix signals. Sending <em class="emphasis">nmbd</em> a
+SIGHUP signal causes it to dump the names it knows about to the
+<em class="filename">/usr/local/samba/var/locks/namelist.debug</em> file.
+To shut down an <em class="emphasis">nmbd</em> process and allow it to die
+gracefully, send it a SIGTERM (15) signal, rather than a SIGKILL (9).
+With Samba versions prior to 2.2, the debugging level could be raised
+or lowered using SIGUSR1 or SIGUSR2. This is no longer supported. Use
+<em class="emphasis">smbcontrol</em> instead.</p>
+
+</div>
+
+<div class="sect1"><a name="appc-10-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">nmbd <em class="replaceable">[options]</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-11-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-a</tt></b></dt>
+<dd>
+<p>Causes each new connection to the Samba server to append all logging
+messages to the log file. This option is the opposite of
+<tt class="literal">-o</tt> and is the default.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">debug_level</em></b></dt>
+<dd>
+<p>Sets the debug (sometimes called logging) level. The level can range
+from 0 to 10. Specifying the value on the command line overrides the
+value specified in the <em class="filename">smb.conf</em> file. Debug
+level 0 logs only the most important messages; level 1 is normal;
+levels 3 and above are primarily for debugging and slow
+<em class="emphasis">nmbd</em> considerably.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-D</tt></b></dt>
+<dd>
+<p>Instructs the <em class="emphasis">nmbd</em> program to run as a daemon.
+This is the recommended way to use <em class="emphasis">nmbd</em> and is
+the default when <em class="emphasis">nmbd</em> is run from an interactive
+shell. In addition, <em class="emphasis">nmbd</em> can be run from
+<em class="emphasis">inetd</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-h</tt> </b></dt>
+<dd>
+<p>Prints usage information for the <em class="emphasis">nmbd</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-H</tt> <em class="replaceable">lmhosts_ file</em></b></dt>
+<dd>
+<p>Specifies the location of the <em class="emphasis">lmhosts</em> file for
+name resolution. This file is used only to resolve names for the
+local server, and not to answer queries from remote systems. The
+compiled-in default is commonly
+<em class="filename">/usr/local/samba/lib/lmhosts</em>,
+<em class="filename">/usr/samba/lib/lmhosts</em>, or
+<em class="filename">/etc/lmhosts</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-i</tt></b></dt>
+<dd>
+<p>Runs <em class="emphasis">nmbd</em> interactively, rather than as a
+daemon. This option is used to override the default daemon mode when
+<em class="emphasis">nmbd</em> is run from the command line.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-l</tt> <em class="replaceable">log_ file</em></b></dt>
+<dd>
+<p>Sends the log messages to somewhere other than the location compiled
+into the executable or specified in the <em class="filename">smb.conf</em>
+file. The default is often
+<em class="filename">/usr/local/samba/var/log.nmbd</em>,
+<em class="emphasis">/usr/samba/var/log.nmbd</em>, or <em class="emphasis">/var/log
+/log.nmbd</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-n</tt> <em class="replaceable">NetBIOS_name</em></b></dt>
+<dd>
+<p>Allows you to override the NetBIOS name by which the daemon
+advertises itself. Specifying this option on the command line
+overrides the <tt class="literal">netbios name</tt> option in the Samba
+configuration file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-O</tt> <em class="replaceable">socket_options</em></b></dt>
+<dd>
+<p>Sets the TCP/IP socket options, using the same parameters as the
+<tt class="literal">socket options</tt> configuration option. Often used
+for performance tuning and testing.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-o</tt></b></dt>
+<dd>
+<p>Causes log files to be overwritten when opened (the opposite of
+<tt class="literal">-a</tt>). This option saves you from hunting for the
+right log entries if you are performing a series of tests and
+inspecting the log file each time.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-p</tt> <em class="replaceable">port_number</em></b></dt>
+<dd>
+<p>Sets the UDP port number from which the server accepts requests.
+Currently, all Microsoft clients use only the default port, 137.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">configuration_ file</em></b></dt>
+<dd>
+<p>Specifies the location of the Samba configuration file. Although the
+file defaults to <em class="filename">/usr/local/samba/lib/smb.conf</em>,
+you can override it here on the command line. Typically used for
+debugging.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-v</tt></b></dt>
+<dd>
+<p>Prints the current version of Samba.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-3"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>winbindd</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">winbindd</em> daemon is part of the winbind
+service and is used to allow Unix systems to obtain user and group
+information from a Windows NT/2000 server. Winbind maps Windows
+relative IDs (RIDs) to Unix UIDs and GIDs and allows accounts stored
+on the Windows server to be used for Unix authentication. Its purpose
+is to ease integration of Microsoft and Unix networks when a
+preexisting Windows domain controller is set up to handle user and
+computer accounts.</p><p>The daemon is accessed by users via the name service switch and PAM.
+The name service switch calls a library
+(<em class="filename">/lib/libnss_winbind.so</em>), which calls the
+daemon, which in turn calls the Windows NT/2000 server using
+Microsoft RPC. The PAM module for winbind can call the daemon
+similarly, allowing users whose accounts are stored on the Windows
+server to log in to the Unix system and run an interactive shell,
+FTP, or any other program that authenticates users through PAM.</p><p>The winbind subsystem is currently available only for the Linux
+operating system and a few other systems that use shared libraries,
+nsswitch and PAM.</p>
+<div class="sect1"><a name="appc-13-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">winbindd <em class="replaceable">[options]</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-14-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">debuglevel</em></b></dt>
+<dd>
+<p>Sets the debug (sometimes called logging) level. The level can range
+from 0 to 10. Specifying the value on the command line overrides the
+value specified in the <em class="filename">smb.conf</em> file. Debug
+level 0 logs only the most important messages; level 1 is normal;
+levels 3 and above are primarily for debugging.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-i</tt></b></dt>
+<dd>
+<p>Runs <em class="emphasis">winbindd</em> interactively. This option is used
+to override the default, which is for winbindd to detach and run as a
+daemon.</p>
+</dd>
+
+</dl>
+
+</div>
+</div>
+
+
+
+
+
+<div class="sect1"><a name="samba2-APP-C-SECT-2"/>
+
+<h2 class="head1">Samba Distribution Programs</h2>
+
+<p>This section lists the command-line options and subcommands provided
+by each nondaemon program in the Samba distribution.</p>
+
+</div>
+
+
+
+<a name="INDEX-4"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>findsmb</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This Perl script reports information about systems on the subnet that
+respond to SMB name-query requests. The report includes the IP
+address, NetBIOS name, workgroup/domain, and operating system of each
+system.</p>
+<div class="sect1"><a name="appc-17-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">findsmb <em class="replaceable">[subnet_broadcast_address]</em></pre></blockquote>
+<p>If a different subnet's broadcast address is
+provided, it will find SMB servers on that subnet. If no subnet
+broadcast address is supplied, <em class="emphasis">findsmb</em> will look
+on the local subnet.</p>
+
+<p>The output from <em class="emphasis">findsmb</em> looks like this:</p>
+<blockquote><pre class="code">$ <tt class="userinput"><b>findsmb</b></tt>
+ *=DMB
+ +=LMB
+IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
+---------------------------------------------------------------------
+172.16.1.1 TOLTEC *[METRAN] [Unix] [Samba 2.2.6]
+172.16.1.3 MIXTEC +[METRAN] [Unix] [Samba 2.2.6]
+172.16.1.4 ZAPOTEC [METRAN] [Windows 5.0] [Windows 2000 LAN Manager]
+172.16.1.5 HUASTEC [ METRAN ]
+172.16.1.6 MAYA [ METRAN ]
+172.16.1.7 OLMEC [METRAN] [Windows 5.1] [Windows 2000 LAN Manager]
+172.16.1.10 UTE [ METRAN ]
+172.16.1.13 DINE [METRAN] [Windows NT 4.0] [NT LAN Manager 4.0]</pre></blockquote>
+<p>The system with an asterisk (<tt class="literal">*</tt>) in front of its
+workgroup name is the domain master browser for the workgroup/domain,
+and the system with a plus sign (+) preceding its workgroup name is
+the local master browser.</p>
+
+<p>The <em class="emphasis">findsmb</em> command was introduced during the
+development of Samba 2.2 and is installed by default in Samba
+Versions 2.2.5 and later.</p>
+
+</div>
+</div>
+
+<a name="INDEX-5"/><a name="INDEX-6"/><a name="INDEX-7"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>make_smbcodepage</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program is part of the
+<a name="INDEX-6"/>internationalization features of
+Samba 2.2 and is obsolete in Samba 3.0, which supports
+<a name="INDEX-7"/>Unicode
+automatically. The <em class="emphasis">make_smbcodepage</em> program
+compiles a binary codepage file from a text-format codepage
+definition. It can also perform the reverse operation, decompiling a
+binary codepage file into a text version. Examples of text-format
+codepage files can be found in the Samba distribution in the
+<em class="filename">source/codepages</em> directory. After Samba has been
+installed, examples of binary codepages can be found in the directory
+<em class="filename">/usr/local/samba/lib/codepages</em>.</p>
+<div class="sect1"><a name="appc-19-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">make_smbcodepage <em class="replaceable">c|d codepage_number input_file output_file</em></pre></blockquote>
+<p>For the first argument, use <tt class="literal">c</tt> to compile a
+codepage and <tt class="literal">d</tt> to decompile a codepage file. The
+<em class="replaceable">codepage_number</em> argument is the number of
+the codepage being processed (e.g., 850). The
+<em class="replaceable">input_file</em> and
+<em class="replaceable">output_file</em> are the text- and
+binary-format codepages, with the types dependent on the operation
+(compiling or decompiling) that is being performed.</p>
+
+</div>
+</div>
+
+<a name="INDEX-8"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>make_unicodemap</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program is part of the internationalization features of Samba
+2.2 and is obsolete in Samba 3.0, which supports Unicode
+automatically. The <em class="emphasis">make_unicodemap</em> command
+compiles binary Unicode maps from text files, so Samba can display
+non-ASCII characters in file and directory names via the Unicode
+international alphabets. Examples of input mapping files can be found
+in the directory <em class="filename">source/codepages</em> in the Samba
+source distribution.</p>
+<div class="sect1"><a name="appc-21-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">make_unicodemap <em class="replaceable">codepage_number inputfile outputfile</em></pre></blockquote>
+<p>The input file is an ASCII map; the output file is a binary file
+loadable by Samba. The codepage is the number of the DOS codepage
+(e.g., 850) for the map.</p>
+
+</div>
+</div>
+
+<a name="INDEX-9"/><a name="INDEX-10"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>net</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">net</em> command, new to Samba 3.0, is a program
+with a syntax similar to the MS-DOS/Windows command of the same name.
+It is used for performing various administrative functions related to
+Windows networking, which can be executed either locally or on a
+remote system.</p>
+<div class="sect1"><a name="appc-23-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">net <em class="replaceable">[method] function [misc_options] [target_options]</em></pre></blockquote>
+<p>The <em class="replaceable">function</em> argument is made up of one or
+more space-separated words. In Windows terminology, it is sometimes
+referred to as a function with options. Here we list every function
+in its complete form, including multiple words.</p>
+
+<p>By default, the action is performed on the local system. The
+<em class="replaceable">target_options</em> argument can be used to
+specify a remote system (either by hostname or IP address), a domain,
+or a workgroup.</p>
+
+<p>Depending on the function, the <em class="replaceable">method</em>
+argument can be optional, required, or disallowed. It specifies one
+of three methods for performing the operation specified by the rest
+of the command. It can be <tt class="literal">ads</tt> (Active Directory),
+<tt class="literal">rpc</tt> (Microsoft's DCE/RPC), or
+<tt class="literal">rap</tt> (Microsoft's original SMB
+remote procedure call). To determine which methods (if any) can be
+used with a function, the <tt class="literal">net help ads</tt>,
+<tt class="literal">net help rap</tt>, and <tt class="literal">net help rpc</tt>
+commands can be used to list the functions for each method.</p>
+
+</div>
+
+<div class="sect1"><a name="appc-24-fm2xml"/>
+
+<h4 class="refsect1">Miscellaneous options</h4>
+
+<dl>
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">level</em></b></dt>
+<dt><b><tt class="literal">--debug=l</tt><em class="replaceable">evel</em></b></dt>
+<dd>
+<p>Sets the debug (sometimes called logging) level. The level can range
+from 0 to 10.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-l</tt></b></dt>
+<dt><b><tt class="literal">--long</tt></b></dt>
+<dd>
+<p><tt class="literal">S</tt>pecifies the long listing mode. This is provided
+for functions that print informational listings.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-n</tt> <em class="replaceable">name</em></b></dt>
+<dt><b><tt class="literal">--myname</tt><em class="emphasis">=</em><em class="replaceable">name</em></b></dt>
+<dd>
+<p>Specifies the NetBIOS name for the client.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-p</tt> <em class="replaceable">port</em></b></dt>
+<dt><b><tt class="literal">--port</tt><em class="emphasis">=</em><em class="replaceable">port</em></b></dt>
+<dd>
+<p>Specifies the port number to use.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">filename</em></b></dt>
+<dt><b><tt class="literal">--conf</tt><em class="emphasis">=</em><em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Specifies the name of the Samba configuration file, overriding the
+compiled-in default.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-U</tt> <em class="replaceable">username[</em><tt class="literal">%</tt><em class="replaceable">password]</em></b></dt>
+<dt><b><tt class="literal">--user</tt><em class="emphasis">=</em><em class="replaceable">username[</em><tt class="literal">%</tt><em class="replaceable">password]</em></b></dt>
+<dd>
+<p>Specifies the username and, optionally, the password to use for
+functions that require authentication.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-W</tt> <em class="replaceable">name</em></b></dt>
+<dt><b><tt class="literal">--myworkgroup</tt>=<em class="replaceable">name</em></b></dt>
+<dd>
+<p>Specifies the name of the client's workgroup,
+overriding the definition of the <tt class="literal">workgroup</tt>
+parameter in the Samba configuration file.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+<div class="sect1"><a name="appc-25-fm2xml"/>
+
+<h4 class="refsect1">Target options</h4>
+
+<dl>
+<dt><b><tt class="literal">-S</tt> <em class="replaceable">hostname</em></b></dt>
+<dd>
+<p>Specifies the remote system using a hostname or NetBIOS name.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-I</tt> <em class="replaceable">ip_address</em></b></dt>
+<dd>
+<p>Specifies the remote system using its IP address.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-w</tt> <em class="replaceable">workgroup</em></b></dt>
+<dd>
+<p>Specifies the name of the target domain or workgroup.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+<div class="sect1"><a name="appc-26-fm2xml"/>
+
+<h4 class="refsect1">Functions</h4>
+
+<dl>
+<dt><b><tt class="literal">abortshutdown</tt></b></dt>
+<dd>
+<p>See the <tt class="literal">rpc</tt> <tt class="literal">abortshutdown</tt>
+function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ads</tt> <tt class="literal">info</tt></b></dt>
+<dd>
+<p>Prints information about the Active Directory server. The method
+(<tt class="literal">ads</tt>) must be specified to differentiate this
+function from the <tt class="literal">rpc info</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ads</tt> <tt class="literal">join</tt> <em class="replaceable">OU</em></b></dt>
+<dd>
+<p>Joins the local system to the Active Directory realm (organizational
+unit) specified by OU. The method (<tt class="literal">ads</tt>) must be
+specified to differentiate this function from the <tt class="literal">rpc
+join</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ads</tt> <tt class="literal">leave</tt></b></dt>
+<dd>
+<p>Removes the local system from the Active Directory realm.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ads password</tt> <em class="replaceable">username</em><tt class="literal">@</tt><em class="replaceable">REALM</em> <tt class="literal">-U</tt><em class="replaceable">admin_username</em><tt class="literal">@</tt><em class="replaceable">REALM</em><tt class="literal">%admin_</tt><em class="replaceable">password</em></b></dt>
+<dd>
+<p>Changes the Active Directory password for the user specified by
+<em class="replaceable">username</em><tt class="literal">@</tt><em class="replaceable">REALM</em>.
+The administrative account authentication information is specified
+with the <tt class="literal">-U</tt> option. The Active Directory realm
+must be supplied in all uppercase.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ads printer info</tt> <em class="replaceable">[printer] [server]</em></b></dt>
+<dd>
+<p>Prints information on the specified printer on the specified server.
+The <em class="replaceable">printer</em> argument defaults to an
+asterisk (<tt class="literal">*</tt>), meaning all printers, and the
+<em class="replaceable">server</em> argument defaults to
+<tt class="literal">localhost</tt>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ads printer publish</tt> <em class="replaceable">printer_name</em></b></dt>
+<dd>
+<p>Publishes the specified printer in Active Directory.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ads printer remove</tt> <em class="replaceable">printer_name</em></b></dt>
+<dd>
+<p>Removes the specified printer from Active Directory.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ads search</tt> <em class="replaceable">expr attrib</em></b></dt>
+<dd>
+<p>Performs a raw Active Directory search, using the standard LDAP
+search expression and attributes specified by the
+<em class="replaceable">expr</em> and <em class="replaceable">attrib</em>
+arguments, respectively.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ads status</tt></b></dt>
+<dd>
+<p>Prints details about the Active Directory computer account of the
+system.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">change localhost pass</tt></b></dt>
+<dd>
+<p>Changes the Active Directory password for the local
+system's computer trust account.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">domain</tt></b></dt>
+<dd>
+<p>Lists the domains or workgroups on the network.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">file</tt></b></dt>
+<dd>
+<p>Lists open files on the server.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">file close</tt> <em class="replaceable">file_id</em></b></dt>
+<dd>
+<p>Closes the specified file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">file info</tt> <em class="replaceable">file_id</em></b></dt>
+<dd>
+<p>Prints information about the specified file, which must be open.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">file user</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Lists all files opened on the server by the user specified by
+<em class="replaceable">username</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">group add</tt> <em class="replaceable">group_name</em></b></dt>
+<dd>
+<p>Adds the specified group. This function accepts the miscellaneous
+option <tt class="literal">-C</tt> <em class="replaceable">comment</em>
+(which can also be specified as <tt class="literal">-
+-comment=</tt><em class="replaceable">string</em>) to set the
+descriptive comment for the group.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">group delete</tt> <em class="replaceable">group_name</em></b></dt>
+<dd>
+<p>Deletes the specified group.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">groupmember add</tt> <em class="replaceable">group_name username</em></b></dt>
+<dd>
+<p>Adds the user specified by <em class="replaceable">username</em> to the
+group specified by <em class="replaceable">group_name</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">groupmember delete</tt> <em class="replaceable">group_name username</em></b></dt>
+<dd>
+<p>Deletes the user specified by <em class="replaceable">username</em>
+from the group specified by <em class="replaceable">group_name</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">groupmember list</tt> <em class="replaceable">group_name</em></b></dt>
+<dd>
+<p>Lists the users who are members of the specified group.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">help</tt></b></dt>
+<dd>
+<p>Prints a help message for the <em class="emphasis">net</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">help</tt> <em class="replaceable">method</em></b></dt>
+<dd>
+<p>Prints a help message for <em class="replaceable">method</em>, which
+can be <tt class="literal">ads</tt>, <tt class="literal">rap</tt>, or
+<tt class="literal">rpc</tt>. This lists the functions that can use the
+method, along with a brief description.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">help</tt> <em class="replaceable">function</em></b></dt>
+<dd>
+<p>Prints a help message for the specified function, which can be more
+than one word.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">info</tt></b></dt>
+<dd>
+<p>Must be preceded by a method. See the <tt class="literal">ads</tt>
+<tt class="literal">info</tt> and <tt class="literal">rpc</tt>
+<tt class="literal">info</tt> functions.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">join</tt></b></dt>
+<dd>
+<p>Joins the computer to a Windows NT domain or Active Directory realm.
+If the method argument is not specified, a check is made to determine
+if Active Directory is in use, and if so, <tt class="literal">ads join</tt>
+is performed. Otherwise, <tt class="literal">rpc join</tt> is run. See also
+the <tt class="literal">ads join</tt> and <tt class="literal">rpc join</tt>
+functions.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">leave</tt></b></dt>
+<dd>
+<p>Must be preceded by a method. See the <tt class="literal">ads</tt>
+<tt class="literal">leave</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lookup dc</tt> <em class="replaceable">[domain]</em></b></dt>
+<dd>
+<p>Prints the IP address of the specified domain's
+domain controllers. The domain defaults to the value of the
+<tt class="literal">workgroup</tt> parameter in the Samba configuration
+file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lookup host</tt> <em class="replaceable">hostname [type]</em></b></dt>
+<dd>
+<p>Prints the IP address of the specified host.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lookup kdc</tt> <em class="replaceable">[realm]</em></b></dt>
+<dd>
+<p>Prints the IP address of the specified realm's
+Kerberos domain controller. If <em class="replaceable">realm</em> is
+not specified, it defaults to the value of the
+<tt class="literal">realm</tt> parameter in the Samba configuration file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lookup ldap</tt> <em class="replaceable">[domain]</em></b></dt>
+<dd>
+<p>Prints the IP address of the specified domain's LDAP
+server. If <em class="replaceable">domain</em> is not specified, it
+defaults to the value of the <tt class="literal">workgroup</tt> parameter
+in the Samba configuration file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lookup master</tt> <em class="replaceable">[domain]</em></b></dt>
+<dd>
+<p>Prints the IP address of the master browser of the specified domain
+or workgroup. If <em class="replaceable">domain</em> is not specified,
+it defaults to the value of the <tt class="literal">workgroup</tt>
+parameter in the Samba configuration file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">password</tt> <em class="replaceable">username old_password new_password</em></b></dt>
+<dd>
+<p>Changes the password for the user specified by the
+<em class="replaceable">username</em> argument. The
+user's old and new passwords are provided in plain
+text as part of the command. Be careful regarding security issues.
+See also the <tt class="literal">ads password</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">printer info</tt></b></dt>
+<dd>
+<p>See the <tt class="literal">ads printer info</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">printer publish</tt></b></dt>
+<dd>
+<p>See the <tt class="literal">ads printer publish</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">printer remove</tt></b></dt>
+<dd>
+<p>See the <tt class="literal">ads printer remove</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">printq</tt></b></dt>
+<dd>
+<p>Prints information (including the job IDs) about printer queues on
+the server.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">printq delete</tt> <em class="replaceable">queue_name</em></b></dt>
+<dd>
+<p>Deletes the specified printer queue. The
+<tt class="literal">-j</tt>
+<em class="replaceable">job_id</em> (which can also be
+specified as
+<tt class="literal">--jobid</tt><em class="emphasis">=</em><em class="replaceable">job_id</em>
+) option may be used to specify the job ID of the queue.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">rpc abortshutdown</tt></b></dt>
+<dd>
+<p>Aborts the shutdown of a remote server.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">rpc info</tt></b></dt>
+<dd>
+<p>Prints information about the server's domain. The
+method (<tt class="literal">rpc</tt>) must be specified to differentiate
+this function from the <tt class="literal">ads</tt> <tt class="literal">info</tt>
+function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">rpc join</tt> </b></dt>
+<dd>
+<p>Joins a computer to a Windows NT domain. If the <tt class="literal">-U</tt>
+<em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em>
+option is included, the specified username and password will be used
+as the administrative account required for authenticating with the
+PDC. If the <tt class="literal">-U</tt> option is not included, this
+function can be used only to join the computer to the domain after
+the computer account has been created using the Server Manager. The
+method (<tt class="literal">rpc</tt>) must be specified to differentiate
+this function from the <tt class="literal">ads</tt> <tt class="literal">join</tt>
+function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">rpc shutdown</tt></b></dt>
+<dd>
+<p>Shuts down a server. This function accepts the <tt class="literal">-r</tt>,
+<tt class="literal">-f</tt>, <tt class="literal">-t</tt>, and
+<tt class="literal">-c</tt> miscellaneous options. The
+<tt class="literal">-r</tt> option (which can also be specified as
+<tt class="literal">--reboot</tt>) requests that the system reboot after
+shutting down. The <tt class="literal">-f</tt> option (which can also be
+specified as <tt class="literal">--force</tt>) forces a shutdown. The
+<tt class="literal">-t</tt> <em class="replaceable">timeout</em> option
+(which can also be specified as <tt class="literal">-
+-timeout=</tt><em class="replaceable">number</em>) specifies the
+number of seconds to wait before shutting down, and the
+<tt class="literal">-c</tt> <em class="replaceable">comment</em> option
+(which can also be specified as <tt class="literal">-
+-comment=</tt><em class="replaceable">string</em>) can be used to
+specify a message to the client user. On Windows, the comment appears
+in the Message area in the System Shutdown dialog box.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">rpc trustdom add</tt> <em class="replaceable">domain_name</em></b></dt>
+<dd>
+<p>Adds an account for the trust relationship with the specified Windows
+NT domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">rpc trustdom establish</tt> <em class="replaceable">domain_name</em></b></dt>
+<dd>
+<p>Establishes a trust relationship with the specified Windows NT domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">rpc trustdom revoke</tt> <em class="replaceable">domain_name</em></b></dt>
+<dd>
+<p>Revokes the trust relationship with the specified Windows NT domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">search</tt></b></dt>
+<dd>
+<p>See the <tt class="literal">ads search</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">server</tt></b></dt>
+<dd>
+<p>Lists servers in the domain or workgroup, which defaults to the value
+of the <tt class="literal">workgroup</tt> parameter in the Samba
+configuration file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">session</tt></b></dt>
+<dd>
+<p>Lists clients with open sessions to the server.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">session delete NetBIOS_</tt><em class="replaceable">name</em></b></dt>
+<dd>
+<p>Closes the session to the server from the specified client. A synonym
+is <tt class="literal">session</tt> <tt class="literal">close</tt>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">session close</tt></b></dt>
+<dd>
+<p>A synonym for <tt class="literal">session delete</tt>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">share</tt></b></dt>
+<dd>
+<p>Lists the shares offered by the server. When a Windows 95/98/Me
+server is the target system, it might be necessary to specify the
+method as <tt class="literal">rap</tt> for this to work properly.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">share add</tt> <em class="replaceable">share_name</em><tt class="literal">=</tt><em class="replaceable">server_path</em></b></dt>
+<dd>
+<p>Adds a share on the target server. The name of the share and the
+folder to be shared are specified by the
+<em class="replaceable">share_name</em><tt class="literal">=</tt><em class="replaceable">server_path</em>
+argument, with <em class="replaceable">server_path</em> the Windows
+directory name, with spaces and other special characters (if any)
+quoted and with the backslashes escaped (e.g.,
+&quot;<tt class="literal">data=C:\\Documents</tt> <tt class="literal">and</tt>
+<tt class="literal">Settings\\jay\\Desktop\\data</tt>&quot;). The
+<tt class="literal">-C</tt> <em class="replaceable">comment</em> option
+(which can also be specified as <tt class="literal">-
+-comment=</tt><em class="replaceable">string</em>) can be used to
+define a description for the share. The <tt class="literal">-M</tt>
+<em class="replaceable">number</em> option (which can also be specified
+as <tt class="literal">--maxusers=</tt><em class="replaceable">number</em>)
+can be used to set the maximum number of users that can connect to
+the share. The method (<tt class="literal">rap</tt> or
+<tt class="literal">rpc</tt>) might need to be specified for this function
+to work. The regular folder icon cannot change into a
+&quot;shared folder&quot; icon in Windows
+Explorer until the display is refreshed.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">share delete</tt> <em class="replaceable">share_name</em></b></dt>
+<dd>
+<p>Deletes a share from the target server. The
+<em class="replaceable">share_name</em> argument is simply the name of
+the share on the target server, not a UNC. The method
+(<tt class="literal">rap</tt> or <tt class="literal">rpc</tt>) might need to be
+specified for this function to work. The &quot;shared
+folder&quot; icon in Windows Explorer cannot change back
+to the regular folder icon until the display is refreshed.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">shutdown</tt></b></dt>
+<dd>
+<p>See the <tt class="literal">rpc shutdown</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">status</tt></b></dt>
+<dd>
+<p>See the <tt class="literal">ads status</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">time</tt></b></dt>
+<dd>
+<p>Displays the system time&mdash;in Unix <em class="emphasis">date</em>
+command format&mdash;on the target system.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">time set</tt></b></dt>
+<dd>
+<p>Sets the local system's hardware clock using the
+time obtained from the operating system.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">time system</tt></b></dt>
+<dd>
+<p>Sets the time on the local system using the time obtained from the
+remote system.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">time zone</tt></b></dt>
+<dd>
+<p>Prints the time zone (in hours from GMT) in use on the system.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">trustdom add</tt></b></dt>
+<dd>
+<p>See the <tt class="literal">rpc trustdom add</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">trustdom establish</tt></b></dt>
+<dd>
+<p>See the <tt class="literal">rpc trustdom establish</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">trustdom revoke</tt></b></dt>
+<dd>
+<p>See the <tt class="literal">rpc trustdom revoke</tt> function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">user</tt></b></dt>
+<dd>
+<p>Lists user accounts. The method can be specified as
+<tt class="literal">ads</tt>, <tt class="literal">rap</tt>, or
+<tt class="literal">rpc</tt>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">user add</tt> <em class="replaceable">username [password]</em></b></dt>
+<dd>
+<p>Adds a user account for the user specified by
+<em class="replaceable">username</em>. The <tt class="literal">-c</tt>
+<em class="replaceable">comment</em> option (which can also be
+specified as <tt class="literal">-
+-comment=</tt><em class="replaceable">string</em>) can be used to
+set a comment for the account. The <tt class="literal">-F</tt>
+<em class="replaceable">user_flags</em> option can be used to set flags
+(specified in numeric format) for the account. The method can be
+specified as <tt class="literal">ads</tt>, <tt class="literal">rap</tt>, or
+<tt class="literal">rpc</tt>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">user delete</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Deletes the specified user's account. The method can
+be specified as <tt class="literal">ads</tt>, <tt class="literal">rap</tt>, or
+<tt class="literal">rpc</tt>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">user info</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Lists the domain groups to which the specified user belongs. The
+method can be specified as <tt class="literal">ads</tt>,
+<tt class="literal">rap</tt>, or <tt class="literal">rpc</tt>. <a name="INDEX-10"/></p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-11"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>nmblookup</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">nmblookup</em> program is a client program that
+allows command-line access to NetBIOS name service for resolving
+NetBIOS computer names into IP addresses. The program works by
+broadcasting its queries on the local subnet until a machine with the
+specified name responds. You can think of it as a Windows analog of
+<em class="emphasis">nslookup</em> or <em class="emphasis">dig</em>. This is
+useful for looking up regular computer names, as well as
+special-purpose names, such as _ _MSBROWSE_ _ . If you wish to query
+for a particular type of NetBIOS name, add the NetBIOS type to the
+end of the name, using the format
+<em class="replaceable">netbios_name</em><tt class="literal">#&lt;</tt><em class="replaceable">dd</em><tt class="literal">&gt;</tt>.</p>
+<div class="sect1"><a name="appc-28-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">nmblookup <em class="replaceable">[options] netbios_name</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-29-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-A</tt></b></dt>
+<dd>
+<p>Interprets <em class="replaceable">netbios_name</em> as an IP address
+and does a node status query on it.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-B</tt> <em class="replaceable">broadcast_address</em></b></dt>
+<dd>
+<p>Sends the query to the given broadcast address. The default is to
+send the query to the broadcast address of the primary network
+interface.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">debug_level</em></b></dt>
+<dd>
+<p>Sets the debug (sometimes called logging) level. The level can range
+from 0 to 10. Debug level 0 logs only the most important messages.
+Level 1 is normal; levels 3 and above are primarily used by
+developers for debugging the <em class="emphasis">nmblookup</em> program
+itself and slow the program considerably.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-f</tt></b></dt>
+<dd>
+<p>Prints the flags in the packet headers.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-h</tt></b></dt>
+<dd>
+<p>Prints command-line usage information for the program.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-i</tt> <em class="replaceable">scope</em></b></dt>
+<dd>
+<p>Sets a NetBIOS scope identifier. NetBIOS scope is a rarely used
+precursor to workgroups.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-M</tt></b></dt>
+<dd>
+<p>Searches for a local master browser by looking up
+<em class="replaceable">netbios_name</em><tt class="literal">&lt;1d&gt;</tt>.
+If <em class="replaceable">netbios_name</em> is specified as a dash
+(<tt class="literal">-</tt>), a lookup is done on the special name _
+_MSBROWSE_ _ .</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-R</tt></b></dt>
+<dd>
+<p>Sets the &quot;recursion desired&quot; bit in
+the packet. This causes the system that responds to try a WINS lookup
+and return the address and any other information the WINS server has
+saved.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-r</tt></b></dt>
+<dd>
+<p>Uses the <tt class="literal">root</tt> port of 137. This option exists as a
+bug workaround for Windows 95. This option might require the user to
+be superuser.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-S</tt></b></dt>
+<dd>
+<p>Performs a node status query once the name query has returned an IP
+address. This returns all the resource types that the system knows
+about, including their numeric attributes. For example:</p>
+
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>nmblookup -S toltec</b></tt>
+querying toltec on 172.16.1.255
+172.16.1.1 toltec&lt;00&gt;
+Looking up status of 172.16.1.1
+ TOLTEC &lt;00&gt; - M &lt;ACTIVE&gt;
+ TOLTEC &lt;03&gt; - M &lt;ACTIVE&gt;
+ TOLTEC &lt;20&gt; - M &lt;ACTIVE&gt;
+ ..__MSBROWSE__. &lt;01&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;
+ METRAN &lt;00&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;
+ METRAN &lt;1b&gt; - M &lt;ACTIVE&gt;
+ METRAN &lt;1c&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;
+ METRAN &lt;1d&gt; - M &lt;ACTIVE&gt;
+ METRAN &lt;1e&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;</pre></blockquote>
+</dd>
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">configuration_ file</em></b></dt>
+<dd>
+<p>Specifies the location of the Samba configuration file. Although the
+file defaults to <em class="filename">/usr/local/samba/lib/smb.conf</em>,
+you can override it here on the command line. Normally used for
+debugging.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-T</tt></b></dt>
+<dd>
+<p>Translates IP addresses into resolved names.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-U</tt> <em class="replaceable">unicast_address</em></b></dt>
+<dd>
+<p>Performs a unicast query to the specified address. Used with
+<tt class="literal">-R</tt> to query WINS servers.</p>
+</dd>
+
+</dl>
+
+
+<p>Note that <em class="emphasis">nmblookup</em> has no option for setting
+the workgroup. You can get around this by putting
+<tt class="literal">workgroup</tt> <tt class="literal">=</tt>
+<em class="replaceable">workgroup_name</em> in a file and passing it to
+<em class="emphasis">nmblookup</em> with the
+<tt class="literal">-s</tt> option.</p>
+
+</div>
+</div>
+
+<a name="INDEX-12"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>pdbedit</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program, new to Samba 3.0, can be used to manage accounts that
+are held in a SAM database. The implementation of the database can be
+any of the types supported by Samba, including the
+<em class="filename">smbpasswd</em> file, LDAP, NIS+ and the
+<em class="filename">tdb</em> database library. The user must be the
+superuser to use this tool.</p>
+<div class="sect1"><a name="appc-31-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">pdbedit <em class="replaceable">[options]</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-32-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-a</tt></b></dt>
+<dd>
+<p>Adds the user specified by the <tt class="literal">-u</tt> option to the
+SAM database. The command issues a prompt for the
+user's password.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">drive_letter</em></b></dt>
+<dd>
+<p>Sets the Windows drive letter to which to map the
+user's home directory. The drive letter should be
+specified as a letter followed by a colon&mdash;e.g.,
+<tt class="literal">H</tt>:.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-D</tt> <em class="replaceable">debug_level</em></b></dt>
+<dd>
+<p>Sets the debug (sometimes called logging) level. The level can range
+from 0 to 10. Debug level 0 logs only the most important messages.
+Level 1 is normal, and levels 3 and above are primarily for
+debugging.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-e</tt> <em class="replaceable">pwdb_backend</em></b></dt>
+<dd>
+<p>Exports the user account database to another format, written to the
+specified location. Used for migrating from one type of account
+database to another. The <em class="replaceable">pwdb_backend</em>
+argument is specified in the format of a database type, followed by a
+colon, then the location of the database. For example, to export the
+existing account database to an <em class="filename">smbpasswd</em>
+database in the file
+<em class="filename">/usr/local/samba/private/smbpw</em>,
+<em class="replaceable">pwdb_backend</em> would be specified as
+<tt class="literal">smbpasswd:/usr/local/samba/private/smbpw</tt>. The
+allowable database types are <tt class="literal">smbpasswd</tt>,
+<tt class="literal">smbpasswd nua</tt>, <tt class="literal">tdbsam</tt>,
+<tt class="literal">tdbsam nua</tt>, <tt class="literal">ldapsam</tt>,
+<tt class="literal">ldapsam_nua</tt>, and <tt class="literal">plugin</tt>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-f</tt> <em class="replaceable">full_name</em></b></dt>
+<dd>
+<p>Sets the full name of the user specified with the
+<tt class="literal">-u</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-h</tt> <em class="replaceable">unc</em></b></dt>
+<dd>
+<p>Sets the home directory path (as a UNC) for the user specified with
+the <tt class="literal">-u</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-i</tt> <em class="replaceable">pwdb_backend</em></b></dt>
+<dd>
+<p>Specifies a password database backend from which to retrieve account
+information, overriding the one specified by the <tt class="literal">passdb
+backend</tt> parameter in the Samba configuration file. This,
+along with the <tt class="literal">-e</tt> option, is useful for migrating
+user accounts from one type of account database to another. See the
+<tt class="literal">-e</tt> option regarding how to specify the
+<em class="replaceable">pwdb_backend</em> argument.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-l</tt></b></dt>
+<dd>
+<p>Lists the user accounts in the database. See also the
+<tt class="literal">-v</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-m</tt></b></dt>
+<dd>
+<p>Indicates that the account is a computer account rather than a user
+account. Used only with the <tt class="literal">-a</tt> option when
+creating the account. In this case, the <tt class="literal">-u</tt> option
+specifies the computer name rather than a username.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-p</tt> <em class="replaceable">unc</em></b></dt>
+<dd>
+<p>Sets the directory in which the user's profile is
+kept. The directory is specified as a UNC.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">unc</em></b></dt>
+<dd>
+<p>Specifies the UNC of the user's logon script.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-u</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Specifies the username of the account to add (with the
+<tt class="literal">-a</tt> option), delete (with the <tt class="literal">-x</tt>
+option), or modify.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-v</tt></b></dt>
+<dd>
+<p>Selects verbose mode when listing accounts with the
+<tt class="literal">-l</tt> option. The account fields will be printed.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-w</tt></b></dt>
+<dd>
+<p>Selects the <tt class="literal">smbpasswd</tt> listing mode, for use with
+the <tt class="literal">-l</tt> option, which prints information in the
+same format as it would appear in an <em class="filename">smbpasswd</em>
+file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-x</tt></b></dt>
+<dd>
+<p>Deletes the user (specified with the <tt class="literal">-u</tt> option)
+from the account database.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-13"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>rpcclient</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This is a program for issuing administrative commands that are
+implemented using Microsoft RPCs. It provides access to the RPCs that
+Windows administrative GUIs use for system management. The
+<em class="emphasis">rpcclient</em> command is mainly for use by advanced
+users who understand the RPCs. More information on these can be found
+in Microsoft's Platform Software Development Kit
+(SDK), available for download from the Microsoft web site at
+<a href="http://www.microsoft.com">http://www.microsoft.com</a>.</p><p>You can run a single <em class="emphasis">rpcclient</em> command by using
+the <tt class="literal">-c command string</tt> option, or interactively
+with <em class="emphasis">rpcclient</em> prompting for commands.</p>
+<div class="sect1"><a name="appc-34-fm2xml"/>
+
+<h4 class="refsect1">Command Synopsis</h4>
+
+<p>rpcclient <em class="replaceable">server [options]</em></p>
+
+
+</div>
+
+<div class="sect1"><a name="appc-35-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-A</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Specifies a file from which to read the authentication values used in
+the connection. The format of the file is as follows:</p>
+
+<blockquote><pre class="code">username = <em class="replaceable">value</em>
+password = <em class="replaceable">value</em>
+domain = <em class="replaceable">value</em></pre></blockquote>
+
+<p>This option is used to avoid password prompts or to have the password
+appear in plain text inside scripts. The permissions on the file
+should be very restrictive (0600, for example) to prevent access from
+unwanted users.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-c</tt> <em class="replaceable">command_string</em></b></dt>
+<dd>
+<p>Executes a sequence of semicolon-separated commands. Commands are
+listed in the following section.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">debuglevel</em></b></dt>
+<dd>
+<p>Sets the debug (sometimes called logging) level. The level can range
+from 0 to 10. Specifying the value on the command line overrides the
+value specified in the <em class="filename">smb.conf</em> file. Debug
+level 0 logs only the most important messages; level 1 is normal;
+levels 3 and above are primarily for debugging and slow the program
+considerably.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-h</tt></b></dt>
+<dd>
+<p>Prints a summary of options.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-l</tt> <em class="replaceable">logbasename</em></b></dt>
+<dd>
+<p>Sets the filename for log/debug files. The extension
+<em class="filename">.client</em> is appended to the filename.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-N</tt></b></dt>
+<dd>
+<p>Does not prompt for a password. This is used when Samba is configured
+for share-mode security and a service with no password is being
+accessed.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Specifies the location of the Samba configuration file, which by
+default is usually
+<em class="filename">/usr/local/samba/lib/smb.conf</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-U</tt> <em class="replaceable">username[</em><tt class="literal">%</tt><em class="replaceable">password]</em></b></dt>
+<dd>
+<p>Sets the SMB username or username and password to use. Be careful
+when specifying the password with
+<tt class="literal">%</tt><em class="replaceable">password</em>; this is a
+major security risk. If
+<tt class="literal">%</tt><em class="replaceable">password</em> is not
+specified, the user will be prompted for the password, which will not
+be echoed. Normally the user is set from the USER or LOGNAME
+environment variable. The <tt class="literal">-U</tt> option by itself
+means to use the guest account. See also <tt class="literal">-A</tt>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-W</tt> <em class="replaceable">domain</em></b></dt>
+<dd>
+<p>Sets the domain, overriding the <tt class="literal">workgroup</tt>
+parameter in the Samba configuration file. If the domain is the
+server's NetBIOS name, it causes the client to log
+on using the server's local SAM database rather than
+the SAM of the domain.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-14"/><a name="INDEX-15"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>rpcclient commands</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>Aside from a few miscellaneous commands, the
+<em class="emphasis">rpclient</em> commands fall into three groups:
+LSARPC, SAMR, and SPOOLSS. The function names mentioned in some of
+the commands are those documented in the Microsoft Platform SDK.</p>
+<div class="sect1"><a name="appc-37-fm2xml"/>
+
+<h4 class="refsect1">General commands</h4>
+
+<dl>
+<dt><b><tt class="literal">debuglevel</tt> <em class="replaceable">level</em></b></dt>
+<dd>
+<p>Sets the debugging level to <em class="replaceable">level</em>. With no
+argument, the current debugging level is printed.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">help</tt></b></dt>
+<dd>
+<p>Prints help on the commands.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">quit</tt></b></dt>
+<dd>
+<p>Exits <em class="emphasis">rpcclient</em>. A synonym is
+<tt class="literal">exit</tt>.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+<div class="sect1"><a name="appc-38-fm2xml"/>
+
+<h4 class="refsect1">Local Security Authority Remote Procedure Calls (LSARPC) commands</h4>
+
+<dl>
+<dt><b><tt class="literal">enumprivs</tt></b></dt>
+<dd>
+<p>Lists the types of privileges known to this domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">enumtrust</tt></b></dt>
+<dd>
+<p>Lists the domains trusted by this domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">getdispname</tt> <em class="replaceable">priv_name</em></b></dt>
+<dd>
+<p>Prints information on the privilege named
+<em class="replaceable">priv_name</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lookupsids</tt> <em class="replaceable">name</em></b></dt>
+<dd>
+<p>Finds a name that corresponds to a security identifier (SID).</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lookupnames</tt> <em class="replaceable">sid</em></b></dt>
+<dd>
+<p>Finds the SID for one or more names.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lsaquery</tt></b></dt>
+<dd>
+<p>Queries the LSA object.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lsaenumsid</tt></b></dt>
+<dd>
+<p>Lists SIDs for the local LSA.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lsaquerysecobj</tt></b></dt>
+<dd>
+<p>Prints information on security objects for the LSA.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+<div class="sect1"><a name="appc-39-fm2xml"/>
+
+<h4 class="refsect1">Security Access Manager RPC (SAMR) commands</h4>
+
+<dl>
+<dt><b><tt class="literal">createdomuser</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Adds a new user in the domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">deletedomuser</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Removes a user from the domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">enumalsgroups</tt> <em class="replaceable">type</em></b></dt>
+<dd>
+<p>Lists alias groups in the domain, along with their group RIDs. The
+<em class="replaceable">type</em> argument can be either
+<tt class="literal">builtin</tt>, to list Windows built-in groups such as
+<tt class="literal">Administrators</tt> and <tt class="literal">Power</tt>
+<tt class="literal">Users</tt>, or <tt class="literal">domain</tt>, to list
+groups in the domain. See also the
+<em class="emphasis">queryuseraliases</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">enumdomgroups</tt></b></dt>
+<dd>
+<p>Lists the groups in the domain, along with their group RIDs.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">queryaliasmem</tt> <em class="replaceable">user_rid</em></b></dt>
+<dd>
+<p>Prints information regarding alias membership. See also the
+<em class="emphasis">queryuseraliases</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">querydispinfo</tt></b></dt>
+<dd>
+<p>Prints out the account database. The information printed includes the
+RID, username, and full name of each user. The RID is printed in
+hexadecimal notation and can be used in this form for commands that
+take a RID as an argument.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">querydominfo</tt></b></dt>
+<dd>
+<p>Prints information regarding the domain. This includes the name of
+the domain, as well as the number of users, groups, and aliases.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">querygroup</tt> <em class="replaceable">group_rid</em></b></dt>
+<dd>
+<p>Given a group RID, prints the group name, description, number of
+members, and group description.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">queryuser</tt> <em class="replaceable">user_rid</em></b></dt>
+<dd>
+<p>Given a user RID, prints the corresponding username, full name, and
+other information pertaining to the user.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">queryuseraliases</tt> <em class="replaceable">type</em> <em class="replaceable">user_rid</em></b></dt>
+<dd>
+<p>Prints aliases for the user. The <em class="replaceable">type</em>
+argument can be either <tt class="literal">builtin</tt> or
+<tt class="literal">domain</tt>. Aliases are used with the Windows
+messaging service and act like usernames, but they can be attached to
+a computer rather than a user. This allows messages intended for a
+user to be sent to a computer on which the user is either not logged
+on, or logged on under another username.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">queryusergroups</tt> <em class="replaceable">user_rid</em></b></dt>
+<dd>
+<p>Prints information on each group inhabited by the user.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">querygroupmem</tt> <em class="replaceable">group_rid</em></b></dt>
+<dd>
+<p>Prints the RID and attributes for each member of the group.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">samlookupnames</tt> <em class="replaceable">type username</em></b></dt>
+<dd>
+<p>Looks up the <em class="replaceable">username</em> in the SAM database
+and prints its associated RID. The <em class="replaceable">type</em>
+argument can be either <tt class="literal">builtin</tt>, to look up
+built-in Windows usernames, or <tt class="literal">domain</tt>, to look up
+names in the domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">samlookuprids</tt> <em class="replaceable">type rid</em></b></dt>
+<dd>
+<p>Looks up <em class="replaceable">rid</em> in the SAM database and
+prints its associated group or username. The
+<em class="replaceable">type</em> argument can be either
+<tt class="literal">builtin</tt>, to look up built-in Windows usernames, or
+<tt class="literal">domain</tt>, to look up names in the domain. The RID
+argument can be given in either 0xDDD hexadecimal notation or
+decimal.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">samquerysecobj</tt></b></dt>
+<dd>
+<p>Prints information on security objects (such as ACLs) in the SAM
+database.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+<div class="sect1"><a name="appc-40-fm2xml"/>
+
+<h4 class="refsect1">Windows NT/2000/XP Printing Services (SPOOLSS) commands</h4>
+
+<dl>
+<dt><b><tt class="literal">adddriver</tt> <em class="replaceable">arch config_file</em> </b></dt>
+<dd>
+<p>Adds a printer driver to the server. The driver files must already
+exist in the directory returned by <em class="emphasis">getdriverdir</em>.
+The <em class="replaceable">arch</em> argument can be one of
+<tt class="literal">Windows 4.0</tt> for Windows 95/98/Me, or
+<tt class="literal">Windows NT x86</tt>, <tt class="literal">Windows NT
+PowerPC</tt>, <tt class="literal">Windows Alpha_AXP</tt>, and
+<tt class="literal">Windows NT R4000</tt>. Others might be introduced in
+the future.</p>
+
+
+<p>The <em class="replaceable">config_file</em> should contain:</p>
+
+<blockquote><pre class="code">Long Printer Name:\
+Driver File Name:\
+Data File Name:\
+Config File Name:\
+Help File Name:\
+NULL:\
+Default Data Type:\</pre></blockquote>
+
+<p>followed by a comma-separated list of files. Any empty fields should
+contain the string <tt class="literal">NULL</tt>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">addprinter</tt> <em class="replaceable">printername sharename drivername port</em> </b></dt>
+<dd>
+<p>Adds a printer on the remote server as
+<em class="replaceable">sharename</em>. The printer driver must already
+be installed on the server with <em class="emphasis">adddriver</em>, and
+the port must be a valid port name returned by
+<em class="emphasis">enumports</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">deldriver</tt> <em class="replaceable">drivername</em></b></dt>
+<dd>
+<p>Deletes a printer driver (for all architectures) from the
+server's list of printer drivers.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">enumports</tt> <em class="replaceable">[level]</em></b></dt>
+<dd>
+<p>Prints information regarding the printer ports on the server. The
+<em class="replaceable">level</em> argument can be <tt class="literal">1</tt>
+or <tt class="literal">2</tt>. Level 1 is the default and prints out only
+the Port Name. Information level 2 is the Port Name, Monitor Name,
+Description, and Port Type.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">enumdrivers</tt> <em class="replaceable">[level]</em> </b></dt>
+<dd>
+<p>Lists all the printer drivers on the system. The
+<em class="replaceable">level</em> argument specifies the information
+level. Level 1 is the default and prints the Driver Name(s). Level 2
+prints the Version, Driver Name, Architecture, Driver Path, Data
+File, and Config File. Level 3 prints the contents of Level 2, plus
+the Help File, one or more Dependent Files, Monitor Name, and Default
+Data Type.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">enumprinters</tt> <em class="replaceable">[level]</em></b></dt>
+<dd>
+<p>Lists all installed printers, regardless of whether they are shared.
+The <em class="replaceable">level</em> argument specifies the
+information level. Level 1 is the default, and prints Flags, Name,
+Description, and Comment. Level 2 prints the Server Name, Printer
+Name, Share Name, Port Name, Driver Name, Comment, Location,
+Separator File, Print Processor, Data Type, Parameters, Attributes,
+Priority, Default Priority, Start Time, Until Time, Status, Current
+Jobs, Average PPM (pages per minute), and a Security Descriptor.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">getdriver</tt> <em class="replaceable">[level] printername</em></b></dt>
+<dd>
+<p>Prints the printer driver information for the given printer. The
+<em class="replaceable">level</em> argument specifies the information
+level.</p>
+
+
+<p>Level 1 is the default, and prints the Driver Name. Level 2 prints
+the Version, Driver Name, Architecture, Driver Path, Data File, and
+Config File. Level 3 prints the contents of level 2, plus the Help
+File, one or more Dependent Files, Monitor Name, and Default Data
+Type.</p>
+</dd>
+
+
+<dt><b><tt class="literal">getdriverdir</tt> <em class="replaceable">arch</em></b></dt>
+<dd>
+<p>Retrieves the share name and directory for storing printer driver
+files for a given architecture. Possible values for
+<em class="replaceable">arch</em> are &quot;<tt class="literal">Windows</tt>
+<tt class="literal">4.0</tt>&quot; for Windows 95/98/Me,
+&quot;<tt class="literal">Windows</tt> <tt class="literal">NT</tt>
+<tt class="literal">x86</tt>&quot; for Windows NT on Intel,
+&quot;<tt class="literal">Windows</tt> <tt class="literal">NT</tt>
+<tt class="literal">PowerPC</tt>&quot; for Windows NT on PowerPC,
+&quot;<tt class="literal">Windows</tt> <tt class="literal">Alpha</tt>
+<tt class="literal">AXP</tt>&quot; for Windows NT on Alpha, and
+&quot;<tt class="literal">Windows</tt> <tt class="literal">NT</tt>
+<tt class="literal">R4000</tt>&quot; for Windows NT on MIPS. Include the quote
+marks in the command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">getprinter</tt> <em class="replaceable">printername</em></b></dt>
+<dd>
+<p>Prints the current printer information. The
+<em class="replaceable">level</em> argument specifies the information
+level.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">openprinter</tt> <em class="replaceable">printername</em></b></dt>
+<dd>
+<p>Attempts to open and close a specified printer and reports whether it
+was successful.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">setdriver</tt> <em class="replaceable">printername drivername</em></b></dt>
+<dd>
+<p>Unconditionally updates the printer driver used by an installed
+printer. Both the printer and printer driver must already be
+correctly installed on the print server.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">setprinter</tt> <em class="replaceable">printername comment</em></b></dt>
+<dd>
+<p>Assigns a comment string to a printer.<a name="INDEX-15"/></p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-16"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbcacls</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program provides a way of modifying Windows NT ACLs on files and
+directories shared by the Samba server.</p>
+<div class="sect1"><a name="appc-42-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">smbcacls //<em class="replaceable">server</em>/<em class="replaceable">share filename</em> <em class="replaceable">[options]</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-43-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-A</tt> <em class="replaceable">acls</em></b></dt>
+<dd>
+<p>Adds one or more ACLs to the file or directory. Any ACLs already
+existing for the file or directory are unchanged.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-M</tt> <em class="replaceable">acls</em></b></dt>
+<dd>
+<p>Modifies the <em class="replaceable">mask</em> of the ACLs specified.
+Refer to the following section, &quot;Specifying
+ACLs,&quot; for details.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-D</tt> <em class="replaceable">acls</em></b></dt>
+<dd>
+<p>Deletes the specified ACLs.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-S</tt> <em class="replaceable">acls</em></b></dt>
+<dd>
+<p>Sets the specified ACLs, deleting any ACLs previously set on the file
+or directory. The ACLs must contain at least a revision, type, owner,
+and group.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-U</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Sets the username used to connect to the specified service. The user
+is prompted for a password unless the argument is specified as
+<em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em>.
+(Specifying the password on the command line is a security risk.) If
+<tt class="literal">-U</tt>
+<em class="replaceable">domain</em><tt class="literal">\\</tt><em class="replaceable">username</em>
+is specified, the specified domain or workgroup will be used in place
+of the one specified in the <em class="filename">smb.conf</em> file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-C</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Changes the owner of the file or directory. This is a shortcut for
+<tt class="literal">-M</tt>
+<tt class="literal">OWNER</tt>:<em class="replaceable">username</em>. The
+<em class="replaceable">username</em> argument can be given as a
+username or a SID in the form
+<tt class="literal">S-1-</tt><em class="replaceable">N-N-D-D-D-R</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-G</tt> <em class="replaceable">groupname</em></b></dt>
+<dd>
+<p>Changes the group of the file or directory. This is a shortcut for
+<tt class="literal">-M</tt>
+<tt class="literal">GROUP</tt>:<em class="replaceable">groupname</em>. The
+<em class="replaceable">groupname</em> argument can be given as a group
+name or a SID in the form
+<tt class="literal">S-1-</tt><em class="replaceable">N-N-D-D-D-R</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-n</tt></b></dt>
+<dd>
+<p>Causes all ACL information to be displayed in numeric format rather
+than in readable strings.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-h</tt></b></dt>
+<dd>
+<p>Prints a help message.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+<div class="sect1"><a name="appc-44-fm2xml"/>
+
+<h4 class="refsect1">Specifying ACLs</h4>
+<p>In the previous options, the same format is always used when
+specifying ACLs. An ACL is made up of one or more Access Control
+Entries (ACEs), separated by either commas or escaped newlines. An
+ACE can be one of the following:</p>
+
+<blockquote class="simplelist">
+
+<p><tt class="literal">REVISION</tt>:<em class="replaceable">revision_number</em></p>
+
+
+
+
+<p><tt class="literal">OWNER</tt>:<em class="replaceable">username_or_SID</em></p>
+
+
+
+
+<p><tt class="literal">GROUP</tt>:<em class="replaceable">group_name_or_SID</em></p>
+
+
+
+
+<p><tt class="literal">ACL</tt>:<em class="replaceable">name_or_SID</em>:<em class="replaceable">type</em>/<em class="replaceable">flags</em>/<em class="replaceable">mask</em></p>
+
+</blockquote>
+
+
+<p>The <em class="replaceable">revision_number</em> should always be 1.
+The <tt class="literal">OWNER</tt> and <tt class="literal">GROUP</tt> entries can
+be used to set the owner and group for the file or directory. The
+names can be the textual ones or SIDs in the form
+<tt class="literal">S-1-</tt><em class="replaceable">N</em><tt class="literal">-</tt><em class="replaceable">N</em><tt class="literal">-</tt><em class="replaceable">D</em><tt class="literal">-</tt><em class="replaceable">D-D-R</em>.</p>
+
+<p>The <tt class="literal">ACL</tt> entry specifies what access rights to
+apply to the file or directory. The
+<em class="replaceable">name_or_SID</em> field specifies to which user
+or group the permissions apply and can be supplied either as a
+textual name or a SID. An ACE can be used to either allow or deny
+access. The <em class="replaceable">type</em> field is set to
+<tt class="literal">1</tt> to specify a permission to be allowed or
+<tt class="literal">0</tt> for specifying a permission to deny. The
+<em class="replaceable">mask</em> field is the name of the permission
+and is one of the following:</p>
+
+<dl>
+<dt><b><tt class="literal">R</tt></b></dt>
+<dd>
+<p>Read access.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">W</tt></b></dt>
+<dd>
+<p>Write access.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">X</tt></b></dt>
+<dd>
+<p>Execute permission.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">D</tt></b></dt>
+<dd>
+<p>Permission to delete.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">P</tt></b></dt>
+<dd>
+<p>Change permissions on the object.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">O</tt></b></dt>
+<dd>
+<p>Take ownership.</p>
+</dd>
+
+</dl>
+
+
+<p>The following combined permissions can also be specified:</p>
+
+<dl>
+<dt><b><tt class="literal">READ</tt></b></dt>
+<dd>
+<p>Equivalent to RX permissions</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">CHANGE</tt></b></dt>
+<dd>
+<p>Equivalent to RWXD permissions</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">FULL</tt></b></dt>
+<dd>
+<p>Equivalent to RWXDPO permissions</p>
+</dd>
+
+</dl>
+
+
+<p>The <em class="replaceable">flags</em> field is for specifying how
+objects in directories are to inherit their default permissions from
+their parent directory. For files, <em class="replaceable">flags</em>
+is normally set to <tt class="literal">0</tt>. For directories,
+<em class="replaceable">flags</em> is usually set to either
+<tt class="literal">9</tt> or <tt class="literal">2</tt>.</p>
+
+</div>
+</div>
+
+<a name="INDEX-17"/><a name="INDEX-18"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbclient</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbclient</em> program is the
+&quot;Swiss army knife&quot; of the Samba
+suite. Initially developed as a testing tool, it has become a command
+shell capable of acting as a general-purpose Unix client, with a
+command set very similar to that of <em class="emphasis">ftp</em>. It
+offers the following set of functions:</p><ul><li>
+<p>Interactive file transfer, similar to <em class="emphasis">ftp</em></p>
+</li>
+<li>
+<p>Interactive printing to shared SMB printers</p>
+</li>
+<li>
+<p>Interactive tar format archiving</p>
+</li>
+<li>
+<p>Sending messages on the SMB network</p>
+</li>
+<li>
+<p>Batch mode tar format archiving</p>
+</li>
+<li>
+<p>&quot;What services do you have?&quot;
+querying</p>
+</li>
+<li>
+<p>Debugging</p>
+</li></ul>
+<div class="sect1"><a name="appc-45-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">smbclient //<em class="replaceable">server</em>/<em class="replaceable">share</em> <em class="replaceable">[ password] [options]</em></pre></blockquote>
+<p>It is possible to run <em class="emphasis">smbclient</em>
+noninteractively, for use in scripts, by specifying the
+<tt class="literal">-c</tt> option along with a list of commands to
+execute. Otherwise, <em class="emphasis">smbclient</em> runs in
+interactive mode, prompting for commands such as this:</p>
+
+<blockquote><pre class="code">smb:\&gt;</pre></blockquote>
+<p>The backslash in the prompt is replaced by the current directory
+within the share as you change your working directory with
+<em class="emphasis">smbclient</em>'s
+<em class="emphasis">cd</em> command.</p>
+
+</div>
+
+<div class="sect1"><a name="appc-46-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-A</tt> <em class="replaceable">authfile</em></b></dt>
+<dd>
+<p>Specifies a file from which to read the username and password used
+for the connection. The format of the file is as follows:</p>
+
+
+<blockquote><pre class="code">username = <em class="replaceable">value</em>
+password = <em class="replaceable">value</em>
+domain = <em class="replaceable">value</em></pre></blockquote>
+
+<p>This is to avoid having the password prompted for or have it appear
+in plain text in scripts. The permissions on the file should be very
+restrictive (0600, for example) to prevent access by unwanted users.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-b</tt> <em class="replaceable">buffer_size</em></b></dt>
+<dd>
+<p>Sets the size of the buffer used when transferring files. It defaults
+to 65520 bytes and can be changed as a tuning measure. Generally it
+should be quite large or set to match the size of the buffer on the
+remote system. It can be set smaller to work around Windows bugs:
+some Windows 98 systems work best with a buffer size of 1200.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-B</tt> <em class="replaceable">IP_addr</em></b></dt>
+<dd>
+<p>Sets the broadcast address.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-c</tt> <em class="replaceable">command_string</em> </b></dt>
+<dd>
+<p>Passes a command string to the <em class="emphasis">smbclient</em> command
+interpreter. The argument consists of a semicolon-separated list of
+commands to be executed.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">-d</em> <em class="replaceable">debug_level</em></b></dt>
+<dd>
+<p>Sets the debug (logging) level, from 0 to 10, with A for all.
+Overrides the value in <em class="filename">smb.conf</em>. Debug level 0
+logs only the most important messages; level 1 is normal; debug
+levels 3 and above are for debugging and slow
+<em class="emphasis">smbclient</em> considerably.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-D</tt> <em class="replaceable">init_dir</em></b></dt>
+<dd>
+<p>Upon starting up, causes <em class="emphasis">smbclient</em> to change its
+working directory to <em class="replaceable">init_dir</em> on the
+remote host.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-E</tt></b></dt>
+<dd>
+<p>Sends output from commands to <em class="emphasis">stderr</em> instead of
+<em class="emphasis">stdout</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-h</tt></b></dt>
+<dd>
+<p>Prints the command-line help information (usage) for
+<em class="emphasis">smbclient</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-I</tt> <em class="replaceable">IP_address</em></b></dt>
+<dd>
+<p>Sets the IP address of the server to which the client connects.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-i</tt> <em class="replaceable">scope</em></b></dt>
+<dd>
+<p>Sets a NetBIOS scope identifier.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-l</tt> <em class="replaceable">log_ file</em></b></dt>
+<dd>
+<p>Sends the log messages to <em class="replaceable">log_file</em> rather
+than to the log file specified in the Samba configuration file or the
+compiled-in default.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-L</tt> <em class="replaceable">server</em></b></dt>
+<dd>
+<p>Lists services (shares) offered by the server. This can be used as a
+quick way to test an SMB server to see if it is working. If there is
+a name-service problem, use the <tt class="literal">-I</tt> option to
+specify the server.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-M</tt> <em class="replaceable">NetBIOS_name</em></b></dt>
+<dd>
+<p>Allows you to send messages using the Windows messaging protocol.
+Once a connection is established, you can type your message, pressing
+Ctrl-D to end. The <tt class="literal">-U</tt> and <tt class="literal">-I</tt>
+options can be used to control the
+&quot;From&quot; and
+&quot;To&quot; parts of the message.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-N</tt></b></dt>
+<dd>
+<p>Suppresses the password prompt. Useful when using share mode security
+and accessing a service that has no password.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-n</tt> <em class="replaceable">NetBIOS_name</em></b></dt>
+<dd>
+<p>Allows you to override the NetBIOS name by which
+<em class="emphasis">smbclient</em> will advertise itself.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-O</tt> <em class="replaceable">socket_options</em></b></dt>
+<dd>
+<p>Sets the TCP/IP socket options using the same parameters as the
+<tt class="literal">socket options</tt> configuration option. Often used
+for performance tuning and testing.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-p</tt> <em class="replaceable">port_number</em></b></dt>
+<dd>
+<p>Sets the port number with which <em class="emphasis">smbclient</em> will
+connect.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-R</tt> <em class="replaceable">resolve_order</em></b></dt>
+<dd>
+<p>Sets the resolve order of the name servers. This option is similar to
+the <tt class="literal">resolve</tt> <tt class="literal">order</tt> configuration
+option and can take any of the four parameters
+<tt class="literal">lmhosts</tt>, <tt class="literal">host</tt>,
+<tt class="literal">wins</tt>, and <tt class="literal">bcast</tt>, in any order.
+If more than one is specified, the argument is specified as a
+space-separated list. This option can be used to test name service by
+specifying only the name service to be tested.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Specifies the location of the Samba configuration file. Used for
+debugging.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-t</tt> <em class="replaceable">terminal_code</em></b></dt>
+<dd>
+<p>Sets the terminal code for Asian languages.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-T</tt> <em class="replaceable">command_string tarfile</em></b></dt>
+<dd>
+<p>Runs the tar archiver, which is <em class="emphasis">gtar</em> compatible.
+The tar file that is written to or read from is specified by
+<em class="replaceable">tarfile</em>. The two main commands are
+<tt class="literal">c</tt> (create) and <tt class="literal">x</tt> (extract),
+which can be followed by any of these:</p>
+
+<dl>
+<dt><b><tt class="literal">a</tt></b></dt>
+<dd>
+<p>Resets the archive attribute on files after they have been saved. See
+also the <tt class="literal">g</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">b</tt> <em class="replaceable">size</em></b></dt>
+<dd>
+<p>Sets the block size for writing the tar file, in 512-byte units.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">g</tt></b></dt>
+<dd>
+<p>Backs up only files that have their archive bit set. See also the
+<tt class="literal">a</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">I</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Includes files and directories. This is the default, so specifying
+this is redundant. To perform pattern matching, see also the
+<tt class="literal">r</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">N</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Backs up only those files newer than <em class="replaceable">file</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">q</tt></b></dt>
+<dd>
+<p>Suppresses diagnostics.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">r</tt></b></dt>
+<dd>
+<p>Performs regular expression matching, which can be used along with
+the <tt class="literal">I</tt> or <tt class="literal">E</tt> option to include or
+exclude files.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">X</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Excludes files and directories.</p>
+</dd>
+
+</dl>
+</dd>
+
+
+
+<dt><b><tt class="literal">-U</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Sets the username and, optionally, the password used for
+authentication when connecting to the share.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-W</tt> <em class="replaceable">workgroup</em></b></dt>
+<dd>
+<p>Specifies the workgroup/domain in which
+<em class="emphasis">smbclient</em> will claim to be a member.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+<div class="sect1"><a name="appc-47-fm2xml"/>
+
+<h4 class="refsect1">smbclient commands</h4>
+
+<dl>
+<dt><b><tt class="literal">help</tt> <em class="replaceable">[smbclient_command]</em></b></dt>
+<dd>
+<p>With no command specified, prints a list of available commands. If a
+command is specified as an argument, a brief help message will be
+printed for it.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">!</tt> <em class="replaceable">[shell_command]</em></b></dt>
+<dd>
+<p>Shell escape. With no command specified, runs a Unix shell. If a
+command is specified, runs the command in a Unix shell.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">altname</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Causes <em class="emphasis">smbclient</em> to request from the server and
+then print the old-style, 8.3-format filename for the specified file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">cancel</tt> <em class="replaceable">print_jobid [...]</em></b></dt>
+<dd>
+<p>Causes <em class="emphasis">smbclient</em> to request the server to cancel
+one or more print jobs, as specified by the numeric job IDs provided
+as arguments. See also the <em class="emphasis">queue</em> command, which
+prints job IDs.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">chmod</tt> <em class="replaceable">filename octal_mode</em></b></dt>
+<dd>
+<p>Requests that the server change the Unix file permissions on
+<em class="replaceable">filename</em> to
+<em class="replaceable">octal_mode</em>, specified in octal numeric
+format. Works only if the server supports Unix CIFS extensions.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">chown</tt> <em class="replaceable">filename UID GID</em></b></dt>
+<dd>
+<p>Requests that the server change the owner and group of the file
+specified by <em class="replaceable">filename</em> to those provided as
+decimal numeric arguments <em class="replaceable">UID</em> and
+<em class="replaceable">GID</em>. Works only if the server supports
+Unix CIFS extensions.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">cd</tt> <em class="replaceable">[directory]</em></b></dt>
+<dd>
+<p>With no argument, prints the current working directory on the remote
+system. If a directory name is supplied as an argument, changes the
+working directory on the remote system to that specified.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">del</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Requests that the server delete one or more files, as specified by
+the argument, from the current working directory. The argument can be
+a filename globbing pattern using the * and ? characters.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">dir</tt> [<em class="replaceable">filename]</em></b></dt>
+<dd>
+<p>With no arguments, prints a list of files and directories in the
+working directory on the server. If an argument is provided, only
+files and directories whose names match the argument will be listed.
+The argument can be a filename globbing pattern using the * and ?
+characters.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">exit</tt></b></dt>
+<dd>
+<p>Quits the <em class="emphasis">smbclient</em> program after terminating
+the SMB connection to the server.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">get</tt> <em class="replaceable">remote_file [local_file]</em></b></dt>
+<dd>
+<p>Copies the file specified by <em class="replaceable">remote_file</em>
+from the server to the local system. If no
+<em class="replaceable">local_file</em> argument is specified,
+<em class="emphasis">smbclient</em> will name the local file the same as
+it is named on the server. If <em class="replaceable">local_file</em>
+is specified, it will be used as the name of the local copy. See also
+the <em class="emphasis">lowercase</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">help</tt> <em class="replaceable">[command]</em></b></dt>
+<dd>
+<p>A synonym for the <em class="emphasis">?</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lcd</tt> <em class="replaceable">[directory]</em></b></dt>
+<dd>
+<p>If no argument is provided, prints the name of
+<em class="emphasis">smbclient</em>'s working directory
+on the local system. If a directory name is provided as an argument,
+changes <em class="emphasis">smbclient</em>'s working
+directory to the directory specified.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">link</tt> <em class="replaceable">link_name filename</em></b></dt>
+<dd>
+<p>Requests that the server create a hard link to
+<em class="replaceable">filename</em> and name it
+<em class="replaceable">link_name</em>. This command works only if the
+server supports Unix CIFS extensions.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">lowercase</tt></b></dt>
+<dd>
+<p>Toggles the boolean lowercasing setting. When this setting is on,
+names of files copied from the server with the
+<em class="emphasis">get</em> and <em class="emphasis">mget</em> commands will
+be changed to all lowercase. This is mainly used for accessing
+servers that report filenames in all uppercase only.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ls</tt> <em class="replaceable">[filename]</em></b></dt>
+<dd>
+<p>A synonym for <em class="emphasis">dir</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">mask</tt> <em class="replaceable">[globbing_pattern]</em></b></dt>
+<dd>
+<p>Sets the filename globbing pattern for use with the
+<em class="emphasis">mget</em> and <em class="emphasis">mput</em> commands when
+recursion is turned on. (When recursion is off, the setting has no
+effect.) Both <em class="emphasis">mget</em> and <em class="emphasis">mput</em>
+accept a globbing pattern as arguments; however, those patterns apply
+only to the current directory. This command specifies the pattern
+used for all subdirectories that are recursively traversed. The
+pattern stays in effect until it is changed with another
+<em class="emphasis">mask</em> command. To return the setting to its
+original default, specify a
+<em class="replaceable">globbing_pattern</em> of an asterisk
+(<tt class="literal">*</tt>), which matches all files. See also the
+<em class="emphasis">mget</em>, <em class="emphasis">mput</em>, and
+<em class="emphasis">recurse</em> commands.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">mdir</tt> <em class="replaceable">directory</em></b></dt>
+<dd>
+<p>A synonym for the <em class="emphasis">mkdir</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">mget</tt> <em class="replaceable">pattern</em></b></dt>
+<dd>
+<p>When recursion is turned off, copies files matching the file-globbing
+pattern, as specified by the argument, from the current working
+directory on the server to the local system. When recursion is on,
+the <em class="replaceable">pattern</em> argument is used to match
+directories in the current working directory, and the pattern
+specified by the <em class="emphasis">mask</em> command is used for
+matching files within each directory and all subdirectories. See also
+the <em class="emphasis">lowercase</em>, <em class="emphasis">mask</em>, and
+<em class="emphasis">recurse</em> commands.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">print</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Prints the specified file. This requires that
+<em class="emphasis">smbclient</em> be connected to a print share. See
+also the <em class="emphasis">printmode</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">printmode</tt> <em class="replaceable">mode</em></b></dt>
+<dd>
+<p>Sets the mode that is used by the <em class="emphasis">print</em> command.
+The mode can be either <tt class="literal">text</tt>, for printing text
+files such as the ASCII files commonly found on Unix, or
+<tt class="literal">graphics</tt>, for printing binary files.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">prompt</tt></b></dt>
+<dd>
+<p>Toggles the prompting mode. When prompting is on (the default), the
+<em class="emphasis">mget</em> and <em class="emphasis">mput</em> commands will
+interactively prompt the user for permission to transfer each file.
+The user can answer either <tt class="literal">y</tt> (yes) or
+<tt class="literal">n</tt> (no), followed by a newline, to this prompt.
+When prompting is off, all the files will be transferred with no
+prompts issued.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">put</tt> <em class="replaceable">local_file [remote_file]</em></b></dt>
+<dd>
+<p>Copies the file specified by <em class="replaceable">local_file</em>
+from the local to the remote system. If no
+<em class="replaceable">remote_file</em> argument is specified,
+<em class="emphasis">smbclient</em> will name the remote file the same as
+it is named on the local system. If
+<em class="replaceable">remote_file</em> is specified, it will be used
+as the name of the remote copy. See also the
+<em class="emphasis">lowercase</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">queue</tt></b></dt>
+<dd>
+<p>Prints information on the print queue on the server. This requires
+that <em class="emphasis">smbclient</em> is connected to a print share.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">quit</tt></b></dt>
+<dd>
+<p>A synonym for <em class="emphasis">exit</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">rd</tt> <em class="replaceable">directory</em></b></dt>
+<dd>
+<p>A synonym for <em class="emphasis">rmdir</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">recurse</tt></b></dt>
+<dd>
+<p>Toggles the recursion mode, which affects the
+<em class="emphasis">mget</em> and <em class="emphasis">mput</em> commands.
+When recursion is off (the default), the <em class="emphasis">mget</em>
+and <em class="emphasis">mput</em> commands will copy only files from the
+current working directory that match the file-globbing pattern
+specified as an argument to the command, and the pattern set by the
+<em class="emphasis">mask</em> command is ignored. When recursion is
+turned on, the <em class="emphasis">mget</em> and
+<em class="emphasis">mput</em> commands recursively traverse any
+directories that match the pattern specified as the argument to the
+command, and the pattern set by the <em class="emphasis">mask</em> command
+is used to match files in those directories.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">rm</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>A synonym for <em class="emphasis">del</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">rmdir</tt> <em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Requests that the server remove the specified directory.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">setmode</tt> <em class="replaceable">filename attributes</em></b></dt>
+<dd>
+<p>Requests that the server assign the specified MS-DOS file attributes
+on the specified file. The <em class="replaceable">attributes</em>
+argument has the format of a leading plus sign (<tt class="literal">+</tt>)
+or minus sign (<tt class="literal">-</tt>) either to set or to unset the
+attribute(s), respectively, followed by one or more of the characters
+<tt class="literal">r</tt> (read), <tt class="literal">s</tt> (system),
+<tt class="literal">h</tt> (hidden), or <tt class="literal">a</tt> (archive).</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">symlink</tt> <em class="replaceable">link_name filename</em></b></dt>
+<dd>
+<p>Requests that the server create a symbolic link named
+<em class="replaceable">link_name</em> to
+<em class="replaceable">filename</em>. This command works only if the
+server supports Unix CIFS extensions. The server will not create a
+link that refers to a file not in the share to which
+<em class="emphasis">smbclient</em> is connected.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">tar</tt> <em class="replaceable">cmd_str</em></b></dt>
+<dd>
+<p>Performs an archiving operation using the tar format. This is the
+interactive form of the <tt class="literal">-T</tt> command-line operation,
+and the <em class="replaceable">cmd_str</em> argument is specified in
+the same manner. See also the <em class="emphasis">tarmode</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">blocksize</tt> <em class="replaceable">size</em></b></dt>
+<dd>
+<p>Sets the block size, in units of 512 bytes, for files written by the
+<em class="emphasis">tar</em> command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">tarmode</tt> <em class="replaceable">mode ...</em></b></dt>
+<dd>
+<p>Specifies how the <em class="emphasis">tar</em> command performs its
+archiving, including how it handles the archive attribute on files.
+Multiple <em class="replaceable">mode</em> arguments can be provided,
+chosen from the following:</p>
+
+<dl>
+<dt><b><tt class="literal">full</tt></b></dt>
+<dd>
+<p>All files will be included, regardless of whether their
+<tt class="literal">archive</tt> attribute is set. This is the default.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">inc</tt></b></dt>
+<dd>
+<p>Only files that have the <tt class="literal">archive</tt> attribute set
+will be included in the backup.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">reset</tt></b></dt>
+<dd>
+<p>The <tt class="literal">archive</tt> attribute will be unset by
+<em class="emphasis">tar</em> after the file is included in the archive.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">noreset</tt></b></dt>
+<dd>
+<p>The <tt class="literal">archive</tt> attribute will be left unchanged. This
+is the default.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">system</tt></b></dt>
+<dd>
+<p>Files with the <tt class="literal">system</tt> attribute set will be
+included in the archive. This is the default.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">nosystem</tt></b></dt>
+<dd>
+<p>Files with the <tt class="literal">system</tt> attribute set will not be
+included in the archive.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">hidden</tt></b></dt>
+<dd>
+<p>Files with the <tt class="literal">hidden</tt> attribute set will be
+included in the archive. This is the default.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">nohidden</tt></b></dt>
+<dd>
+<p>Files with the <tt class="literal">hidden</tt> attribute set will not be
+included in the archive.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">verbose</tt></b></dt>
+<dd>
+<p>As files are included in the archive (when creating the archive) or
+are read from the archive (when extracting it), the name of each file
+will be printed. This is the default.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">noverbose</tt></b></dt>
+<dd>
+<p>This turns verbose mode off, causing <em class="emphasis">tar</em> to
+perform its work quietly.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">quiet</tt></b></dt>
+<dd>
+<p>An antonym for the <tt class="literal">verbose</tt> mode. When quiet is on,
+verbose is off, and vice versa.<a name="INDEX-18"/></p>
+</dd>
+
+</dl>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-19"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbcontrol</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbcontrol</em> command sends control messages to
+running <em class="emphasis">smbd</em> or <em class="emphasis">nmbd</em>
+processes.</p>
+<div class="sect1"><a name="appc-49-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">smbcontrol -i<em class="replaceable"> [options]</em></pre></blockquote>
+<p>or:</p>
+
+<blockquote><pre class="code">smbcontrol <em class="replaceable">[options] process message-type [parameters]</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-50-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-i</tt></b></dt>
+<dd>
+<p>Runs <em class="emphasis">smbcontrol</em> interactively, executing
+commands until a blank line or &quot;q&quot;
+is read. The user must have superuser privileges.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Specifies the location of the Samba configuration file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">debuglevel</em></b></dt>
+<dd>
+<p>Sets the debugging level for logging. The debug level can be set from
+to 10.</p>
+</dd>
+
+</dl>
+
+
+<p>Whether <em class="emphasis">smbcontrol</em> commands are issued in
+interactive mode or from the command line, the commands are in the
+same format. Each command has up to three parts:</p>
+
+<dl>
+<dt><b><em class="replaceable">process</em></b></dt>
+<dd>
+<p>Specifies the process or group of processes to which to send the
+message. If <em class="replaceable">process</em> is
+<tt class="literal">smbd</tt>, all <em class="emphasis">smbd</em> processes will
+receive the message. If <em class="replaceable">process</em> is
+<tt class="literal">nmbd</tt>, only the main <em class="emphasis">nmbd</em>
+process (identified by Samba's
+<em class="filename">nmbd.pid</em> file) receives the message. If
+<em class="replaceable">process</em> is the numeric PID of a running
+process on the system, that process will receive the message.</p>
+</dd>
+
+
+
+<dt><b><em class="replaceable">message-type</em></b></dt>
+<dd>
+<p>Specifies the type of message that is sent. For more information, see
+<a href="appc.html#appc-51-fm2xml">smbcontrol message
+types</a> that follows.</p>
+</dd>
+
+
+
+<dt><b><em class="replaceable">parameters</em></b></dt>
+<dd>
+<p>Specifies additional parameters required by some messages.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+<div class="sect1"><a name="appc-51-fm2xml"/>
+
+<h4 class="refsect1">smbcontrol message types</h4>
+
+<dl>
+<dt><b><tt class="literal">close-share</tt> <em class="replaceable">share_name</em></b></dt>
+<dd>
+<p>Closes the connection to a share or shares. If
+<em class="replaceable">share_name</em> is specified as an asterisk
+(<tt class="literal">*</tt>), connections to all shares will be closed. To
+close a single connection, <em class="replaceable">share_name</em> is
+given as the name of a share, as specified in the Samba configuration
+file, not including the enclosing brackets. Warning: no message is
+printed if there is an error in specifying
+<em class="replaceable">share_name</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">debug</tt> <em class="replaceable">num</em></b></dt>
+<dd>
+<p>Sets the debugging level. The <em class="replaceable">num</em>
+parameter specifies the level, which can be from 0 to 10.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">debuglevel</tt></b></dt>
+<dd>
+<p>Prints the current debugging level.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">force-election</tt></b></dt>
+<dd>
+<p>Can be used only with <em class="emphasis">nmbd</em>, telling it to force
+a master browser election.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ping</tt> <em class="replaceable">number</em></b></dt>
+<dd>
+<p>Sends <em class="emphasis">number</em> of pings and reports when they
+receive a reply or timeout. Used for connectivity testing.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">profile</tt> <em class="replaceable">mode</em></b></dt>
+<dd>
+<p>Controls profiling statistics collection. If
+<em class="replaceable">mode</em> is <tt class="literal">on</tt>, profile
+statistics will be collected. If <em class="replaceable">mode</em> is
+<tt class="literal">off</tt>, collection of statistics is turned off. If
+<em class="replaceable">mode</em> is specified as
+<tt class="literal">count</tt>, only counting statistics are collected (and
+not timing statistics). If <em class="replaceable">mode</em> is
+<tt class="literal">flush</tt>, the data set is cleared (initialized).</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">profilelevel</tt></b></dt>
+<dd>
+<p>Prints the current profiling level.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">printer-notify</tt> <em class="replaceable">printer_name</em></b></dt>
+<dd>
+<p>Sends a printer notify message to Windows NT/2000/XP for the
+specified printer. This message can be sent only to
+<em class="emphasis">smbd</em>. Warning: no message is printed if the
+<em class="replaceable">printer_name</em> parameter is specified
+incorrectly.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-20"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbgroupedit</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This command, new to Samba 3.0, sets up mappings between Unix groups
+and Windows NT/2000/XP groups and also allows a Unix group to become
+a domain group. This command must be run by the superuser.</p>
+<div class="sect1"><a name="appc-53-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">smbgroupedit <em class="replaceable">[options]</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-54-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-a</tt> <em class="replaceable">Unix_group_name</em></b></dt>
+<dd>
+<p>Adds a mapping for the specified Unix group. The
+<tt class="literal">-n</tt> option is used along with this option to
+specify the Windows NT group to which the Unix group is mapped.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-c</tt> <em class="replaceable">SID</em></b></dt>
+<dd>
+<p>Changes a mapping between a Windows NT group and a Unix group. The
+Windows NT group is specified as a SID with this option, and the Unix
+group is specified with the <tt class="literal">-u</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">description</em></b></dt>
+<dd>
+<p>Specifies a comment for the mapping, which will be stored along with
+it.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-l</tt></b></dt>
+<dd>
+<p>When used with the <tt class="literal">-v</tt> option, prints a long
+listing. This is the default. The information printed includes the
+name of the Windows NT group, its SID, its corresponding Unix group
+(if a mapping has been defined), the group type, the comment, and the
+privileges of the group.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-n</tt> <em class="replaceable">Windows_group_name</em></b></dt>
+<dd>
+<p>Specifies the name of the Windows NT group. Used with the
+<tt class="literal">-a</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-p</tt> <em class="replaceable">privilege</em></b></dt>
+<dd>
+<p>Used along with the <tt class="literal">-a</tt> option to specify a Windows
+NT privilege to be given to the Unix group.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt></b></dt>
+<dd>
+<p>When used with the <tt class="literal">-v</tt> option, prints a short
+listing. The information printed includes just the name of the
+Windows NT group, its SID, and, if a mapping has been defined, its
+corresponding Unix group. This option is useful for determining the
+SID of a group, for use with the <tt class="literal">-c</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-t</tt> <em class="replaceable">TYPE</em></b></dt>
+<dd>
+<p>Assigns a Windows group type to the group.
+<em class="replaceable">TYPE</em> is a single character, and is one of
+<tt class="literal">b</tt> (built-in), <tt class="literal">d</tt> (domain), or
+<tt class="literal">l</tt> (local).</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-u</tt> <em class="replaceable">Unix_group_name</em></b></dt>
+<dd>
+<p>Specifies the name of the Unix group to map to the Windows NT group.
+Used with the <tt class="literal">-c</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-v</tt></b></dt>
+<dd>
+<p>Prints a list of groups in the Windows NT domain in which the Samba
+server is operating. See also the <tt class="literal">-l</tt> and
+<tt class="literal">-s</tt> options.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-x</tt> <em class="replaceable">Unix_group_name</em></b></dt>
+<dd>
+<p>Deletes the mapping for the Unix group specified.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-21"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbmnt</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This is a low-level helper program for mounting smbfs filesystems. It
+used by <em class="emphasis">smbmount</em> to do the privileged part of
+the mount operation on behalf of an ordinary user. Generally, users
+should not run this command directly.</p>
+<div class="sect1"><a name="appc-56-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">smbmnt mnt_point <em class="replaceable">[options]</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-57-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-r</tt></b></dt>
+<dd>
+<p>Mounts the filesystem as read-only.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-u</tt> <em class="replaceable">uid</em> </b></dt>
+<dd>
+<p>Specifies the UID to use for the owner of the files.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-g</tt> <em class="replaceable">gid</em></b></dt>
+<dd>
+<p>Specifies the GID to use for the group of the files.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-f</tt> <em class="replaceable">mask</em></b></dt>
+<dd>
+<p>Specifies the octal file mask.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">mask</em></b></dt>
+<dd>
+<p>Specifies the octal directory mask.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-o</tt> <em class="replaceable">options</em></b></dt>
+<dd>
+<p>Specifies the list of options that are passed to the smbfs module.</p>
+</dd>
+
+</dl>
+
+
+<p>To allow users to mount SMB shares without help from an
+administrator, set the &quot;set user
+ID&quot; permission on the <em class="emphasis">smbmnt</em>
+executable. However, note that this can raise security issues.</p>
+
+</div>
+</div>
+
+<a name="INDEX-22"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbmount</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program mounts an smbfs filesystem on a mount point in the Unix
+filesystem. It is typically called as <em class="emphasis">mount.smb</em>
+from <em class="emphasis">mount</em>, although it can also be run directly
+by users. After mounting the smbfs filesystem,
+<em class="emphasis">smbmount</em> continues to run as a daemon as long as
+the filesystem is mounted. It logs events in the file
+<em class="filename">log.smbmount</em> in the same directory as the other
+Samba log files (which is commonly
+<em class="filename">/usr/local/samba/var</em> by default). The logging
+level is controlled by the <tt class="literal">debug level</tt> parameter
+in the Samba configuration file.</p>
+<div class="sect1"><a name="appc-59-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">smbmount <em class="replaceable">service mount_point [-o options]</em></pre></blockquote>
+<p>The service argument specifies the SMB share to mount, given as a
+UNC. The <em class="replaceable">mount_point</em> argument specifies a
+directory to use as the mount point. The options to
+<em class="emphasis">smbmount</em> are specified as a comma-separated list
+of
+<em class="replaceable">key</em><tt class="literal">=</tt><em class="replaceable">value</em>
+pairs. The documented options are as follows. Others can be passed if
+the kernel supports them.</p>
+
+</div>
+
+<div class="sect1"><a name="appc-60-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">username=</tt><em class="replaceable">name</em></b></dt>
+<dd>
+<p>Specifies the username to connect as. If this is not provided, the
+environment variable USER will be tried. The name can be specified as
+<em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em>,
+<em class="replaceable">user</em><tt class="literal">/</tt><em class="replaceable">workgroup</em>,
+or
+<em class="replaceable">user</em><tt class="literal">/</tt><em class="replaceable">workgroup</em><tt class="literal">%</tt><em class="replaceable">password</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">password=</tt><em class="replaceable">string</em></b></dt>
+<dd>
+<p>Specifies the SMB password. If no password is provided using this
+option, the <em class="emphasis">username</em> option, or the
+<em class="emphasis">credentials</em> option, the environment variable
+PASSWD is used. If that also does not exist,
+<em class="emphasis">smbmount</em> will prompt interactively for a
+password.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">credentials=</tt><em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Specifies a file that contains a username and password in the
+following format:</p>
+
+
+<blockquote><pre class="code">username = <em class="replaceable">value</em>
+password = <em class="replaceable">value</em></pre></blockquote>
+</dd>
+
+
+<dt><b><tt class="literal">uid=</tt><em class="replaceable">number</em></b></dt>
+<dd>
+<p>Sets the Unix user ID to be used as the owner of all files in the
+mounted filesystem. It can be specified as a username or numeric UID.
+Defaults to the UID of the user running
+<em class="emphasis">smbmount</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">gid=</tt><em class="replaceable">number</em></b></dt>
+<dd>
+<p>Sets the Unix group ID to be used as the group for all files in the
+mounted filesystem. It can be specified as a group name or a numeric
+GID. Defaults to the GID of the user running
+<em class="emphasis">smbmount</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">port=</tt><em class="replaceable">number</em></b></dt>
+<dd>
+<p>Sets the TCP port number. This is 139, which is required by most
+Windows versions.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">fmask=</tt><em class="replaceable">octal_mask</em> </b></dt>
+<dd>
+<p>Sets the Unix permissions of all files in the mounted filesystem.
+Defaults to the user's current umask.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">dmask=</tt><em class="replaceable">octal_mask</em></b></dt>
+<dd>
+<p>Sets the Unix permissions of all directories in the mounted
+filesystem. Defaults to the current umask.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">debug=</tt><em class="replaceable">number</em></b></dt>
+<dd>
+<p>Sets the debugging level.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ip=</tt><em class="replaceable">host</em></b></dt>
+<dd>
+<p>Sets the destination hostname or IP address.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">netbiosname=</tt><em class="replaceable">name</em></b></dt>
+<dd>
+<p>Sets the computer name to connect as. This defaults to the hostname
+of the local system.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">workgroup=</tt><em class="replaceable">name</em></b></dt>
+<dd>
+<p>Sets the workgroup or domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">sockopt=</tt><em class="replaceable">opts</em></b></dt>
+<dd>
+<p>Sets TCP socket options.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">scope=</tt><em class="replaceable">num</em></b></dt>
+<dd>
+<p>Sets the NetBIOS scope.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">guest</tt></b></dt>
+<dd>
+<p>Don't expect or prompt for a password.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ro</tt></b></dt>
+<dd>
+<p>Mounts the share read-only.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">rw</tt></b></dt>
+<dd>
+<p>Mounts the share read-write.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">iocharset=</tt><em class="replaceable">charset</em></b></dt>
+<dd>
+<p>Sets the charset used by the Linux machine for codepage-to-charset
+translation. See also the <em class="emphasis">codepage</em> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">codepage=</tt><em class="replaceable">page</em></b></dt>
+<dd>
+<p>Sets the DOS code page. See also the <em class="emphasis">iocharset</em>
+option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">ttl=</tt><em class="replaceable">milliseconds</em></b></dt>
+<dd>
+<p>Sets the time to live, in milliseconds, for entries in the directory
+cache. A higher value gives better performance on large directories
+and/or slower connections. The default is 1000ms. Try 10000ms (10
+seconds) as a starting value if directory operations are visibly
+slow.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-23"/><a name="INDEX-24"/><a name="INDEX-25"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbpasswd</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbpasswd</em> program provides the general
+function of managing <a name="INDEX-24"/><a name="INDEX-25"/>encrypted
+passwords. How it works depends on whether it is run by the superuser
+or an ordinary user.</p><p>For the superuser, <em class="emphasis">smbpasswd</em> can be used to
+maintain Samba's <em class="filename">smbpasswd</em>
+file. It can add or delete users, change their passwords, and modify
+other attributes pertaining to the user that are held in the
+<em class="filename">smbpasswd</em> file.</p><p>When run by ordinary users, <em class="emphasis">smbpasswd</em> can be
+used only to change their encrypted passwords. In this mode of
+operation, <em class="emphasis">smbpasswd</em> acts as a client to the
+<em class="emphasis">smbd</em> daemon. The program will fail if
+<em class="emphasis">smbd</em> is not operating, if the <tt class="literal">hosts
+allow</tt> or <tt class="literal">hosts deny</tt> parameters in the
+Samba configuration file do not permit connections from localhost (IP
+address 127.0.0.1), or if the <tt class="literal">encrypted passwords</tt>
+option is set to <tt class="literal">no</tt>. It is also possible for
+<em class="emphasis">smbpasswd</em> to change a user's
+password when it is maintained on a remote system, including a
+Windows NT domain controller.</p>
+<div class="sect1"><a name="appc-62-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+<p>When run by the superuser:</p>
+
+<blockquote><pre class="code">smbpasswd <em class="replaceable">[options] [username] [password]</em></pre></blockquote>
+<p>In this case, the username of the user whose
+<em class="emphasis">smbpasswd</em> entry is to be modified is provided as
+the second argument.</p>
+
+<p>Otherwise:</p>
+
+<blockquote><pre class="code">smbpasswd <em class="replaceable">[options] [password]</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-63-fm2xml"/>
+
+<h4 class="refsect1">Superuser-only options</h4>
+
+<dl>
+<dt><b><tt class="literal">-a</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Adds a user to the encrypted password file. The user must already
+exist in the system password file (<em class="filename">/etc/passwd</em>
+). If the user already exists in the <em class="filename">smbpasswd</em>
+file, the <tt class="literal">-a</tt> option changes the existing password.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Disables a user in the encrypted password file. The
+user's entry in the file will remain, but will be
+marked with a flag disabling the user from authenticating.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-e</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Enables a disabled user in the encrypted password file. This
+overrides the effect of the <tt class="literal">-d</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-j</tt> <em class="replaceable">domain</em></b></dt>
+<dd>
+<p>Joins the Samba server to a Windows NT domain as a domain member
+server. The <em class="replaceable">domain</em> argument is the NetBIOS
+name of the Windows NT domain that is being joined. See also the
+<tt class="literal">-r</tt> and <tt class="literal">-U</tt> options.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-m</tt></b></dt>
+<dd>
+<p>Indicates that the account is a computer account in a Windows NT
+domain rather than a domain user account.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-n</tt></b></dt>
+<dd>
+<p>Sets the user's password to a null password. For the
+user to authenticate, the parameter <tt class="literal">null</tt>
+<tt class="literal">passwords</tt> <tt class="literal">=</tt>
+<tt class="literal">yes</tt> must exist in the <tt class="literal">[global]</tt>
+section of the Samba configuration file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-R</tt> <em class="replaceable">resolve_order_list</em></b></dt>
+<dd>
+<p>Sets the resolve order of the name servers. This option is similar to
+the <tt class="literal">resolve</tt> <tt class="literal">order</tt> configuration
+option and can take any of the four parameters
+<tt class="literal">lmhosts</tt>, <tt class="literal">host</tt>,
+<tt class="literal">wins</tt>, and <tt class="literal">bcast</tt>, in any order.
+If more than one is specified, the argument is specified as a
+space-separated list.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-w</tt> <em class="replaceable">password</em></b></dt>
+<dd>
+<p>For use when Samba has been compiled with the
+<tt class="literal">--with-ldapsam</tt> configure option. Specifies the
+password that goes with the value of the <tt class="literal">ldap admin
+dn</tt> Samba configuration file parameter.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-x</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Deletes the user from the <em class="filename">smbpasswd</em> file. This
+is a one-way operation, and all information associated with the entry
+is lost. To disable the account without deleting the
+user's entry in the file, see the
+<tt class="literal">-d</tt> option.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+<div class="sect1"><a name="appc-64-fm2xml"/>
+
+<h4 class="refsect1">Other options</h4>
+
+<dl>
+<dt><b><tt class="literal">-c</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Specifies the Samba configuration file, overriding the compiled-in
+default.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-D</tt> <em class="replaceable">debug_level</em></b></dt>
+<dd>
+<p>Sets the debug (also called logging) level. The level can range from
+to 10. Debug level 0 logs only the most important messages; level 1
+is normal; levels 3 and above are primarily for debugging and slow
+the program considerably.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-h</tt></b></dt>
+<dd>
+<p>Prints command-line usage information.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-L</tt></b></dt>
+<dd>
+<p>Causes <em class="emphasis">smbpasswd</em> to run in local mode, in which
+ordinary users are allowed to use the superuser-only options. This
+requires that the <em class="filename">smbpasswd</em> file be made
+readable and writable by the user. This is for testing purposes.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-r</tt> <em class="replaceable">NetBIOS_name</em></b></dt>
+<dd>
+<p>Specifies on which machine the password should change. If changing a
+Windows NT domain password, the remote system specified by
+<em class="replaceable">NetBIOS_name</em> must be the PDC for the
+domain. The user's username on the local system is
+used by default. See also the <tt class="literal">-U</tt> option for use
+when the user's Samba username is different from the
+local username.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-R</tt> <em class="replaceable">resolve_order</em></b></dt>
+<dd>
+<p>Sets the resolve order of the name servers. This option is similar to
+the resolve order configuration option and can take any of the four
+parameters <tt class="literal">lmhosts</tt>, <tt class="literal">host</tt>,
+<tt class="literal">wins</tt>, and <tt class="literal">bcast</tt>, in any order.
+If more than one is specified, the argument is specified as a
+space-separated list.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Causes <em class="emphasis">smbpasswd</em> not to prompt for passwords
+from <em class="filename">/dev/tty</em>, but instead to read the old and
+new passwords from the standard input. This is useful when calling
+<em class="emphasis">smbpasswd</em> from a script.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-S</tt></b></dt>
+<dd>
+<p>Queries the domain controller of the domain, as specified by the
+<tt class="literal">workgroup</tt> parameter in the Samba configuration
+file, and retrieves the domain's SID. This will then
+be used as the SID for the local system. A specific PDC can be
+selected by combining this option with the <tt class="literal">-r</tt>
+option, and its domain's SID will be used. This
+option is for migrating domain accounts from a Windows NT primary
+domain controller to a Samba PDC.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-U</tt> <em class="replaceable">username[</em><tt class="literal">%</tt><em class="replaceable">password]</em></b></dt>
+<dd>
+<p>Changes the password for <em class="replaceable">username</em> on the
+remote system. This is to handle instances in which the remote
+username and local username are different. This option requires that
+<tt class="literal">-r</tt> also be used. Often used with
+<tt class="literal">-j</tt> to provide the username of the administrative
+user on the primary domain controller for adding computer accounts.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-26"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbsh</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbsh</em> program allows SMB shares to be
+accessed from a Unix system. When <em class="emphasis">smbsh</em> is run,
+an extra directory tree called <em class="filename">/smb </em>becomes
+available to dynamically linked shell commands. The first level of
+directories under <em class="filename">/smb</em> represent available
+workgroups, the next level of subdirectories represent the SMB
+servers in each workgroup, and the third level of subdirectories
+represent the disk and printer shares of each server.</p><p>Samba must be compiled with the <tt class="literal">--with-smbwrappers</tt>
+option to enable <em class="emphasis">smbsh</em>.</p>
+<div class="sect1"><a name="appc-66-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><em class="emphasis">-d</em> <em class="replaceable">debug_level</em></b></dt>
+<dd>
+<p>Sets the debug (sometimes called logging) level. The level can range
+from 0, the default, to 10. Debug level 0 logs only the most
+important messages; level 1 is normal; levels 3 and above are
+primarily for debugging and slow <em class="emphasis">smbsh</em>
+considerably.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">-l</em> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Sets the name of the logging file. By default, messages are sent to
+<em class="emphasis">stderr</em>.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">-L</em> <em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies the location of
+<em class="emphasis">smbsh</em>'s shared libraries,
+overriding the compiled-in default.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">-P</em> <em class="replaceable">prefix</em></b></dt>
+<dd>
+<p>Sets the name of the <tt class="literal">root</tt> directory to use for the
+SMB filesystem. The default is <em class="filename">/smb</em>.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">-R</em> <em class="replaceable">resolve_order</em></b></dt>
+<dd>
+<p>Sets the resolve order of the name servers. This option is similar to
+the <tt class="literal">resolve</tt> <tt class="literal">order</tt> configuration
+option and can take any of the four parameters
+<tt class="literal">lmhosts</tt>, <tt class="literal">host</tt>,
+<tt class="literal">wins</tt>, and <tt class="literal">bcast</tt>, in any order.
+If more than one is specified, the argument is specified as a
+space-separated list.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">-U</em> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Provides the username, and optionally the password, for
+authenticating the connection to the SMB server. The password can be
+supplied using the
+<em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em>
+format. If either or both the username and password are not provided,
+<em class="emphasis">smbsh</em> will prompt interactively for them.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">-W</em> <em class="replaceable">workgroup</em></b></dt>
+<dd>
+<p>Specifies the NetBIOS workgroup or domain to which the client will
+connect. This overrides the workgroup parameter in the Samba
+configuration file and is sometimes necessary to connect to some
+servers.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-27"/><a name="INDEX-28"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbspool</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbspool</em> program provides a
+<a name="INDEX-28"/>CUPS-compatible
+interface to Samba printing by providing a way to send a print job to
+an SMB printer using the command-line format specified by CUPS
+printers. Although <em class="emphasis">smbspool</em> is designed to work
+best with CUPS printers, it can be used to send print jobs to
+non-CUPS Samba printers as well.</p>
+<div class="sect1"><a name="appc-68-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">smbspool <em class="replaceable">job user title copies options filename</em></pre></blockquote>
+<p>The arguments for <em class="emphasis">smbspool</em>, as shown here, are
+those used in the CUPS printing system. However, some of the
+arguments are currently ignored because they don't
+correspond to the Samba printing system. These arguments must be
+supplied in the command and can be filled in with
+&quot;dummy&quot; values.</p>
+
+<p>The <em class="replaceable">job</em> argument refers to the job number
+and is currently ignored. The <em class="replaceable">user</em>
+argument is the name of the user who submitted the print job and is
+also ignored. The <em class="replaceable">title</em> argument is the
+name of the print job and must be supplied. It is used as the name of
+the remote print file. The <em class="replaceable">copies</em> argument
+is the number of copies that will be printed. This number is used
+only if the (optional) <em class="filename">filename</em> argument is
+supplied. Otherwise, only one copy is printed. The
+<em class="replaceable">options</em> argument, for specifying printing
+options, is ignored. The <em class="replaceable">filename</em> argument
+is used for specifying the name of the file to be printed. If it is
+not provided, the standard input will be used.</p>
+
+<p>The printer that the job is to be sent to is specified in the
+DEVICE_URI environment variable. The format for the printer name is a
+device Universal Resource Indicator, which can be in any of the
+following formats:</p>
+
+<blockquote class="simplelist">
+
+<p><em class="emphasis">smb://server/printer</em></p>
+
+
+
+
+<p><em class="emphasis">smb://workgroup/server/printer</em></p>
+
+
+
+
+<p><em class="emphasis">smb://username:password@server/printer</em></p>
+
+
+
+
+<p><em class="emphasis">smb://username:password@workgroup/server/printer</em></p>
+
+</blockquote>
+
+
+</div>
+</div>
+
+<a name="INDEX-29"/><a name="INDEX-30"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbstatus</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program lists the current connections on a Samba server.</p>
+<div class="sect1"><a name="appc-70-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-b</tt></b></dt>
+<dd>
+<p>Causes <em class="emphasis">smbstatus</em> to produce brief output. This
+includes the version of Samba and auditing information about the
+users that are connected to the server.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-d</tt></b></dt>
+<dd>
+<p>Gives verbose output, which includes a list of services, a list of
+locked files, and memory usage statistics. This is the default.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-L</tt></b></dt>
+<dd>
+<p>Prints only the list of current file locks.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-p</tt></b></dt>
+<dd>
+<p>Prints only a list of <em class="emphasis">smbd</em> process IDs.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-P</tt></b></dt>
+<dd>
+<p>Prints only the contents of the profiling memory area. Requires that
+Samba has been compiled with the profiling option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-S</tt></b></dt>
+<dd>
+<p>Prints only a list of shares and their connections.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Specifies the Samba configuration file to use when processing this
+command.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-u</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Limits the report to the activity of a single user.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-31"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbtar</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbtar</em> program is a shell-script wrapper
+around <em class="emphasis">smbclient</em> for doing tar-format archiving
+operations. It is functionally very similar to the Unix
+<em class="emphasis">tar</em> program.</p>
+<div class="sect1"><a name="appc-72-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">smbtar <em class="replaceable">[options]</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-73-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-a</tt></b></dt>
+<dd>
+<p>Resets (clears) the archive attribute on files after they are backed
+up. The default is to leave the archive attribute unchanged.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-b</tt> <em class="replaceable">blocksize</em></b></dt>
+<dd>
+<p>Sets block size, in units of 512 bytes, for reading or writing the
+archive file. Defaults to 20, which results in a block size of 10240
+bytes.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-d</tt> <em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Changes the working directory on the remote system to
+<em class="replaceable">directory</em> before starting the restore or
+backup operation.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-i</tt></b></dt>
+<dd>
+<p>Specifies incremental mode; files are backed up only if they have the
+DOS archive attribute set. The archive attribute is reset (cleared)
+after each file is read.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-l</tt> <em class="replaceable">log_level</em></b></dt>
+<dd>
+<p>Sets the logging level. This corresponds to the <tt class="literal">-d</tt>
+option of <em class="emphasis">smbclient</em> and other Samba programs.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-N</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Backs up only files newer than <em class="filename">filename</em>. For
+incremental backups.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-p</tt> <em class="replaceable">password</em></b></dt>
+<dd>
+<p>Specifies the password to use to access a share. An alternative to
+using the
+<em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em>
+format with the <tt class="literal">-u</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-r</tt></b></dt>
+<dd>
+<p>Restores files to the share from the tar file.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">server</em></b></dt>
+<dd>
+<p>Specifies the SMB server. See also the <tt class="literal">-x</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-t</tt> <em class="replaceable">filename</em></b></dt>
+<dd>
+<p>Specifies the file or Unix device to use as the archiving medium. The
+default is <em class="filename">tar.out</em> or the value of the TAPE
+environment variable, if it has been set.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-u</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Specifies the user account to use when connecting to the share. You
+can specify the password as well, in the format
+<em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em>.
+The username defaults to the user's Unix username.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-v</tt></b></dt>
+<dd>
+<p>Operates in verbose mode, printing error messages and additional
+information that can be used in debugging and monitoring. Backup and
+restore operations will list each file as it is processed.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-x</tt> <em class="replaceable">share</em></b></dt>
+<dd>
+<p>States the name of the share on the server to which to connect. The
+default is <tt class="literal">backup</tt>. See also the
+<tt class="literal">-s</tt> option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-X</tt> <em class="replaceable">file_list</em></b></dt>
+<dd>
+<p>Tells <em class="emphasis">smbtar</em> to exclude the specified files from
+the backup or restore operation.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-32"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>smbumount</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">smbumount</em> command exists to allow an
+ordinary (nonsuperuser) user to unmount a smbfs filesystem, which the
+user had previously mounted using <em class="emphasis">smbmount</em>.</p>
+<div class="sect1"><a name="appc-75-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">smbumount <em class="replaceable">mount_point</em></pre></blockquote>
+<p>For ordinary users to issue the command,
+<em class="emphasis">smbumount</em> must be made suid
+<tt class="literal">root</tt>.</p>
+
+</div>
+</div>
+
+<a name="INDEX-33"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>testparm</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>The <em class="emphasis">testparm</em> program checks a Samba
+configuration file for obvious errors.</p>
+<div class="sect1"><a name="appc-77-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">testparm <em class="replaceable">[options] [filename] [hostname IP_addr]</em></pre></blockquote>
+<p>If the configuration file is not provided using the
+<em class="filename">filename</em> argument, then it defaults to
+<em class="filename">/usr/local/samba/lib/smb.conf</em>. If the hostname
+and an IP address of a system are included, an extra check is made to
+ensure that the system is allowed to connect to each service defined
+in the configuration file. This is done by comparing the hostname and
+IP address to the definitions of the <tt class="literal">hosts allow</tt>
+and <tt class="literal">hosts deny</tt> parameters.</p>
+
+</div>
+
+<div class="sect1"><a name="appc-78-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-h</tt></b></dt>
+<dd>
+<p>Prints usage information for the program.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-L</tt> <em class="replaceable">server_name</em></b></dt>
+<dd>
+<p>Sets the <tt class="literal">%L</tt> configuration variable to the
+specified server name.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt></b></dt>
+<dd>
+<p>Disables the default behavior of prompting for the Enter key to be
+pressed before printing the list of configuration options for the
+server.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+<a name="INDEX-34"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>testprns</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This is a very simple program that checks to see if a specified
+printer name exists in the system printer capabilities (printcap)
+file.</p>
+<div class="sect1"><a name="appc-80-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">testprns <em class="replaceable">printername [printcapname]</em></pre></blockquote>
+<p>If <em class="replaceable">printcapname</em> isn't
+specified, Samba attempts to use the one specified in the Samba
+configuration file with the <tt class="literal">printcap name</tt>
+parameter. If none is specified there, Samba will try
+<em class="filename">/etc/printcap</em>.</p>
+
+</div>
+</div>
+
+<a name="INDEX-35"/><div class="refentry"><table width="515" border="0" cellpadding="5"><tr><td align="left"><font size="+1"><b><i>wbinfo</i></b></font></td><td align="right"><i></i></td></tr></table><hr width="515" size="3" noshade="true" align="left" color="black"/><table width="515" border="0" cellpadding="5"><tr><td align="left"/><td align="right"/></tr></table><p>This program retrieves and prints information from the
+<em class="emphasis">winbindd</em> daemon, which must be running for
+<em class="emphasis">wbinfo</em> to function.</p>
+<div class="sect1"><a name="appc-82-fm2xml"/>
+
+<h4 class="refsect1">Command synopsis</h4>
+
+<blockquote><pre class="code">wbinfo <em class="replaceable">[options]</em></pre></blockquote>
+
+
+</div>
+
+<div class="sect1"><a name="appc-83-fm2xml"/>
+
+<h4 class="refsect1">Options</h4>
+
+<dl>
+<dt><b><tt class="literal">-u</tt> </b></dt>
+<dd>
+<p>Prints all usernames that have been mapped from the Windows NT domain
+to Unix users. Users in all trusted domains are also listed.</p>
+</dd>
+
+
+
+<dt><b> <tt class="literal">-</tt><em class="emphasis">g</em> </b></dt>
+<dd>
+<p>Prints all group names that have been mapped from the Windows NT
+domain to Unix groups. Groups in all trusted domains are also
+reported.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-h</tt> <em class="replaceable">NetBIOS_name</em></b></dt>
+<dd>
+<p>Queries the WINS server and prints the IP address of the specified
+system.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-n</tt> <em class="replaceable">name</em> </b></dt>
+<dd>
+<p>Prints the SID corresponding to the name specified. The argument can
+be specified as <em class="replaceable">DOMAIN/name</em> (or by using a
+character other than the slash, as defined by the winbind separator
+character) to specify both the domain and the name. If the domain and
+separator are omitted, the value of the <tt class="literal">workgroup</tt>
+parameter in the Samba configuration file is used as the name of the
+domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-s</tt> <em class="replaceable">SID</em> </b></dt>
+<dd>
+<p>Prints the name mapped to a SID, which is specified in the format
+<tt class="literal">S-1-</tt><em class="replaceable">N-N-D-D-D-R</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-U</tt> <em class="replaceable">UID</em></b></dt>
+<dd>
+<p>Prints the SID mapped to a Unix UID, if one exists in the current
+domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-G</tt> <em class="replaceable">gid</em></b></dt>
+<dd>
+<p>Prints the SID mapped to a Unix group ID, if one exists in the
+current domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-S</tt> <em class="replaceable">SID</em></b></dt>
+<dd>
+<p>Prints the Unix UID that winbind has mapped to the specified SID, if
+one exists.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-Y</tt> <em class="replaceable">SID</em></b></dt>
+<dd>
+<p>Prints the Unix group ID that winbind has mapped to the specified
+SID, if one exists.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-t</tt></b></dt>
+<dd>
+<p>Tests to see that the workstation trust account for the Samba server
+is valid.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-m</tt> </b></dt>
+<dd>
+<p>Prints a list of Windows NT domains trusted by the Windows server.
+This does not include the PDC's domain.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-r</tt> <em class="replaceable">username</em></b></dt>
+<dd>
+<p>Prints the list of Unix group IDs to which the user belongs. This
+works only if the user's account is maintained on a
+domain controller.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-a</tt> <em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em></b></dt>
+<dd>
+<p>Checks to see if a user can authenticate through
+<em class="emphasis">winbindd</em> using the specified username and
+password.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">-A</tt> <em class="replaceable">username</em><tt class="literal">%</tt><em class="replaceable">password</em></b></dt>
+<dd>
+<p>Saves the username and password used by <em class="emphasis">winbindd</em>
+to the domain controller. For use when operating in a Windows 2000
+domain.</p>
+</dd>
+
+</dl>
+
+
+</div>
+</div>
+
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+
+</body></html>
diff --git a/docs/htmldocs/using_samba/appd.html b/docs/htmldocs/using_samba/appd.html
new file mode 100644
index 00000000000..0e2a8822f81
--- /dev/null
+++ b/docs/htmldocs/using_samba/appd.html
@@ -0,0 +1,82 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Appendix D. Downloading Samba with CVS</h1>
+
+
+<p>In <a href="ch02.html">Chapter 2</a> we showed you how to download the
+latest stable version of Samba published by the Samba developers. For
+most purposes (including virtually all production servers) this
+procedure will meet your needs. However, sometimes you might want to
+run a version of Samba that includes the latest bug fixes and
+features, maybe for research and testing purposes, or just to see
+what the Samba developers have been up to lately.</p>
+
+<p>The Samba team keeps the latest updates of the Samba source code in a
+<a name="INDEX-1"/><a name="INDEX-2"/>Concurrent Versions System
+(CVS) repository. CVS is a freely available
+<a name="INDEX-3"/>configuration management tool
+and is distributed under the GNU General Public License. You can
+download the latest copy from <a href="http://www.cvshome.org/">http://www.cvshome.org/</a>. The Samba team
+describes various ways to access its CVS repository at <a href="http://www.samba.org/samba/cvs.html">http://www.samba.org/samba/cvs.html</a>.</p>
+
+<a name="samba2-APP-D-NOTE-162"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>Although the CVS code contains the latest features, it also contains
+the latest bugs and sometimes won't even compile
+properly! If you prefer a less &quot;bleeding
+edge&quot; release, try looking in the
+<em class="filename">alpha</em> and <em class="filename">pre</em> directories
+on the Samba FTP server. The <em class="filename">alpha</em> directory
+contains alpha releases, and the <em class="emphasis">pre</em> directory
+contains (usually more stable) prerelease versions. (See <a href="ch02.html">Chapter 2</a> for information on downloading via FTP.) Alpha
+releases might be a little behind the latest CVS code, but are less
+buggy and usually compile properly on the more common Unix versions.</p>
+</blockquote>
+
+<p>One of the nicest things about CVS is its ability to handle remote
+logins. This means that people across the globe on the Internet can
+download and update various source files for any project that uses a
+CVS repository. Such is the case with Samba. Once you have CVS
+installed on your system, you must first log in to the Samba source
+server with the following command:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>cvs -d :pserver:cvs@pserver.samba.org:/cvsroot login</b></tt></pre></blockquote>
+
+<p>When you are prompted for a password, enter <tt class="literal">cvs</tt>.
+You are connected to the CVS server at
+<tt class="literal">pserver.samba.org</tt>. Once you are connected, you can
+download the latest source tree with the following command:<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a></p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>cvs -z5 -d :pserver:pserver@pserver.samba.org:/cvsroot co samba</b></tt></pre></blockquote>
+
+<p>This downloads the entire Samba distribution (file by file) into a
+directory called <em class="filename">samba</em>, created in your current
+directory. The <em class="filename">samba</em> directory has the same
+structure as the Samba source distribution described in <a href="ch02.html">Chapter 2</a>, except that it has additional directories
+named <em class="filename">CVS</em> throughout the source tree. These
+directories are used by CVS to store information about each file in
+the source tree and how to update them. After the download is
+completed, you can follow the instructions in <a href="ch02.html">Chapter 2</a> to configure, compile, and install your new
+Samba release.</p>
+
+<p>The Samba developers typically update the Samba source code one or
+more times per day. Whenever you want to catch up to the latest
+changes, simply <em class="emphasis">cd</em> to the
+<em class="filename">samba</em> directory and run the following command:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>cvs update -d -P</b></tt></pre></blockquote>
+
+<p>Each time you do this, you will need to reconfigure, recompile, and
+reinstall to update your installation as we showed you in <a href="ch02.html">Chapter 2</a>.</p>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/>
+<p><a href="#FNPTR-1">[1]</a> The <tt class="literal">-z</tt> option causes the transfer to be made
+in GNU gzip compressed format and requires the
+<em class="filename">gzip</em> program to be installed on your system to
+work. If you do not have <em class="filename">gzip</em>, omit the
+<tt class="literal">-z</tt> option.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+
+</body></html>
diff --git a/docs/htmldocs/using_samba/appe.html b/docs/htmldocs/using_samba/appe.html
new file mode 100644
index 00000000000..d3263eb3cb1
--- /dev/null
+++ b/docs/htmldocs/using_samba/appe.html
@@ -0,0 +1,826 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Appendix E. Configure Options</h1>
+
+
+<p><a name="INDEX-1"/>As we
+explained in <a href="ch02.html">Chapter 2</a>, the
+<em class="emphasis">configure</em> program is run before the Samba source
+code is compiled to fit the compilation process to the local
+architecture. At this stage, it is possible to specify options to
+customize Samba's behavior further and include or
+exclude features. This is an example of specifying configure options:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>./configure --with-smbmount --with-configdir=/etc/samba --with-manpages-langs=ja</b></tt></pre></blockquote>
+
+<p>This example configures the Samba installation to support mounting
+SMB filesystems, look for the Samba configuration file in
+<em class="filename">/etc/samba</em> (instead of the default location of
+<em class="filename">/usr/local/samba/lib</em>), and install
+Japanese-language manual pages. We have picked these three configure
+options because they illustrate the usage of the three types of
+options that are included up to Samba 3.0. The
+<tt class="literal">--with-smbmount</tt> option is a Boolean option, which
+can take a value of <tt class="literal">yes</tt> or <tt class="literal">no</tt>.
+All the Boolean options are set to <tt class="literal">no</tt> by default,
+and it is only necessary to provide the option to turn it on. If you
+want to be more explicit, you can specify
+<tt class="literal">--with-smbmount=yes</tt>. To turn an option off
+explicitly, you can also specify
+<tt class="literal">--without-</tt><em class="replaceable">feature</em>
+rather than
+<tt class="literal">--with-</tt><em class="replaceable">feature</em><tt class="literal">=no</tt>.</p>
+
+<p>In the case of the other two options we have shown, an argument must
+be supplied after the equals (<tt class="literal">=</tt>) sign. Some of the
+options are used to specify the directories that Samba uses for
+various purposes. Only one option is in the last group, where
+something other than a directory is specified as an option argument.</p>
+
+<p>The supported configure options vary from release to release. For
+example, between Samba 2.2.x and Samba 3.0, many options were
+dropped, and a few were added. To get a list of the configure options
+for your release, use the following command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>./configure --help</b></tt></pre></blockquote>
+
+<p><a href="appe.html#samba2-APP-E-TABLE-1">Table E-1</a> lists Samba's configure
+options.</p>
+
+<a name="samba2-APP-E-TABLE-1"/><h4 class="head4">Table E-1. Configuration options</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Configuration option</p>
+</th>
+<th>
+<p>Description</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">--with-acl-support</tt></p>
+</td>
+<td>
+<p>Support Windows NT/2000/XP ACLs</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-afs</tt></p>
+</td>
+<td>
+<p>Support the Andrew Filesystem (AFS)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-automount</tt></p>
+</td>
+<td>
+<p>Support the NFS automounter</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-codepagedir=</tt><em class="replaceable">dir</em></p>
+</td>
+<td>
+<p>Location of codepage files</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-configdir=</tt><em class="replaceable">dir</em></p>
+</td>
+<td>
+<p>Location of configuration files</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-dce-dfs</tt></p>
+</td>
+<td>
+<p>Support DCE/DFS</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-fhs</tt></p>
+</td>
+<td>
+<p>Use FHS-compliant locations of files</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-included-popt</tt></p>
+</td>
+<td>
+<p>Use Samba's <em class="emphasis">popt( )</em></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-krb4=base-</tt><em class="replaceable">dir</em></p>
+</td>
+<td>
+<p>Support Kerberos 4</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-krb5=base-</tt><em class="replaceable">dir</em></p>
+</td>
+<td>
+<p>Support Kerberos 5 (Microsoft ADS)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-ldapsam</tt></p>
+</td>
+<td>
+<p>Support LDAP SAM</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-libiconv=</tt><em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Specify <em class="filename">iconv</em> library</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-libsmbclient</tt></p>
+</td>
+<td>
+<p>Build <em class="filename">smbclient</em> library</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-lockdir=</tt><em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Location of lock files</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-logfilebase=</tt><em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Location of log files</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-manpages-langs=</tt><em class="replaceable">language</em></p>
+</td>
+<td>
+<p>Specify language for manual pages</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-msdfs</tt></p>
+</td>
+<td>
+<p>Support Microsoft Dfs</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-nisplus-home</tt></p>
+</td>
+<td>
+<p>Support NIS+ home directories</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-nisplussam</tt></p>
+</td>
+<td>
+<p>Support NIS+ SAM</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-pam</tt></p>
+</td>
+<td>
+<p>Support PAM restrictions</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-pam_smbpass</tt></p>
+</td>
+<td>
+<p>Build <em class="filename">pam_smbpass.so</em> PAM module</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-piddir=</tt><em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Location of PID files</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-privatedir=</tt><em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Location of <em class="filename">smbpasswd</em> file</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-profiling-data</tt></p>
+</td>
+<td>
+<p>Support gathering of profiling information</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-quotas</tt></p>
+</td>
+<td>
+<p>Support disk quotas</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-readline=</tt><em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Specify readline library</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-sendfile-support</tt></p>
+</td>
+<td>
+<p>Support <em class="emphasis">sendfile</em>( ) system call</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-smbmount</tt></p>
+</td>
+<td>
+<p>Support <em class="emphasis">smbmount</em> and smbfs</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-smbwrapper</tt></p>
+</td>
+<td>
+<p>Build <em class="filename">smbwrapper</em> library for
+<em class="emphasis">smbsh</em> support</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-spinlocks</tt></p>
+</td>
+<td>
+<p>Use spinlocks instead of fcntl locks</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-ssl</tt></p>
+</td>
+<td>
+<p>Support SSL</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-sslinc=</tt><em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Location of SSL include files</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-ssllib=</tt><em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Location of SSL libraries</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-swatdir=</tt><em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Location of SWAT files</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-syslog</tt></p>
+</td>
+<td>
+<p>Support syslog message logging</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-tdbsam</tt></p>
+</td>
+<td>
+<p>Support TDB database files for SAM</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-utmp</tt></p>
+</td>
+<td>
+<p>Support utmp file accounting</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--with-winbind</tt></p>
+</td>
+<td>
+<p>Build winbind</p>
+</td>
+</tr>
+
+</table>
+
+<dl>
+<dt><b><tt class="literal">--with-acl-support</tt><a name="INDEX-2"/><a name="INDEX-3"/></b></dt>
+<dd>
+<p>Includes support for Windows NT/2000/XP access control lists
+(<a name="INDEX-4"/>ACLs). For this to work, you need
+to have POSIX ACL support in the host operating system. See <a href="ch08.html">Chapter 8</a> for details.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-afs</tt><a name="INDEX-5"/><a name="INDEX-6"/></b></dt>
+<dd>
+<p>Includes support for the <a name="INDEX-7"/>Andrew
+Filesystem (AFS), for authenticating users who are accessing files
+through AFS.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-automount</tt><a name="INDEX-8"/><a name="INDEX-9"/></b></dt>
+<dd>
+<p>Includes support for the automounter, a feature often used in
+conjunction with NFS, to mount <a name="INDEX-10"/><a name="INDEX-11"/>NFS shares automatically at the
+first attempt to access them. You might wish to enable this feature
+if any of the directories shared by your Samba server are (or
+include) NFS-mounted directories.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-codepagedir</tt><a name="INDEX-12"/><a name="INDEX-13"/>=<em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies the directory in which to put codepage files for
+<a name="INDEX-14"/>internationalization
+support. See the
+&quot;Internationalization&quot; section
+earlier in this chapter for more information on this feature. By
+default, this directory is
+<em class="filename">/usr/local/samba/lib/codepages</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-configdir</tt><a name="INDEX-15"/><a name="INDEX-16"/>=<em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies the directory in which Samba keeps its configuration file,
+usually called <em class="filename">smb.conf</em>. By default, this is
+<em class="filename">/usr/local/samba/lib</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-dce-dfs</tt><a name="INDEX-17"/><a name="INDEX-18"/></b></dt>
+<dd>
+<p>Includes support for the <a name="INDEX-19"/>Distributed Computing Environment
+Distributed Filesystem (DCE/DFS). This is a distributed filesystem
+included in some Unix variants and is not the same as
+Microsoft's Distributed Filesystem (Dfs).</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-fhs</tt><a name="INDEX-20"/><a name="INDEX-21"/></b></dt>
+<dd>
+<p>Adheres to the <a name="INDEX-22"/>Filesystem Hierarchy Standard when
+locating files. For details, see <a href="http://www.pathname.com/fhs">http://www.pathname.com/fhs</a>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-included-popt</tt><a name="INDEX-23"/><a name="INDEX-24"/></b></dt>
+<dd>
+<p>Includes Samba's own support for parsing
+<a name="INDEX-25"/>command-line options, instead of using
+the local system's <em class="emphasis">popt( )</em>
+C-library function.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-krb4</tt><a name="INDEX-26"/><a name="INDEX-27"/>=<em class="replaceable">base-dir</em></b></dt>
+<dd>
+<p>Includes support for <a name="INDEX-28"/>Kerberos Version 4.0, specifying the base
+directory of the Kerberos distribution. Kerberos is an authentication
+protocol developed at MIT that uses private-key cryptography to
+provide strong security between nodes. This version is not the same
+as Microsoft's adaptation of Kerberos in Active
+Directory, which is the preferred version for use with Samba. This
+option exists only in versions of Samba earlier than 3.0.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-krb5</tt><a name="INDEX-29"/><a name="INDEX-30"/>=<em class="replaceable">base-dir</em></b></dt>
+<dd>
+<p>Includes support for Kerberos Version 5.0, specifying the base
+directory of the Kerberos distribution. This version of Kerberos is
+compatible with the Kerberos authentication in
+Microsoft's Active Directory used in Windows 2000
+and Windows XP.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-ldapsam</tt><a name="INDEX-31"/><a name="INDEX-32"/></b></dt>
+<dd>
+<p>Includes support for using
+<a name="INDEX-33"/>LDAP instead of the
+<em class="filename">smbpasswd</em> file for maintaining
+Samba's equivalent to the Windows NT SAM database.
+This option is necessary to use the parameters
+<tt class="literal">ldap</tt> <tt class="literal">admin</tt>
+<tt class="literal">dn</tt>, <tt class="literal">ldap</tt>
+<tt class="literal">filter</tt>, <tt class="literal">ldap</tt>
+<tt class="literal">port</tt>, <tt class="literal">ldap</tt>
+<tt class="literal">server</tt>, <tt class="literal">ldap</tt>
+<tt class="literal">ssl</tt>, and <tt class="literal">ldap</tt>
+<tt class="literal">suffix</tt> in the Samba configuration file. It is
+necessary to specify <tt class="literal">--with-ldapsam</tt> only in Samba
+versions prior to 3.0.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-libiconv</tt><a name="INDEX-34"/><a name="INDEX-35"/>=<em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies a location for <em class="emphasis">iconv( )</em> support. The
+<a name="INDEX-36"/><em class="emphasis">iconv( )</em> function
+exists in the C library to perform conversion between different
+character sets. This option allows Samba's default
+method of determining the location of the <em class="emphasis">iconv()</em>
+library to be overridden. Ordinarily, the configuration
+process checks for support in the C library on the system and, if not
+found, uses code included in the Samba source tree. Using
+<tt class="literal">--with-libiconv</tt>, it is possible to specify
+explicitly where the support is located. The include files are
+assumed to be in
+<em class="replaceable">directory</em><em class="filename">/include</em>,
+and library files are assumed to be in
+<em class="replaceable">directory</em><em class="filename">/lib</em>. This
+option is new in Samba 3.0.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-libsmbclient</tt><a name="INDEX-37"/><a name="INDEX-38"/></b></dt>
+<dd>
+<p>Allows applications outside the
+<a name="INDEX-39"/>Samba
+suite to access Samba's features. When
+<tt class="literal">--with-libsmbclient</tt> is specified, the library is
+built during the compilation process.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-lockdir</tt><a name="INDEX-40"/><a name="INDEX-41"/>=<em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies the directory in which Samba keeps
+<a name="INDEX-42"/>lock
+files. By default this directory is
+<em class="filename">/usr/local/samba/var/locks</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-logfilebase</tt><a name="INDEX-43"/><a name="INDEX-44"/>=<em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies the directory in which Samba keeps <a name="INDEX-45"/>log files for the
+<em class="emphasis">smbd</em>, <em class="emphasis">nmbd</em>, and
+<em class="emphasis">winbindd</em> daemons. This defaults to
+<em class="filename">/usr/local/samba/var</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-manpages-langs</tt><a name="INDEX-46"/><a name="INDEX-47"/>=<em class="replaceable">language</em></b></dt>
+<dd>
+<p>Starting with Samba 3.0, <a name="INDEX-48"/><a name="INDEX-49"/>Samba's manual pages
+are available in different languages. The default is
+<tt class="literal">en</tt> for English, and the language can be specified
+as <tt class="literal">ja</tt> for Japanese or <tt class="literal">pl</tt> for
+Polish.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-msdfs</tt><a name="INDEX-50"/><a name="INDEX-51"/></b></dt>
+<dd>
+<p>Includes support for Microsoft Distributed Filesystem
+(<a name="INDEX-52"/>Dfs). See <a href="ch08.html">Chapter 8</a> for
+more information on this feature. Specifying this option is necessary
+only in Samba versions prior to 3.0.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-nisplus-home</tt><a name="INDEX-53"/><a name="INDEX-54"/></b></dt>
+<dd>
+<p>Includes support for locating the
+<a name="INDEX-55"/>NIS+ server that is
+serving a particular user's home directory and
+telling the client to connect to it. Use
+<tt class="literal">--with-automount</tt> along with this option.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-nisplussam</tt><a name="INDEX-56"/><a name="INDEX-57"/></b></dt>
+<dd>
+<p>Includes support for integrating
+<a name="INDEX-58"/>NIS+ into Samba's
+equivalent of the Windows NT password database.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-pam</tt><a name="INDEX-59"/><a name="INDEX-60"/></b></dt>
+<dd>
+<p>When this configure option is specified and the parameter
+<tt class="literal">obey</tt> <tt class="literal">pam</tt>
+<tt class="literal">restrictions</tt> in the Samba configuration file is
+set to <tt class="literal">yes</tt>, obeys PAM's
+configuration regarding account and session management. When
+encrypted passwords are in use, Samba uses the
+<em class="filename">smbpasswd</em> file for authentication, bypassing the
+PAM subsystem. Therefore, this option works only when
+<tt class="literal">encrypt</tt> <tt class="literal">passwords</tt> is set to
+<tt class="literal">no</tt>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-pam_smbpass</tt><a name="INDEX-61"/><a name="INDEX-62"/></b></dt>
+<dd>
+<p>When this option is specified, the compilation process builds a PAM
+module called <em class="filename">pam_smbpass.so</em> and places it in
+the <em class="filename">source/bin</em> directory. This module allows
+applications outside of the Samba suite to authenticate users with
+Samba's <em class="filename">smbpasswd</em> file. For
+more information, see the <em class="filename">README</em> file in the
+<em class="filename">source/pam_smbpass</em> directory of the Samba
+distribution and the file
+<em class="filename">PAM-Authentication-And-Samba.html</em> in the
+<em class="filename">docs/html</em> directory.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-piddir</tt><a name="INDEX-63"/><a name="INDEX-64"/>=<em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies the directory in which Samba keeps files such as
+<a name="INDEX-65"/>browse lists, WINS
+data, and PID files for keeping track of the process IDs of the Samba
+daemons. The default is
+<em class="filename">/usr/local/samba/var/locks</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-privatedir</tt><a name="INDEX-66"/><a name="INDEX-67"/>=<em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies the directory in which Samba keeps the
+<em class="filename">smbpasswd</em>, <em class="filename">secrets.tdb,</em> and
+related files for
+<a name="INDEX-68"/>authentication.
+The default is <em class="filename">/usr/local/samba/private</em>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-profiling-data</tt><a name="INDEX-69"/><a name="INDEX-70"/></b></dt>
+<dd>
+<p>Includes support for analyzing the execution time of
+Samba's internal code. This is normally used only by
+the Samba developers.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-quotas</tt><a name="INDEX-71"/><a name="INDEX-72"/></b></dt>
+<dd>
+<p>Includes <a name="INDEX-73"/>disk-quota support. This is classified
+as an experimental option by the Samba developers.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-readline</tt><a name="INDEX-74"/><a name="INDEX-75"/>=<em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies a location for
+<a name="INDEX-76"/><em class="emphasis">readline( )</em>
+support. The <em class="emphasis">readline( )</em> function exists in the
+C library to accept a line of input from an interactive user and
+provide support for editing and history. Samba uses these functions
+in <em class="emphasis">smbclient</em> and <em class="emphasis">rpcclient</em>.</p>
+
+<p>This option allows Samba's default method of
+determining the location of the <tt class="function">readline( )</tt>
+library to be overridden. Ordinarily, the configuration process
+checks for support in the C library on the system and, if not found,
+uses code included in the Samba source tree. Using
+<tt class="literal">--with-readline</tt>, it is possible to specify the
+directory explicitly in which the library containing
+<em class="emphasis">readline( )</em> is located.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-sendfile-support</tt><a name="INDEX-77"/><a name="INDEX-78"/></b></dt>
+<dd>
+<p>Checks to see if the Samba host operating system supports the
+<a name="INDEX-79"/><em class="emphasis">sendfile( )</em> system
+call, which speeds up file transfers by copying data directly to and
+from kernel buffers, avoiding the overhead of copying to and from
+buffers in user space. If the operating system has the
+<em class="emphasis">sendfile( )</em> system call, support is included in
+Samba for the <tt class="literal">use</tt> <tt class="literal">sendfile</tt>
+configuration file option. This is an experimental option included in
+Samba 2.2.5 and later versions.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-smbmount</tt><a name="INDEX-80"/><a name="INDEX-81"/></b></dt>
+<dd>
+<p>Must be specified if you want to mount SMB shares in your Unix
+filesystem using the <em class="filename"/><a name="INDEX-82"/>smbfs</em> filesystem and the
+<em class="emphasis">smbmount</em><a name="INDEX-83"/> command, as discussed in <a href="ch05.html">Chapter 5</a>. Currently, this works only with Linux.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-smbwrapper</tt><a name="INDEX-84"/><a name="INDEX-85"/></b></dt>
+<dd>
+<p>To use <a name="INDEX-86"/>smbsh to access SMB shares from Unix (as
+discussed in <a href="ch05.html">Chapter 5</a>), use this option to
+include the
+<em class="filename">smbwrapper</em><a name="INDEX-87"/> library.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-spinlocks</tt><a name="INDEX-88"/><a name="INDEX-89"/></b></dt>
+<dd>
+<p>Uses <a name="INDEX-90"/><a name="INDEX-91"/>spin locks instead of the normal method of
+file locking that uses the <em class="emphasis">fcntl( )</em> C-library
+function. Using this option results in a Samba installation that
+consumes much more CPU time on the host system. Use it only when
+absolutely necessary.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-ssl</tt><a name="INDEX-92"/><a name="INDEX-93"/></b></dt>
+<dd>
+<p>Includes support for running Samba with
+<a name="INDEX-94"/>SSL encryption. This little-used
+feature was dropped for Samba 3.0. It still works with Samba 2.2.x
+and before, but a better method is to use a <a name="INDEX-95"/>virtual private
+network (VPN).</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-sslinc</tt><a name="INDEX-96"/><a name="INDEX-97"/>=<em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies the location of the SSL include files.
+<em class="filename">/usr/local/ssl/include</em> is the default location.
+This option exists in versions prior to Samba 3.0.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-ssllib</tt><a name="INDEX-98"/><a name="INDEX-99"/>=<em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies the location of the SSL libraries. The default location is
+<em class="filename">/usr/local/ssl/lib</em>. This option exists in
+versions prior to Samba 3.0.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-swatdir</tt><a name="INDEX-100"/><a name="INDEX-101"/>=<em class="replaceable">directory</em></b></dt>
+<dd>
+<p>Specifies where to install the files for
+<a name="INDEX-102"/>SWAT.
+<em class="filename">/usr/local/samba/swat</em> is the default location.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-syslog</tt><a name="INDEX-103"/><a name="INDEX-104"/></b></dt>
+<dd>
+<p>Includes support for
+<a name="INDEX-105"/>syslog error
+logging. This option must be specified for the Samba configuration
+file parameters <tt class="literal">syslog</tt> and
+<tt class="literal">syslog</tt> <tt class="literal">only</tt> to work. This
+option is widely supported, but might not work correctly on all Samba
+host systems.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-tdbsam</tt><a name="INDEX-106"/><a name="INDEX-107"/></b></dt>
+<dd>
+<p>Includes support for keeping Samba's equivalent of
+the Windows NT SAM in a <em class="filename">.tdb</em> database file
+rather than in the <em class="filename">smbpasswd</em> file. This is an
+experimental feature.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-utmp</tt><a name="INDEX-108"/><a name="INDEX-109"/></b></dt>
+<dd>
+<p>Includes support for <a name="INDEX-110"/>user accounting in the
+system's
+<em class="filename">utmp</em><a name="INDEX-111"/> file. It is necessary for the
+<tt class="literal">utmp</tt> and <tt class="literal">utmp</tt>
+<tt class="literal">directory</tt> Samba configuration file options to
+work. This option is widely supported, but might not work correctly
+on all Samba host systems.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-winbind</tt><a name="INDEX-112"/><a name="INDEX-113"/></b></dt>
+<dd>
+<p>Includes <a name="INDEX-114"/>winbind support in Samba.
+Instead of defaulting to <tt class="literal">no</tt>, as with other boolean
+options, <tt class="literal">--with-winbind</tt> is
+automatically set to <tt class="literal">yes</tt> on systems that support
+winbind functionality. The only time you would need to specify this
+option is to turn it off, like this:</p>
+
+
+<blockquote><pre class="code"># <tt class="userinput"><b>configure --without-winbind</b></tt></pre></blockquote>
+
+<p>This excludes winbind functionality from Samba even when the local
+operating system can support it. For more information on winbind, see
+<a href="ch09.html">Chapter 9</a>. <a name="INDEX-115"/></p>
+</dd>
+
+</dl>
+
+
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+</body></html>
diff --git a/docs/htmldocs/using_samba/appf.html b/docs/htmldocs/using_samba/appf.html
new file mode 100644
index 00000000000..c3eb7d4d816
--- /dev/null
+++ b/docs/htmldocs/using_samba/appf.html
@@ -0,0 +1,780 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Appendix F. Running Samba on Mac OS X Server</h1>
+
+
+
+<p><a name="INDEX-1"/>Mac OS X Server is an Apple
+operating-system product based on Mac OS X, with the addition of
+administrative tools and server software. One area in which it
+differs from Mac OS X is in the configuration of Samba-based
+services. In this appendix, we'll tell you how to
+set up SMB file and printer shares, enable client user access, and
+monitor activity. Our specific focus is on Mac OS X Server 10.2.</p>
+
+
+
+<div class="sect1"><a name="samba2-APP-F-SECT-1"/>
+
+<h2 class="head1">Setup Procedures</h2>
+
+<p>The first thing to note is that the procedure described in <a href="ch02.html">Chapter 2</a> using System Preferences to enable Samba does
+not apply to Mac OS X Server. Unlike Mac OS X, the Sharing pane of
+System Preferences does not include an option to turn on Windows File
+Sharing. Instead, there is a set of applications to configure,
+activate, and monitor services: Workgroup Manager, Server Settings,
+Server Status, and Open Directory Assistant, all located in the
+directory <em class="filename">/Applications/Utilities</em>.</p>
+
+<a name="samba2-APP-F-NOTE-163"/><blockquote class="note"><h4 class="objtitle">NOTE</h4>
+<p>In addition to being installed with Mac OS X Server, these and other
+administrative applications are included on a separate installation
+CD-ROM sold with the operating system. They can be used to manage Mac
+OS X Server systems remotely from any Mac OS X machine.</p>
+
+<p>For more information, refer to the <em class="citetitle">Mac OS X Server
+Administrator's
+Guide</em><a name="INDEX-2"/>, included as a PDF
+file in the <em class="filename">/Library/Documentation/MacOSXServer</em>
+directory, and also downloadable from Apple
+Computer's web site at <a href="http://www.apple.com/server/">http://www.apple.com/server/</a>.</p>
+</blockquote>
+
+<p>Briefly, the procedure for setting up SMB file and printer shares is
+as follows:</p>
+
+<ol><li>
+<p>Designate share points in Workgroup Manager for file sharing.</p>
+</li><li>
+<p>Set up print queues in Server Settings for printer sharing, and
+activate Printer Service.</p>
+</li><li>
+<p>Configure and activate Windows Services in Server Settings.</p>
+</li><li>
+<p>Activate Password Server and enable SMB authentication in Open
+Directory Assistant.</p>
+</li><li>
+<p>Enable Password Server authentication for user accounts in Workgroup
+Manager.</p>
+</li><li>
+<p>Monitor file and print services with Server Status.</p>
+</li></ol>
+
+<div class="sect2"><a name="samba2-APP-F-SECT-1.1"/>
+
+<h3 class="head2">Sharing Files</h3>
+
+<p><a name="INDEX-3"/><a name="INDEX-4"/>The
+first step to enable SMB file sharing is to designate one or more
+<em class="firstterm">share points</em>. Share points are folders that
+form the root of shared volumes for any of the protocols supported by
+Mac OS X Server: Apple Filesharing Protocol (AFP), Network Filesystem
+(NFS), File Transfer Protocol (FTP), and SMB.</p>
+
+<p>To designate a share point, launch Workgroup Manager. You will be
+prompted for the local or remote server's hostname
+or IP address, as well as for a username and password; this process
+is required by all the Mac OS X Server administrative applications.
+Once Workgroup Manager is open, click the Sharing button in the
+toolbar. The list on the left, under the Share Points tab, displays
+currently defined share points. To add a new one, click the All tab,
+and navigate to the folder you want to share.</p>
+
+<p>On the right, under the General tab, check the box labeled Share this
+item and its contents, change the ownership and permissions if
+desired, then click the Save button. Next, under the Protocols tab,
+select Windows File Settings from the pop-up menu, and ensure that
+the box labeled Share this item using SMB is checked. At this point,
+you can also decide whether to allow guest access to the share,
+change the name of the share displayed to SMB clients, or set
+permissions for files and folders created by SMB clients. Click the
+Save button when you're finished making changes. See
+<a href="appf.html#samba2-APP-F-FIG-1">Figure F-1</a>.</p>
+
+<div class="figure"><a name="samba2-APP-F-FIG-1"/><img src="figs/sam2_af01.gif"/></div><h4 class="head4">Figure F-1. Workgroup Manager: Share Points and Windows File Settings</h4>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-F-SECT-1.2"/>
+
+<h3 class="head2">Sharing Printers</h3>
+
+<p><a name="INDEX-5"/><a name="INDEX-6"/>Printer shares are set up
+differently. First, launch Server Settings; under the File &amp;
+Print tab, select Print, then Configure Print Service.... Check the
+box labeled Automatically share new queues for Windows printing.
+Next, click the Print icon again and then Show Print Monitor. Make
+sure the printers you want to share are listed. Printers directly
+attached to the server should have queues created automatically, but
+remote printers you wish to reshare must be added by clicking New
+Queue and discovering or specifying the printers. When
+you're finished, click Save, select the Print icon
+one more time, and select Start Print Service. See <a href="appf.html#samba2-APP-F-FIG-2">Figure F-2</a>.</p>
+
+<div class="figure"><a name="samba2-APP-F-FIG-2"/><img src="figs/sam2_af02.gif"/></div><h4 class="head4">Figure F-2. Server Settings: Print Service</h4>
+
+<a name="samba2-APP-F-NOTE-164"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Server Settings will make local printers available for sharing only
+if they're PostScript compatible. Unfortunately,
+many printers, including consumer-grade USB inkjet printers,
+aren't. If you want to make one of these printers
+available to SMB clients, you can still add the share to
+<em class="filename">/etc/smb.conf</em> yourself with a text editor. See
+&quot;Rolling Your Own&quot; later in this
+chapter for instructions and caveats related to making manual changes
+to <em class="filename">smb.conf</em>.</p>
+</blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-F-SECT-1.3"/>
+
+<h3 class="head2">Configuring and Activating Services</h3>
+
+<p><a name="INDEX-7"/>At this point, neither
+the file shares nor the printer shares are available to SMB clients.
+To activate them, click the Windows icon in Server Settings, and
+click Configure Windows Services.... Under the General tab, you can
+set the server's NetBIOS hostname, the workgroup or
+Windows NT domain in which the server resides, and the description
+that gets displayed in a browse list. You can also specify the code
+page for an alternate character set. Finally, you can enable
+boot-time startup of Samba. See <a href="appf.html#samba2-APP-F-FIG-3">Figure F-3</a>.</p>
+
+<div class="figure"><a name="samba2-APP-F-FIG-3"/><img src="figs/sam2_af03.gif"/></div><h4 class="head4">Figure F-3. Server Settings: Windows Services</h4>
+
+<p>The Windows Services Access tab offers options to enable guest access
+and limit the number of simultaneous client connections; under the
+Logging tab, you can specify the verbosity of your logging. With
+options under the Neighborhood tab, you can configure your machine as
+a WINS client or server or have it provide browser services locally
+or across subnets.</p>
+
+<a name="samba2-APP-F-SIDEBAR-1"/><blockquote><table border="1" cellpadding="6"><tr><td>
+<h4 class="head4">Password Server</h4>
+
+<p><a name="INDEX-8"/><a name="INDEX-9"/>Password Server is a feature
+introduced with Mac OS X Server 10.2. In prior versions of Mac OS X
+Server, Windows authentication was handled with Authentication
+Manager, which stored a user's Windows password in
+the <tt class="literal">tim_password</tt> property of the
+user's NetInfo record. This can still be done in
+Version 10.2, although it's strongly discouraged
+because the encrypted password is visible to other users with access
+to the NetInfo domain and can potentially be decrypted.</p>
+
+<p>If you need to use Authentication Manager, use the following
+procedure to enable it:</p>
+
+<ol><li>
+<p>On every machine hosting a domain that will bind into the NetInfo
+hierarchy, execute the command <tt class="literal">tim -init -auto</tt>
+<em class="replaceable">tag</em> for each domain, where
+<em class="replaceable">tag</em> is the name of the
+domain's database.</p>
+</li>
+<li>
+<p>When prompted, provide a password to be used as the encryption key
+for the domain. This key is used to decrypt the Windows passwords and
+is stored in an encrypted file readable only by root,
+<em class="filename">/var/db/netinfo/.tag.tim</em>.</p>
+</li>
+<li>
+<p>Set <tt class="literal">AUTHSERVER=-YES-</tt> in
+<em class="filename">/etc/hostconfig</em>.</p>
+</li>
+<li>
+<p>Start Authentication Manager by invoking <em class="emphasis">tim</em>.
+This is also executed during the boot sequence by the AuthServer
+startup item.</p>
+</li>
+<li>
+<p>Reset the password of each user requiring SMB client access. In Mac
+OS X Server 10.2 or later, make sure the user is set up for Basic
+authentication, not Password Server authentication.</p>
+</li></ol></td></tr></table></blockquote>
+
+<p>When you've finished configuring Windows Services,
+click the Save button, then click the Windows icon in Server
+Settings, and select Start Windows Services. This starts the Samba
+daemons, enabling access from SMB clients.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-F-SECT-1.4"/>
+
+<h3 class="head2">Activating Password Server</h3>
+
+<p><a name="INDEX-10"/><a name="INDEX-11"/>Now that
+you've set up file and printer shares, you need to
+make sure users can properly authenticate to access them. In Mac OS X
+Server, this is accomplished with the <a name="INDEX-12"/>Open Directory
+Password Server, a service based on the <a name="INDEX-13"/>Simple Authentication and Security
+Layer (SASL) standard and usable with many different authentication
+protocols, including the LAN Manager and Windows NT LAN Manager
+(NTLM) protocols. This section describes how to support SMB client
+authentication, but for more information on what Password Server does
+and how it works, see the Mac OS X Server
+Administrator's Guide.</p>
+
+<p>To enable Password Server or merely check its settings, start the
+Open Directory Assistant. Unless you wish to change any of the
+settings, just click the right arrow button in the lower-right corner
+of the window until you get to the first Security step. At this
+point, activate Password Server by selecting the option marked
+Password and authentication information will be provided to other
+systems. The next step displays the main administrative account, and
+the one after that gives you a choice of authentication protocols to
+enable (see <a href="appf.html#samba2-APP-F-FIG-4">Figure F-4</a>). Make sure that SMB-NT is
+checked, and check SMB-Lan Manager if you have Windows 95/98/Me or
+older clients. The final step saves the Password Server configuration
+and prompts you to reboot.</p>
+
+<div class="figure"><a name="samba2-APP-F-FIG-4"/><img src="figs/sam2_af04.gif"/></div><h4 class="head4">Figure F-4. Password Server authentication protocols</h4>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-F-SECT-1.5"/>
+
+<h3 class="head2">Enabling Password Server</h3>
+
+<p><a name="INDEX-14"/><a name="INDEX-15"/>To enable the
+use of Password Server for a user account, launch Workgroup Manager,
+and click the Accounts button in the toolbar. Under the Users tab on
+the far left (with the silhouette of a single person), select the
+account, and under the Advanced tab on the right, select Password
+Server for the User Password Type (see <a href="appf.html#samba2-APP-F-FIG-5">Figure F-5</a>).
+You are prompted to enter a new user password to be stored in the
+Password Server database. After saving the account configuration, the
+user can authenticate and access shares from an SMB client.</p>
+
+<div class="figure"><a name="samba2-APP-F-FIG-5"/><img src="figs/sam2_af05.gif"/></div><h4 class="head4">Figure F-5. Workgroup Manager: Enabling Password Server authentication</h4>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-F-SECT-1.6"/>
+
+<h3 class="head2">Monitoring Services</h3>
+
+<p><a name="INDEX-16"/>Once you've got
+everything working, you'll want to keep an eye on
+things. The Server Status application gives you views into the
+various services provided by Mac OS X Server. For Windows Services,
+you can see the current state of the service, browse the logs
+(located in the directory
+<em class="filename">/Library/Logs/WindowsServices</em>), display and
+terminate individual connections, and view a graph of connections
+over time (see <a href="appf.html#samba2-APP-F-FIG-6">Figure F-6</a>). Similar information is
+provided for Print Service.</p>
+
+<div class="figure"><a name="samba2-APP-F-FIG-6"/><img src="figs/sam2_af06.gif"/></div><h4 class="head4">Figure F-6. Server Status: Windows Services</h4>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-APP-F-SECT-2"/>
+
+<h2 class="head1">Configuration Details</h2>
+
+<p><a name="INDEX-17"/>Underneath the GUI, a lot of activity
+takes place to offer Windows Services. In the non-Server version of
+Mac OS X, selecting Windows File Sharing sets the
+<tt class="literal">SMBSERVER</tt> parameter in
+<em class="filename">/etc/hostconfig</em> and triggers the Samba startup
+item. In Mac OS X Server, under normal circumstances the Samba
+startup item and the <tt class="literal">SMBSERVER</tt> parameter are never
+used.</p>
+
+<p>Instead, a process named <em class="emphasis">sambadmind</em> generates
+<em class="filename">/etc/smb.conf</em> from the configuration specified
+in Server Settings and Workgroup Manager and handles starting and
+restarting the Samba daemons as necessary. The
+<em class="emphasis">sambadmind</em> process is in turn monitored by
+<em class="emphasis">watchdog</em>, which keeps an eye on certain
+processes and restarts those which fail. The
+<em class="emphasis">watchdog</em> utility is configured in
+<em class="filename">/etc/watchdog.conf</em>, a file similar to a System V
+<em class="filename">inittab</em>, which specifies how the services under
+<em class="emphasis">watchdog</em>'s purview are to be
+treated. For example, the line for <em class="emphasis">sambadmind</em>
+looks like this:</p>
+
+<blockquote><pre class="code">sambadmin:respawn:/usr/sbin/sambadmind -d # SMB Admin daemon</pre></blockquote>
+
+<p>Using a <em class="emphasis">watchdog</em>-monitored process such as
+<em class="emphasis">sambadmind</em> to start the Samba daemons, instead
+of a one-time execution of a startup item, results in more reliable
+service. In Mac OS X Server, if a Samba daemon dies unexpectedly, it
+is quickly restarted. (Examples of other services monitored by
+<em class="emphasis">watchdog</em> are Password Server, Print Service, and
+the Server Settings daemon that allows remote management.)</p>
+
+<p>There's another wrinkle in Mac OS X Server: the
+Samba configuration settings are not written directly to
+<em class="filename">/etc/smb.conf</em>, as they are in the non-Server
+version of Mac OS X. Instead, they're stored in the
+server's local Open Directory domain,<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> from which <em class="emphasis">sambadmind</em> retrieves them
+and regenerates <em class="filename">smb.conf</em>. For example, the Samba
+global parameters are stored in
+<em class="filename">/config/SMBServer</em> (see <a href="appf.html#samba2-APP-F-FIG-7">Figure F-7</a>). Share point information is also kept in Open
+Directory, under <em class="filename">/config/SharePoints</em>, while CUPS
+takes responsibility for printer configuration in
+<em class="filename">/etc/cups/printers.conf</em> (also creating stub
+entries used by Samba in <em class="filename">/etc/printcap</em>).</p>
+
+<div class="figure"><a name="samba2-APP-F-FIG-7"/><img src="figs/sam2_af07.gif"/></div><h4 class="head4">Figure F-7. NetInfo Manager: SMBServer properties</h4>
+
+<p><a href="appf.html#samba2-APP-F-TABLE-1">Table F-1</a> summarizes the association of Windows
+Services settings in the Server Settings application, properties
+stored in Open Directory, and parameters in
+<em class="filename">/etc/smb.conf</em>.</p>
+
+<a name="samba2-APP-F-TABLE-1"/><h4 class="head4">Table F-1. Samba configuration settings in Mac OS X Server</h4><table border="1">
+
+
+
+
+<tr>
+<th>
+<p>Server Settings graphical element in Windows Services</p>
+</th>
+<th>
+<p>Open Directory property in <em class="filename">/config/SMBServer</em></p>
+</th>
+<th>
+<p>Samba global parameter in<em class="filename">/etc/smb.conf</em></p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>General &rarr; Server Name</p>
+</td>
+<td>
+<p><tt class="literal">netbios_name</tt></p>
+</td>
+<td>
+<p><tt class="literal">netbios name</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>General &rarr; Workgroup</p>
+</td>
+<td>
+<p><tt class="literal">workgroup</tt></p>
+</td>
+<td>
+<p><tt class="literal">workgroup</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>General &rarr; Description</p>
+</td>
+<td>
+<p><tt class="literal">description</tt></p>
+</td>
+<td>
+<p><tt class="literal">server string</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>General &rarr; Code Page</p>
+</td>
+<td>
+<p><tt class="literal">code_page</tt></p>
+</td>
+<td>
+<p><tt class="literal">client code page</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>General &rarr; Start Windows Services on system startup</p>
+</td>
+<td>
+<p><tt class="literal">auto_start</tt></p>
+</td>
+<td>
+<p>N/A</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Access &rarr; Allow Guest Access</p>
+</td>
+<td>
+<p><tt class="literal">guest_access</tt>, <tt class="literal">map_to_guest</tt></p>
+</td>
+<td>
+<p><tt class="literal">map to guest</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">guest_account</tt></p>
+</td>
+<td>
+<p><tt class="literal">guest account</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Access &rarr; Maximum client connections</p>
+</td>
+<td>
+<p><tt class="literal">max_connections</tt></p>
+</td>
+<td>
+<p><tt class="literal">max smbd processes</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Logging &rarr; Detail Level</p>
+</td>
+<td>
+<p><tt class="literal">logging</tt></p>
+</td>
+<td>
+<p><tt class="literal">log level</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Neighborhood &rarr; WINS Registration &rarr;
+Off</p>
+</td>
+<td>
+<p><tt class="literal">WINS_enabled</tt>, <tt class="literal">WINS_register</tt></p>
+</td>
+<td>
+<p><tt class="literal">wins support</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Neighborhood &rarr; WINS Registration &rarr;
+Enable WINS server</p>
+</td>
+<td>
+<p><tt class="literal">WINS_enabled</tt></p>
+</td>
+<td>
+<p><tt class="literal">wins support</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Neighborhood &rarr; WINS Registration &rarr;
+Register with WINS server</p>
+</td>
+<td>
+<p><tt class="literal">WINS_register</tt>, <tt class="literal">WINS_address</tt></p>
+</td>
+<td>
+<p><tt class="literal">wins server</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Neighborhood &rarr; Workgroup/Domain Services
+&rarr; Master Browser</p>
+</td>
+<td>
+<p><tt class="literal">Local_Master</tt></p>
+</td>
+<td>
+<p><tt class="literal">local master</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Neighborhood &rarr; Workgroup/Domain Services
+&rarr; Domain Master Browser</p>
+</td>
+<td>
+<p><tt class="literal">Domain_Master</tt></p>
+</td>
+<td>
+<p><tt class="literal">domain master</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Print &rarr; Start Print Service</p>
+</td>
+<td>
+<p><tt class="literal">printing</tt></p>
+</td>
+<td>
+<p>N/A</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">lprm_command</tt></p>
+</td>
+<td>
+<p><tt class="literal">lprm command</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">lppause_command</tt></p>
+</td>
+<td>
+<p><tt class="literal">lppause command</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">lpresume_command</tt></p>
+</td>
+<td>
+<p><tt class="literal">lpresume command</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">printer_admin</tt></p>
+</td>
+<td>
+<p><tt class="literal">printer admin</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">encryption</tt></p>
+</td>
+<td>
+<p><tt class="literal">encrypt passwords</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">coding_system</tt></p>
+</td>
+<td>
+<p><tt class="literal">coding system</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">log_dir</tt></p>
+</td>
+<td>
+<p>N/A</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">smb_log</tt></p>
+</td>
+<td>
+<p><tt class="literal">log file</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">nmb_log</tt></p>
+</td>
+<td>
+<p>N/A</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">samba_sbindir</tt></p>
+</td>
+<td>
+<p>N/A</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">samba_bindir</tt></p>
+</td>
+<td>
+<p>N/A</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">samba_libdir</tt></p>
+</td>
+<td>
+<p>N/A</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">samba_lockdir</tt></p>
+</td>
+<td>
+<p>N/A</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">samba_vardir</tt></p>
+</td>
+<td>
+<p>N/A</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>N/A</p>
+</td>
+<td>
+<p><tt class="literal">stop_time</tt></p>
+</td>
+<td>
+<p>N/A <a name="INDEX-19"/></p>
+</td>
+</tr>
+
+</table>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-APP-F-SECT-3"/>
+
+<h2 class="head1">Rolling Your Own</h2>
+
+<p><a name="INDEX-20"/>When making manual changes to the Samba
+configuration file, take care to block changes initiated from
+graphical applications by invoking this command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>chflags uchg /etc/smb.conf</b></tt></pre></blockquote>
+
+<p>From that point on, the GUI will be useful only for starting,
+stopping, and monitoring the service&mdash;not for configuring it.</p>
+
+<p>If you install your own version of Samba, you can still manage it
+from Server Settings by changing some of the Open Directory
+properties in <em class="filename">/config/SMBServer</em>.</p>
+
+<p>To do this, open NetInfo Manager and modify the
+<tt class="literal">samba_sbindir</tt> and <tt class="literal">samba_bindir</tt>
+properties to match the location of your Samba installation.
+Optionally, you can modify <tt class="literal">samba_libdir</tt>,
+<tt class="literal">samba_vardir</tt>, and
+<tt class="literal">samba_lockdir</tt>. Assuming a default Samba
+installation, you can also change these at the command line with the
+following commands:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>nicl . -create /config/SMBServer samba_sbindir /usr/local/samba/bin</b></tt>
+# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_bindir /usr/local/samba/bin</b></tt>
+# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_libdir /usr/local/samba/lib</b></tt>
+# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_vardir /usr/local/samba/var</b></tt>
+# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_lockdir /usr/local/samba/var/locks</b></tt></pre></blockquote>
+
+<p>You can check your settings with this command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>nicl . -read /config/SMBServer</b></tt></pre></blockquote>
+
+<p>In Server Settings, select Stop Windows Services, then run this
+command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>killall sambadmind</b></tt></pre></blockquote>
+
+<p>The <em class="emphasis">watchdog</em> utility restarts
+<em class="emphasis">sambadmind</em> within seconds. Finally, go back to
+Server Settings, and select Start Windows Services.</p>
+
+<p>If you don't modify Open Directory properties to
+match your active Samba installation (because you wish to manage your
+configuration another way), be sure never to activate Windows
+Services from the Server Settings application, or
+you'll wind up with two sets of Samba daemons
+running concurrently. <a name="INDEX-21"/></p>
+
+
+</div>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/>
+<p><a href="#FNPTR-1">[1]</a> In versions of Mac OS X prior to 10.2, Open Directory domains
+were called NetInfo domains. NetInfo Manager (located in
+<em class="filename">/Applications/Utilities</em>) provides a graphical
+interface to view and modify the contents of Open Directory
+databases. For more information, see the <em class="citetitle">Mac OS X Server
+Administrator's Guide</em>, as well as
+<em class="citetitle">Understanding and Using NetInfo</em>, downloadable
+from the Mac OS X Server resources web page at <a href="http://www.apple.com/server/resources.html">http://www.apple.com/server/resources.html</a>.</p>
+</blockquote>
+
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+</body></html>
diff --git a/docs/htmldocs/using_samba/appg.html b/docs/htmldocs/using_samba/appg.html
new file mode 100644
index 00000000000..779f68034f1
--- /dev/null
+++ b/docs/htmldocs/using_samba/appg.html
@@ -0,0 +1,500 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Appendix G. GNU Free Documentation License</h1>
+
+
+<div class="sect1"><a name="samba2-APP-G-SECT-1"/>
+
+<a name="INDEX-1"/><h2 class="head1">GNU Free Documentation License</h2>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.1"/>
+
+<h3 class="head2">Version 1.2, November 2002</h3>
+
+<p>Copyright &copy; 2000, 2001, 2002 Free Software Foundation, Inc.</p>
+
+<p>59 Temple Place, Suite 330, Boston, MA 02111-1307 USA</p>
+
+<p>Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.2"/>
+
+<h3 class="head2">0. PREAMBLE</h3>
+
+<p>The purpose of this License is to make a manual, textbook, or other
+functional and useful document
+&quot;free&quot; in the sense of freedom: to
+assure everyone the effective freedom to copy and redistribute it,
+with or without modifying it, either commercially or noncommercially.
+Secondarily, this License preserves for the author and publisher a
+way to get credit for their work, while not being considered
+responsible for modifications made by others.</p>
+
+<p>This License is a kind of
+&quot;copyleft&quot;, which means that
+derivative works of the document must themselves be free in the same
+sense. It complements the GNU General Public License, which is a
+copyleft license designed for free software.</p>
+
+<p>We have designed this License in order to use it for manuals for free
+software, because free software needs free documentation: a free
+program should come with manuals providing the same freedoms that the
+software does. But this License is not limited to software manuals;
+it can be used for any textual work, regardless of subject matter or
+whether it is published as a printed book. We recommend this License
+principally for works whose purpose is instruction or reference.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.3"/>
+
+<h3 class="head2">1. APPLICABILITY AND DEFINITIONS</h3>
+
+<p>This License applies to any manual or other work, in any medium, that
+contains a notice placed by the copyright holder saying it can be
+distributed under the terms of this License. Such a notice grants a
+world-wide, royalty-free license, unlimited in duration, to use that
+work under the conditions stated herein. The
+&quot;Document&quot;, below, refers to any
+such manual or work. Any member of the public is a licensee, and is
+addressed as &quot;you&quot;. You accept the
+license if you copy, modify or distribute the work in a way requiring
+permission under copyright law.</p>
+
+<p>A &quot;Modified Version&quot; of the
+Document means any work containing the Document or a portion of it,
+either copied verbatim, or with modifications and/or translated into
+another language.</p>
+
+<p>A &quot;Secondary Section&quot; is a named
+appendix or a front-matter section of the Document that deals
+exclusively with the relationship of the publishers or authors of the
+Document to the Document's overall subject (or to
+related matters) and contains nothing that could fall directly within
+that overall subject. (Thus, if the Document is in part a textbook of
+mathematics, a Secondary Section may not explain any mathematics.)
+The relationship could be a matter of historical connection with the
+subject or with related matters, or of legal, commercial,
+philosophical, ethical or political position regarding them.</p>
+
+<p>The &quot;Invariant Sections&quot; are
+certain Secondary Sections whose titles are designated, as being
+those of Invariant Sections, in the notice that says that the
+Document is released under this License. If a section does not fit
+the above definition of Secondary then it is not allowed to be
+designated as Invariant. The Document may contain zero Invariant
+Sections. If the Document does not identify any Invariant Sections
+then there are none.</p>
+
+<p>The &quot;Cover Texts&quot; are certain short
+passages of text that are listed, as Front-Cover Texts or Back-Cover
+Texts, in the notice that says that the Document is released under
+this License. A Front-Cover Text may be at most 5 words, and a
+Back-Cover Text may be at most 25 words.</p>
+
+<p>A &quot;Transparent&quot; copy of the
+Document means a machine-readable copy, represented in a format whose
+specification is available to the general public, that is suitable
+for revising the document straightforwardly with generic text editors
+or (for images composed of pixels) generic paint programs or (for
+drawings) some widely available drawing editor, and that is suitable
+for input to text formatters or for automatic translation to a
+variety of formats suitable for input to text formatters. A copy made
+in an otherwise Transparent file format whose markup, or absence of
+markup, has been arranged to thwart or discourage subsequent
+modification by readers is not Transparent. An image format is not
+Transparent if used for any substantial amount of text. A copy that
+is not &quot;Transparent&quot; is called
+&quot;Opaque&quot;.</p>
+
+<p>Examples of suitable formats for Transparent copies include plain
+ASCII without markup, T<sup class="superscript">E</sup>Xinfo input
+format, L<sup class="superscript">A</sup>T<sup class="superscript">E</sup>X
+input format, SGML or XML using a publicly available DTD, and
+standard-conforming simple HTML, PostScript or PDF designed for human
+modification. Examples of transparent image formats include PNG, XCF
+and JPG. Opaque formats include proprietary formats that can be read
+and edited only by proprietary word processors, SGML or XML for which
+the DTD and/or processing tools are not generally available, and the
+machine-generated HTML, PostScript or PDF produced by some word
+processors for output purposes only.</p>
+
+<p>The &quot;Title Page&quot; means, for a
+printed book, the title page itself, plus such following pages as are
+needed to hold, legibly, the material this License requires to appear
+in the title page. For works in formats which do not have any title
+page as such, &quot;Title Page&quot; means
+the text near the most prominent appearance of the
+work's title, preceding the beginning of the body of
+the text.</p>
+
+<p>A section &quot;Entitled XYZ&quot; means a
+named subunit of the Document whose title either is precisely XYZ or
+contains XYZ in parentheses following text that translates XYZ in
+another language. (Here XYZ stands for a specific section name
+mentioned below, such as
+&quot;Acknowledgments&quot;,
+&quot;Dedications&quot;,
+&quot;Endorsements&quot;, or
+&quot;History&quot;.) To
+&quot;Preserve the Title&quot; of such a
+section when you modify the Document means that it remains a section
+&quot;Entitled XYZ&quot; according to this
+definition.</p>
+
+<p>The Document may include Warranty Disclaimers next to the notice
+which states that this License applies to the Document. These
+Warranty Disclaimers are considered to be included by reference in
+this License, but only as regards disclaiming warranties: any other
+implication that these Warranty Disclaimers may have is void and has
+no effect on the meaning of this License.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.4"/>
+
+<h3 class="head2">2. VERBATIM COPYING</h3>
+
+<p>You may copy and distribute the Document in any medium, either
+commercially or noncommercially, provided that this License, the
+copyright notices, and the license notice saying this License applies
+to the Document are reproduced in all copies, and that you add no
+other conditions whatsoever to those of this License. You may not use
+technical measures to obstruct or control the reading or further
+copying of the copies you make or distribute. However, you may accept
+compensation in exchange for copies. If you distribute a large enough
+number of copies you must also follow the conditions in section 3.</p>
+
+<p>You may also lend copies, under the same conditions stated above, and
+you may publicly display copies.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.5"/>
+
+<h3 class="head2">3. COPYING IN QUANTITY</h3>
+
+<p>If you publish printed copies (or copies in media that commonly have
+printed covers) of the Document, numbering more than 100, and the
+Document's license notice requires Cover Texts, you
+must enclose the copies in covers that carry, clearly and legibly,
+all these Cover Texts: Front-Cover Texts on the front cover, and
+Back-Cover Texts on the back cover. Both covers must also clearly and
+legibly identify you as the publisher of these copies. The front
+cover must present the full title with all words of the title equally
+prominent and visible. You may add other material on the covers in
+addition. Copying with changes limited to the covers, as long as they
+preserve the title of the Document and satisfy these conditions, can
+be treated as verbatim copying in other respects.</p>
+
+<p>If the required texts for either cover are too voluminous to fit
+legibly, you should put the first ones listed (as many as fit
+reasonably) on the actual cover, and continue the rest onto adjacent
+pages.</p>
+
+<p>If you publish or distribute Opaque copies of the Document numbering
+more than 100, you must either include a machine-readable Transparent
+copy along with each Opaque copy, or state in or with each Opaque
+copy a computer-network location from which the general network-using
+public has access to download using public-standard network protocols
+a complete Transparent copy of the Document, free of added material.
+If you use the latter option, you must take reasonably prudent steps,
+when you begin distribution of Opaque copies in quantity, to ensure
+that this Transparent copy will remain thus accessible at the stated
+location until at least one year after the last time you distribute
+an Opaque copy (directly or through your agents or retailers) of that
+edition to the public.</p>
+
+<p>It is requested, but not required, that you contact the authors of
+the Document well before redistributing any large number of copies,
+to give them a chance to provide you with an updated version of the
+Document.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.6"/>
+
+<h3 class="head2">4. MODIFICATIONS</h3>
+
+<p>You may copy and distribute a Modified Version of the Document under
+the conditions of sections 2 and 3 above, provided that you release
+the Modified Version under precisely this License, with the Modified
+Version filling the role of the Document, thus licensing distribution
+and modification of the Modified Version to whoever possesses a copy
+of it. In addition, you must do these things in the Modified Version:</p>
+
+<ol><li>
+<p>Use in the Title Page (and on the covers, if any) a title distinct
+from that of the Document, and from those of previous versions (which
+should, if there were any, be listed in the History section of the
+Document). You may use the same title as a previous version if the
+original publisher of that version gives permission.</p>
+</li><li>
+<p>List on the Title Page, as authors, one or more persons or entities
+responsible for authorship of the modifications in the Modified
+Version, together with at least five of the principal authors of the
+Document (all of its principal authors, if it has fewer than five),
+unless they release you from this requirement.</p>
+</li><li>
+<p>State on the Title page the name of the publisher of the Modified
+Version, as the publisher.</p>
+</li><li>
+<p>Preserve all the copyright notices of the Document.</p>
+</li><li>
+<p>Add an appropriate copyright notice for your modifications adjacent
+to the other copyright notices.</p>
+</li><li>
+<p>Include, immediately after the copyright notices, a license notice
+giving the public permission to use the Modified Version under the
+terms of this License, in the form shown in the Addendum below.</p>
+</li><li>
+<p>Preserve in that license notice the full lists of Invariant Sections
+and required Cover Texts given in the Document's
+license notice.</p>
+</li><li>
+<p>Include an unaltered copy of this License.</p>
+</li><li>
+<p>Preserve the section Entitled
+&quot;History&quot;, Preserve its Title, and
+add to it an item stating at least the title, year, new authors, and
+publisher of the Modified Version as given on the Title Page. If
+there is no section Entitled
+&quot;History&quot; in the Document, create
+one stating the title, year, authors, and publisher of the Document
+as given on its Title Page, then add an item describing the Modified
+Version as stated in the previous sentence.</p>
+</li><li>
+<p>Preserve the network location, if any, given in the Document for
+public access to a Transparent copy of the Document, and likewise the
+network locations given in the Document for previous versions it was
+based on. These may be placed in the
+&quot;History&quot; section. You may omit a
+network location for a work that was published at least four years
+before the Document itself, or if the original publisher of the
+version it refers to gives permission.</p>
+</li><li>
+<p>For any section Entitled
+&quot;Acknowledgments&quot; or
+&quot;Dedications&quot;, Preserve the Title
+of the section, and preserve in the section all the substance and
+tone of each of the contributor acknowledgments and/or dedications
+given therein.</p>
+</li><li>
+<p>Preserve all the Invariant Sections of the Document, unaltered in
+their text and in their titles. Section numbers or the equivalent are
+not considered part of the section titles.</p>
+</li><li>
+<p>Delete any section Entitled
+&quot;Endorsements&quot;. Such a section may
+not be included in the Modified Version.</p>
+</li><li>
+<p>Do not retitle any existing section to be Entitled
+&quot;Endorsements&quot; or to conflict in
+title with any Invariant Section.</p>
+</li><li>
+<p>Preserve any Warranty Disclaimers.</p>
+
+<p>If the Modified Version includes new front-matter sections or
+appendices that qualify as Secondary Sections and contain no material
+copied from the Document, you may at your option designate some or
+all of these sections as invariant. To do this, add their titles to
+the list of Invariant Sections in the Modified
+Version's license notice. These titles must be
+distinct from any other section titles.</p>
+
+<p>You may add a section Entitled
+&quot;Endorsements&quot;, provided it
+contains nothing but endorsements of your Modified Version by various
+parties&mdash;for example, statements of peer review or that the text
+has been approved by an organization as the authoritative definition
+of a standard.</p>
+
+<p>You may add a passage of up to five words as a Front-Cover Text, and
+a passage of up to 25 words as a Back-Cover Text, to the end of the
+list of Cover Texts in the Modified Version. Only one passage of
+Front-Cover Text and one of Back-Cover Text may be added by (or
+through arrangements made by) any one entity. If the Document already
+includes a cover text for the same cover, previously added by you or
+by arrangement made by the same entity you are acting on behalf of,
+you may not add another; but you may replace the old one, on explicit
+permission from the previous publisher that added the old one.</p>
+
+<p>The author(s) and publisher(s) of the Document do not by this License
+give permission to use their names for publicity for or to assert or
+imply endorsement of any Modified Version.</p>
+</li></ol>
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.7"/>
+
+<h3 class="head2">5. COMBINING DOCUMENTS</h3>
+
+<p>You may combine the Document with other documents released under this
+License, under the terms defined in section 4 above for modified
+versions, provided that you include in the combination all of the
+Invariant Sections of all of the original documents, unmodified, and
+list them all as Invariant Sections of your combined work in its
+license notice, and that you preserve all their Warranty Disclaimers.</p>
+
+<p>The combined work need only contain one copy of this License, and
+multiple identical Invariant Sections may be replaced with a single
+copy. If there are multiple Invariant Sections with the same name but
+different contents, make the title of each such section unique by
+adding at the end of it, in parentheses, the name of the original
+author or publisher of that section if known, or else a unique
+number. Make the same adjustment to the section titles in the list of
+Invariant Sections in the license notice of the combined work.</p>
+
+<p>In the combination, you must combine any sections Entitled
+&quot;History&quot; in the various original
+documents, forming one section Entitled
+&quot;History&quot;; likewise combine any
+sections Entitled
+&quot;Acknowledgements&quot;, and any
+sections Entitled &quot;Dedications&quot;.
+You must delete all sections Entitled
+&quot;Endorsements&quot;.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.8"/>
+
+<h3 class="head2">6. COLLECTIONS OF DOCUMENTS</h3>
+
+<p>You may make a collection consisting of the Document and other
+documents released under this License, and replace the individual
+copies of this License in the various documents with a single copy
+that is included in the collection, provided that you follow the
+rules of this License for verbatim copying of each of the documents
+in all other respects.</p>
+
+<p>You may extract a single document from such a collection, and
+distribute it individually under this License, provided you insert a
+copy of this License into the extracted document, and follow this
+License in all other respects regarding verbatim copying of that
+document.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.9"/>
+
+<h3 class="head2">7. AGGREGATION WITH INDEPENDENT WORKS</h3>
+
+<p>A compilation of the Document or its derivatives with other separate
+and independent documents or works, in or on a volume of a storage or
+distribution medium, is called an
+&quot;aggregate&quot; if the copyright
+resulting from the compilation is not used to limit the legal rights
+of the compilation's users beyond what the
+individual works permit. When the Document is included as an
+aggregate, this License does not apply to the other works in the
+aggregate which are not themselves derivative works of the Document.</p>
+
+<p>If the Cover Text requirement of section 3 is applicable to these
+copies of the Document, then if the Document is less than one half of
+the entire aggregate, the Document's Cover Texts may
+be placed on covers that bracket the Document within the aggregate,
+or the electronic equivalent of covers if the Document is in
+electronic form. Otherwise they must appear on printed covers that
+bracket the whole aggregate.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.10"/>
+
+<h3 class="head2">8. TRANSLATION</h3>
+
+<p>Translation is considered a kind of modification, so you may
+distribute translations of the Document under the terms of section 4.
+Replacing Invariant Sections with translations requires special
+permission from their copyright holders, but you may include
+translations of some or all Invariant Sections in addition to the
+original versions of these Invariant Sections. You may include a
+translation of this License, and all the license notices in the
+Document, and any Warranty Disclaimers, provided that you also
+include the original English version of this License and the original
+versions of those notices and disclaimers. In case of a disagreement
+between the translation and the original version of this License or a
+notice or disclaimer, the original version will prevail.</p>
+
+<p>If a section in the Document is Entitled
+&quot;Acknowledgements&quot;,
+&quot;Dedications&quot;, or
+&quot;History&quot;, the requirement (section
+4) to Preserve its Title (section 1) will typically require changing
+the actual title.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.11"/>
+
+<h3 class="head2">9. TERMINATION</h3>
+
+<p>You may not copy, modify, sublicense, or distribute the Document
+except as expressly provided for under this License. Any other
+attempt to copy, modify, sublicense or distribute the Document is
+void, and will automatically terminate your rights under this
+License. However, parties who have received copies, or rights, from
+you under this License will not have their licenses terminated so
+long as such parties remain in full compliance.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-G-SECT-1.12"/>
+
+<h3 class="head2">10. FUTURE REVISIONS OF THIS LICENSE</h3>
+
+<p>The Free Software Foundation may publish new, revised versions of the
+GNU Free Documentation License from time to time. Such new versions
+will be similar in spirit to the present version, but may differ in
+detail to address new problems or concerns. See <a href="http://www.gnu.org/copyleft/">http://www.gnu.org/copyleft/</a>.</p>
+
+<p>Each version of the License is given a distinguishing version number.
+If the Document specifies that a particular numbered version of this
+License &quot;or any later version&quot;
+applies to it, you have the option of following the terms and
+conditions either of that specified version or of any later version
+that has been published (not as a draft) by the Free Software
+Foundation. If the Document does not specify a version number of this
+License, you may choose any version ever published (not as a draft)
+by the Free Software Foundation. <a name="INDEX-2"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+</body></html>
diff --git a/docs/htmldocs/using_samba/ch00.html b/docs/htmldocs/using_samba/ch00.html
new file mode 100644
index 00000000000..5a2c89feb8b
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch00.html
@@ -0,0 +1,368 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Preface</h1>
+
+
+<p>You are reading a book about Samba, a software suite that networks
+Windows, Unix, and other operating systems using
+Windows' native networking protocol. Samba allows
+Unix servers to offer Windows networking services by matching the
+filesystem and networking models of Unix to those of Windows. Samba
+acts as a bridge between the two systems, connecting the
+corresponding parts of their architectures and providing a
+translation wherever necessary.</p>
+
+<p>Bridging the gap between systems as dissimilar as Windows and Unix is
+a complex task, which Samba handles surprisingly well. To be a good
+Samba administrator, your abilities must parallel
+Samba's. For starters, you need to know basic Unix
+system and network administration and have a good understanding of
+Windows filesystems and networking fundamentals. In addition, you
+need to learn how Samba fills in the &quot;gray
+area&quot; between Unix and Windows. Once you know how
+everything fits together, you'll find it easy to
+configure a Samba server to provide your network with reliable and
+high-performance computational resources.</p>
+
+<p>Our job is to make all of that easier for you. We do this by starting
+out with a quick and yet comprehensive tour of Windows networking in
+<a href="ch01.html">Chapter 1</a>, followed by tutorially-oriented
+<a href="ch02.html">Chapter 2</a> and <a href="ch03.html">Chapter 3</a>, which tell you how to set up a minimal Samba server
+and configure Windows clients to work with it. Most likely, you will
+be surprised how quickly you can complete the required tasks.</p>
+
+<p>We believe that a hands-on approach is the most effective, and you
+can use the Samba server you build in <a href="ch02.html">Chapter 2</a> and <a href="ch03.html">Chapter 3</a> as a test
+system for trying out examples that we show and describe throughout
+the book. You can jump around from chapter to chapter if you like,
+but if you continue sequentially from <a href="ch04.html">Chapter 4</a>
+onward, by the time you finish the book you will have a
+well-configured production Samba server ready for use. All you have
+to do is add the appropriate support for your intended purpose as we
+explain how to use each feature.</p>
+
+
+
+<div class="sect1"><a name="samba2-PREFACE-2-SECT-1"/>
+
+<h2 class="head1">Audience for This Book</h2>
+
+<p>This book is primarily intended for Unix administrators who need to
+support Windows clients on their network, as well as anyone who needs
+to access the resources of a Windows network environment from a Unix
+client. While we assume you are familiar with basic Unix system
+administration, we do <em class="emphasis">not</em> assume you are a
+networking expert. We do our best along the way to help out with
+unusual definitions and terms.</p>
+
+<p>Furthermore, we don't assume that you are an expert
+in Microsoft Windows. We carefully explain all the essential concepts
+related to Windows networking, and we go through the Windows side of
+the installation task in considerable detail, providing examples for
+both Windows 95/98/Me and Windows NT/2000/XP, which are significantly
+different. For the Unix side, we give examples that work with common
+Unix operating systems, such as Linux, Solaris, FreeBSD, and Mac OS
+X.</p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-PREFACE-2-SECT-2"/>
+
+<h2 class="head1">Organization</h2>
+
+<p>Here is a quick description of each chapter:</p>
+
+<p><a href="ch01.html">Chapter 1</a> introduces Samba and its capabilities,
+then describes the most important concepts of NetBIOS and SMB/CIFS
+networking. Finally, we give you a quick overview of the daemons and
+utilities that are included in the Samba distribution.</p>
+
+<p><a href="ch02.html">Chapter 2</a> covers configuring, compiling,
+installing, setting up, and testing the Samba server on a Unix
+platform.</p>
+
+<p><a href="ch03.html">Chapter 3</a> explains how to configure Microsoft
+Windows 95/98/Me and Windows NT/2000/XP clients to participate in an
+SMB network.</p>
+
+<p><a href="ch04.html">Chapter 4</a> explains the ins and outs of Windows NT
+domains and how to configure Samba to work in a network set up as a
+Windows NT domain.</p>
+
+<p><a href="ch05.html">Chapter 5</a> describes methods for accessing SMB
+shares on the network from Unix client systems.</p>
+
+<p><a href="ch06.html">Chapter 6</a>
+gets you up to speed on the structure of the Samba
+configuration file and shows you how to take control of file-sharing
+services.</p>
+
+<p><a href="ch07.html">Chapter 7</a> introduces name resolution, which is
+used to convert NetBIOS computer names into IP addresses, and
+browsing, the method used in SMB networking to find what resources
+are being shared on the network.</p>
+
+<p><a href="ch08.html">Chapter 8</a> continues the discussion of file-sharing options, and
+covers more advanced functions such as permissions, access control
+lists, opportunistic locks, and setting up a Distributed filesystem
+tree.</p>
+
+<p><a href="ch09.html">Chapter 9</a> discusses how
+to set up Samba users, introduces you to Samba security, and shows
+you how to work with encrypted and nonencrypted passwords.</p>
+
+<p><a href="ch10.html">Chapter 10</a>
+discusses printer setup for sharing Unix printers on the
+SMB network, and allowing Unix workstations to access SMB shared
+printers.</p>
+
+<p><a href="ch11.html">Chapter 11</a>
+bundles several miscellaneous topics associated with
+Samba, such as configuring Samba shares for programmers and
+internationalization issues.</p>
+
+<p><a href="ch12.html">Chapter 12</a> details what to do if
+you have problems installing Samba. This comparatively
+large chapter is packed with troubleshooting hints and strategies for
+identifying what is going wrong.</p>
+
+<p><a href="appa.html">Appendix A</a> provides working examples of
+<em class="filename">smb.conf</em> files for use in configuring Samba for
+its more common applications. You can easily modify the examples for
+use in a wide variety of circumstances.</p>
+
+<p><a href="appb.html">Appendix B</a> covers each option that can be used in
+the Samba configuration file.</p>
+
+<p><a href="appc.html">Appendix C</a> is a quick reference that covers each
+server daemon and tool that make up the Samba suite.</p>
+
+<p><a href="appd.html">Appendix D</a> explains how to download the latest
+development version of the Samba source code using CVS.</p>
+
+<p><a href="appe.html">Appendix E</a> documents each option that can be used
+with the <em class="emphasis">configure</em> command before compiling the
+Samba source code.</p>
+
+<p><a href="appf.html">Appendix F</a> includes directions for sharing files
+and printers with the Server edition of Mac OS X.</p>
+
+<p><a href="appg.html">Appendix G</a> is the copyright license under which
+this book is published.</p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-PREFACE-2-SECT-3"/>
+
+<h2 class="head1">Conventions Used in This Book</h2>
+
+<p>The following font conventions are followed throughout this book:</p>
+
+<dl>
+<dt><b>Italic </b></dt>
+<dd>
+<p>Filenames, file extensions, URLs, executable files, command options,
+and emphasis.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">Constant</tt> <tt class="literal">width</tt> </b></dt>
+<dd>
+<p>Samba configuration options, computer names, user and group names,
+hostnames, domain names, other code that appears in the text, and
+command-line information that should be typed verbatim on the screen.</p>
+</dd>
+
+
+
+<dt><b><tt class="userinput"><b>Constant width bold</b></tt> </b></dt>
+<dd>
+<p>Commands that are entered by the user and new configuration options
+that we wish to bring to the attention of the reader.</p>
+</dd>
+
+
+
+<dt><b><em class="replaceable">Constant width italic</em></b></dt>
+<dd>
+<p>Replaceable content in code and command-line information.</p>
+</dd>
+
+</dl>
+
+<a name="samba2-PREFACE-2-NOTE-82"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>This designates a note, which is an important aside to the nearby
+text.</p>
+</blockquote>
+<a name="samba2-PREFACE-2-NOTE-83"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>This designates a warning related to the nearby text.</p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-PREFACE-2-SECT-4"/>
+
+<h2 class="head1">How to Contact Us</h2>
+
+<p>We have tested and verified the information in this book to the best
+of our ability, but you might find that features have changed (or
+even that we have made mistakes!). Please let us know about any
+errors you find, as well as your suggestions for future editions, by
+writing to:</p>
+
+<blockquote class="simplelist">
+
+<p>O'Reilly &amp; Associates, Inc.</p>
+
+<p>1005 Gravenstein Highway North</p>
+
+<p>Sebastopol, CA 95472</p>
+
+<p>(800) 998-9938 (in the United States or Canada)</p>
+
+<p>(707) 829-0515 (international/local)</p>
+
+<p>(707) 829-0104 (fax)</p>
+
+</blockquote>
+
+<p>To ask technical questions or comment on the book, send email to:</p>
+
+<blockquote class="simplelist">
+
+<p><em class="email">bookquestions@oreilly.com</em></p>
+
+</blockquote>
+
+<p>We have a web page for this book where we list examples and any plans
+for future editions. You can access this information at:</p>
+
+<blockquote class="simplelist">
+
+<p><a href="http://www.oreilly.com/catalog/samba2">http://www.oreilly.com/catalog/samba2</a></p>
+
+</blockquote>
+
+<p>You can also contact Jay Ts, the lead author of this edition, through
+his web site at:</p>
+
+<blockquote class="simplelist">
+
+<p><a href="http://www.jayts.com">http://www.jayts.com</a></p>
+
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-PREFACE-2-SECT-5"/>
+
+<h2 class="head1">Acknowledgments</h2>
+
+<p>We thank Leon Towns-von Stauber for thoroughly researching the use of
+Samba on Mac OS X and writing material that appears in <a href="ch02.html">Chapter 2</a>, <a href="ch05.html">Chapter 5</a>, and <a href="ch10.html">Chapter 10</a>, as well as the entire <a href="appf.html">Appendix F</a>. We also thank our technical reviewers Sam
+Johnston, Matthew Temple, Marty Leisner, and Don McCall.</p>
+
+
+<div class="sect2"><a name="samba2-PREFACE-2-SECT-5.1"/>
+
+<h3 class="head2">Jay Ts</h3>
+
+<p>This book would have been extremely difficult to write if it
+hadn't been for the copy of VMware Workstation
+graciously provided by VMware, Inc. I want to thank Rik Farrow for
+his clarifying comments on security topics related to Samba and
+Windows, and both him and Rose Moon for their supportive friendship.
+Thanks also go to Mark Watson for his encouragement and advice on the
+topic of authoring technical books. Additionally,
+I'd like to express my appreciation to Andy Oram at
+O'Reilly for being a supportive, friendly, and
+easygoing editor, and for offering me terms that I could say yes
+to&mdash;something that a few other publishers
+didn't even approach. SuSE, Inc. generously provided
+a copy of SuSE Linux 8.1 Professional.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-PREFACE-2-SECT-5.2"/>
+
+<h3 class="head2">Robert Eckstein</h3>
+
+<p>I'd first like to recognize Dave Collier-Brown and
+Peter Kelly for all their help in the creation of this book.
+I'd also like to thank each technical reviewer who
+helped polish this book into shape on such short notice: Matthew
+Temple, Jeremy Allison, and of course Andrew Tridgell. Andrew and
+Jeremy deserve special recognition, not only for creating such a
+wonderful product, but also for providing a tireless amount of
+support in the final phase of this book&mdash;hats off to you, guys!
+A warm hug goes out to my wife Michelle, who once again put up with a
+husband loaded down with too much caffeine and a tight schedule.
+Thanks to Dave Sifry and the people at LinuxCare, San Francisco, for
+hosting me on such short notice for Andrew
+Tridgell's visit. And finally, a huge amount of
+thanks to our editor, Andy Oram, who (very) patiently helped guide
+this book through its many stages until we got it right.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-PREFACE-2-SECT-5.3"/>
+
+<h3 class="head2">David Collier-Brown</h3>
+
+<p>I'd particularly like to thank Joyce, who put up
+with me during the sometimes exciting development of the book. My
+thanks to Andy Oram, who was kind enough to provide the criticism
+that allowed me to contribute; the crew at ACE (Opcom) who humored
+the obvious madman in their midst; and Ian MacMillan, who voluntarily
+translated several of my early drafts from nerd to English. I would
+also like to give special thanks to Perry Donham, Drew Sullivan, and
+Jerry DeRoo for starting and sustaining this mad project. Finally,
+I'd like to thank Bob Eckstein for a final,
+sustained, and professional effort that lifted the whole book up to
+the level that Andy needed.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-PREFACE-2-SECT-5.4"/>
+
+<h3 class="head2">All</h3>
+
+<p>We would especially like to give thanks to Perry Donham and Peter
+Kelly for helping mold the first draft of this book. Although Perry
+was unable to contribute to subsequent drafts, his material was
+essential to getting this book off on the right foot. In addition,
+some of the browsing material came from text originally written by
+Dan Shearer for O'Reilly.</p>
+
+
+</div>
+
+
+</div>
+
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+</body></html>
diff --git a/docs/htmldocs/using_samba/ch01.html b/docs/htmldocs/using_samba/ch01.html
new file mode 100644
index 00000000000..98a687f08e3
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch01.html
@@ -0,0 +1,3193 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 1. Learning the Samba</h1>
+
+
+<p><a name="INDEX-1"/>Samba
+is an extremely useful networking tool for anyone who has both
+Windows and Unix systems on his network. Running on a Unix system, it
+allows Windows to share files and printers on the Unix host, and it
+also allows Unix users to access resources shared by Windows systems.</p>
+
+<p>Although it might seem natural to use a Windows server to serve files
+and printers to a network containing Windows clients, there are good
+reasons for preferring a Samba server for this duty. Samba is
+reliable software that runs on reliable Unix operating systems,
+resulting in fewer problems and a low cost of maintenance. Samba also
+offers better performance under heavy loads, outperforming Windows
+2000 Server by a factor of 2 to 1 on identical PC hardware, according
+to published third-party benchmarks. When common, inexpensive PC
+hardware fails to meet the demands of a huge client load, the Samba
+server can easily be moved to a proprietary &quot;big
+iron&quot; Unix mainframe, which can outperform Windows
+running on a PC many times. If all that weren't
+enough, Samba has a very nice cost advantage: it's
+free. Not only is the software itself freely available, but also no
+client licenses are required, and it runs on high-quality, free
+operating systems such as Linux and FreeBSD.</p>
+
+<p>After reading the previous paragraph, you might come to the
+conclusion that Samba is commonly used by large organizations with
+thousands of users on their networks&mdash;and you'd
+be right! But Samba's user base includes
+organizations all over the planet, of all types and sizes: from
+international corporations, to medium and small businesses, to
+individuals who run Samba on their Linux laptops. In the last case, a
+tool such as VMware is used to run Windows on the same computer, with
+Samba enabling the two operating systems to share files.</p>
+
+<p>The types of users vary even more&mdash;Samba is used by
+corporations, banks and other financial institutions, government and
+military organizations, schools, public libraries, art galleries,
+families, and even authors! This book was developed on a Linux system
+running VMware and Windows 2000, with Adobe FrameMaker running on
+Windows and the document files served by Samba from the Linux
+filesystem.</p>
+
+<p>Does all this whet your technological appetite? If so, we encourage
+you to keep reading, learn about Samba, and follow our examples to
+set up a Samba server of your own. In this and upcoming chapters, we
+will tell you exactly how to get started.</p>
+
+
+
+<div class="sect1"><a name="samba2-CHP-1-SECT-1"/>
+
+<h2 class="head1">What Is Samba?</h2>
+
+<p><a name="INDEX-2"/>Samba
+is a suite of Unix applications that speak the
+<a name="INDEX-3"/><a name="INDEX-4"/>Server
+Message Block (SMB) protocol. Microsoft Windows operating systems and
+the OS/2 operating system use SMB to perform client-server networking
+for file and printer sharing and associated operations. By supporting
+this protocol, Samba enables computers running Unix to get in on the
+action, communicating with the same networking protocol as Microsoft
+Windows and appearing as another Windows system on the network from
+the perspective of a Windows client. A <a name="INDEX-5"/>Samba
+server offers the following services:</p>
+
+<ul><li>
+<p>Share one or more directory trees</p>
+</li><li>
+<p>Share one or more Distributed filesystem (Dfs) trees</p>
+</li><li>
+<p>Share printers installed on the server among Windows clients on the
+network</p>
+</li><li>
+<p>Assist clients with network browsing</p>
+</li><li>
+<p>Authenticate clients logging onto a Windows domain</p>
+</li><li>
+<p>Provide or assist with Windows Internet Name Service (WINS)
+name-server resolution</p>
+</li></ul>
+<p>The Samba suite also includes client tools that allow users on a Unix
+system to access folders and printers that Windows systems and Samba
+servers offer on the network.</p>
+
+<p>Samba is the brainchild of Andrew <a name="INDEX-6"/>Tridgell, who currently heads the Samba
+development team. Andrew started the project in 1991, while working
+with a Digital Equipment Corporation (DEC) software suite called
+Pathworks, created for connecting DEC VAX computers to computers made
+by other companies. Without knowing the significance of what he was
+doing, Andrew created a file-server program for an odd protocol that
+was part of Pathworks. That protocol later turned out to be SMB. A
+few years later, he expanded upon his custom-made SMB server and
+began distributing it as a product on the Internet under the name
+&quot;SMB Server.&quot; However, Andrew
+couldn't keep that name&mdash;it already belonged to
+another company's product&mdash;so he tried the
+following Unix renaming approach:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>grep -i '^s.*m.*b' /usr/dict/words</b></tt></pre></blockquote>
+
+<p>And the response was:</p>
+
+<blockquote><pre class="code">salmonberry
+samba
+sawtimber
+scramble</pre></blockquote>
+
+<p>Thus, the name &quot;Samba&quot; was born.</p>
+
+<p>Today, the Samba suite revolves around a pair of Unix daemons that
+provide shared resources&mdash;called <em class="firstterm">shares
+</em>or s<em class="firstterm">ervices</em>&mdash;to SMB clients
+on the network. These are:</p>
+
+<dl>
+<dt><b><a name="INDEX-7"/>smbd</b></dt>
+<dd>
+<p>A daemon that handles file and printer sharing and provides
+authentication and authorization for SMB clients.</p>
+</dd>
+
+
+
+<dt><b><a name="INDEX-8"/>nmbd</b></dt>
+<dd>
+<p>A daemon that supports NetBIOS Name Service and WINS, which is
+Microsoft's implementation of a NetBIOS Name Server
+(NBNS). It also assists with network browsing.</p>
+</dd>
+
+</dl>
+
+<p>Samba is currently maintained and extended by a group of volunteers
+under the active supervision of Andrew Tridgell. Like the Linux
+operating system, Samba is distributed as open source software
+(<a href="http://opensource.org">http://opensource.org</a>) by its
+authors and is distributed under the GNU General Public License
+(GPL). Since its inception, development of Samba has been sponsored
+in part by the Australian National University, where Andrew Tridgell
+earned his Ph.D. Since then, many other organizations have sponsored
+Samba developers, including LinuxCare, VA Linux Systems,
+Hewlett-Packard, and IBM. It is a true testament to Samba that both
+commercial and noncommercial entities are prepared to spend money to
+support an open source effort.</p>
+
+<p>Microsoft has also contributed by offering its definition of the SMB
+protocol to the Internet Engineering Task Force (IETF) in 1996 as the
+<a name="INDEX-9"/><a name="INDEX-10"/>Common
+Internet File System (CIFS). Although we prefer to use the term
+&quot;SMB&quot; in this book, you will also
+often find the protocol being referred to as
+&quot;CIFS.&quot; This is especially true on
+Microsoft's web site.</p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-1-SECT-2"/>
+
+<h2 class="head1">What Can Samba Do for Me?</h2>
+
+<p><a name="INDEX-11"/>As explained earlier, Samba can help
+Windows and Unix computers coexist in the same network. However,
+there are some specific reasons why you might want to set up a Samba
+server on your network:</p>
+
+<ul><li>
+<p>You don't want to pay for&mdash;or
+can't afford&mdash;a full-fledged Windows server,
+yet you still need the functionality that one provides.</p>
+</li><li>
+<p>The Client Access Licenses (CALs) that Microsoft requires for each
+Windows client to access a Windows server are unaffordable.</p>
+</li><li>
+<p>You want to provide a common area for data or user directories to
+transition from a Windows server to a Unix one, or vice versa.</p>
+</li><li>
+<p>You want to share printers among Windows and Unix workstations.</p>
+</li><li>
+<p>You are supporting a group of computer users who have a mixture of
+Windows and Unix computers.</p>
+</li><li>
+<p>You want to integrate Unix and Windows authentication, maintaining a
+single database of user accounts that works with both systems.</p>
+</li><li>
+<p>You want to network Unix, Windows, Macintosh (OS X), and other
+systems using a single protocol.</p>
+</li></ul>
+<p>Let's take a quick tour of
+<a name="INDEX-12"/>Samba in action. Assume that we have
+the following basic network configuration: a Samba-enabled Unix
+system, to which we will assign the name <tt class="literal">toltec</tt>,
+and a pair of Windows clients, to which we will assign the names
+<tt class="literal">maya</tt> and <tt class="literal">aztec</tt>, all connected
+via a local area network (LAN). Let's also assume
+that <tt class="literal">toltec</tt> also has a local inkjet printer
+connected to it, <tt class="literal">lp</tt>, and a disk share named
+<tt class="literal">spirit</tt>&mdash;both of which it can offer to the
+other two computers. A graphic of this network is shown in <a href="ch01.html#samba2-CHP-1-FIG-1">Figure 1-1</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-1"/><img src="figs/sam2_0101.gif"/></div><h4 class="head4">Figure 1-1. A simple network set up with a Samba server</h4>
+
+<p>In this network, each computer listed shares the same
+<em class="firstterm">workgroup</em>. A workgroup is a group name tag
+that identifies an arbitrary collection of computers and their
+resources on an SMB network. Several workgroups can be on the network
+at any time, but for our basic network example,
+we'll have only one: the METRAN workgroup.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-2.1"/>
+
+<h3 class="head2">Sharing a Disk Service</h3>
+
+<p><a name="INDEX-13"/><a name="INDEX-14"/><a name="INDEX-15"/>If everything is properly
+configured, we should be able to see the Samba server,
+<tt class="literal">toltec</tt>, through the Network Neighborhood of the
+<tt class="literal">maya</tt> Windows desktop. In fact, <a href="ch01.html#samba2-CHP-1-FIG-2">Figure 1-2</a> shows the Network Neighborhood of the
+<tt class="literal">maya</tt> computer, including <tt class="literal">toltec</tt>
+and each computer that resides in the METRAN workgroup. Note the
+Entire Network icon at the top of the list. As we just mentioned,
+more than one workgroup can be on an SMB network at any given time.
+If a user clicks the Entire Network icon, she will see a list of all
+the workgroups that currently exist on the network.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-2"/><img src="figs/sam2_0102.gif"/></div><h4 class="head4">Figure 1-2. The Network Neighborhood directory</h4>
+
+<p>We can take a closer look at the <tt class="literal">toltec</tt> server by
+double-clicking its icon. This contacts <tt class="literal">toltec</tt>
+itself and requests a list of its
+<em class="firstterm">shares</em>&mdash;the file and printer
+resources&mdash;that the computer provides. In this case, a printer
+named <tt class="literal">lp</tt>, a home directory named
+<tt class="literal">jay</tt>, and a disk share named
+<tt class="literal">spirit</tt> are on the server, as shown in <a href="ch01.html#samba2-CHP-1-FIG-3">Figure 1-3</a>. Note that the Windows display shows hostnames
+in mixed case (Toltec). Case is irrelevant in hostnames, so you might
+see toltec, Toltec, and TOLTEC in various displays or command output,
+but they all refer to a single system. Thanks to Samba, Windows 98
+sees the Unix server as a valid SMB server and can access the
+<tt class="literal">spirit</tt> folder as if it were just another system
+folder.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-3"/><img src="figs/sam2_0103.gif"/></div><h4 class="head4">Figure 1-3. Shares available on the Toltec server as viewed from maya</h4>
+
+<p>One popular Windows feature is the ability to map a drive letter
+(such as E:, F:, or Z:) to a shared directory on the network using
+the Map Network Drive option in Windows Explorer.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a>
+Once you do so, your applications can access the folder across the
+network using the drive letter. You can store data on it, install and
+run programs from it, and even password-protect it against unwanted
+visitors. See <a href="ch01.html#samba2-CHP-1-FIG-4">Figure 1-4</a> for an example of mapping
+a <a name="INDEX-16"/><a name="INDEX-17"/>drive letter to a network
+directory.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-4"/><img src="figs/sam2_0104.gif"/></div><h4 class="head4">Figure 1-4. Mapping a network drive to a Windows drive letter</h4>
+
+<p>Take a look at the Path: entry in the dialog box of <a href="ch01.html#samba2-CHP-1-FIG-4">Figure 1-4</a>. An equivalent way to represent a directory on
+a network computer is by using two backslashes, followed by the name
+of the networked computer, another backslash, and the networked
+directory of the computer, as shown here:</p>
+
+<blockquote><pre class="code">\\<em class="replaceable">network-computer</em>\<em class="replaceable">directory</em></pre></blockquote>
+
+<p>This is known as the <em class="firstterm"/><a name="INDEX-18"/>Universal
+Naming Convention (UNC)</em> in the Windows world. For example, the dialog
+box in <a href="ch01.html#samba2-CHP-1-FIG-4">Figure 1-4</a> represents the network directory
+on the <tt class="literal">toltec</tt> server as:</p>
+
+<blockquote><pre class="code">\\toltec\spirit</pre></blockquote>
+
+<p>If this looks somewhat familiar to you, you're
+probably thinking of <em class="firstterm">uniform resource
+locators</em><a name="INDEX-19"/><a name="INDEX-20"/> (URLs), which are addresses that web
+browsers such as Netscape Navigator and Internet Explorer use to
+resolve systems across the Internet. Be sure not to confuse the two:
+URLs such as <a href="http://www.oreilly.com">http://www.oreilly.com</a> use forward slashes
+instead of backslashes, and they precede the initial slashes with the
+data transfer protocol (i.e., ftp, http) and a colon (:). In reality,
+URLs and UNCs are two completely separate things, although sometimes
+you can specify an SMB share using a URL rather than a UNC. As a URL,
+the <em class="filename">\\toltec\spirit</em> share would be specified as
+<em class="filename">smb://toltec/spirit</em>.</p>
+
+<p>Once the network drive is set up, Windows and its programs behave as
+if the networked directory were a local disk. If you have any
+applications that support multiuser functionality on a network, you
+can install those programs on the network drive.<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a> <a href="ch01.html#samba2-CHP-1-FIG-5">Figure 1-5</a> shows the
+resulting network drive as it would appear with other storage devices
+in the Windows 98 client. Note the pipeline attachment in the icon
+for the J: drive; this indicates that it is a network drive rather
+than a fixed drive.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-5"/><img src="figs/sam2_0105.gif"/></div><h4 class="head4">Figure 1-5. The Network directory mapped to the client drive letter J</h4>
+
+<p>My Network Places, found in Windows Me, 2000, and XP, works
+differently from Network Neighborhood. It is necessary to click a few
+more icons, but eventually we can get to the view of the
+<tt class="literal">toltec</tt> server as shown in <a href="ch01.html#samba2-CHP-1-FIG-6">Figure 1-6</a>. This is from a Windows 2000 system. Setting
+up the network drive using the Map Network Drive option in Windows
+2000 works similarly to other Windows versions. <a name="INDEX-21"/><a name="INDEX-22"/><a name="INDEX-23"/></p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-6"/><img src="figs/sam2_0106.gif"/></div><h4 class="head4">Figure 1-6. Shares available on Toltec (viewed from dine)</h4>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-2.2"/>
+
+<h3 class="head2">Sharing a Printer</h3>
+
+<p><a name="INDEX-24"/><a name="INDEX-25"/><a name="INDEX-26"/>You probably noticed that the printer
+<tt class="literal">lp</tt> appeared under the available shares for
+<tt class="literal">toltec</tt> in <a href="ch01.html#samba2-CHP-1-FIG-3">Figure 1-3</a>. This
+indicates that the Unix server has a printer that can be shared by
+the various SMB clients in the workgroup. Data sent to the printer
+from any of the clients will be spooled on the Unix server and
+printed in the order in which it is received.</p>
+
+<p><a name="INDEX-27"/><a name="INDEX-28"/>Setting up a Samba-enabled
+printer on the Windows side is even easier than setting up a disk
+share. By double-clicking the printer and identifying the
+manufacturer and model, you can install a driver for this printer on
+the Windows client. Windows can then properly format any information
+sent to the network printer and access it as if it were a local
+printer. On Windows 98, double-clicking the Printers icon in the
+Control Panel opens the Printers window shown in <a href="ch01.html#samba2-CHP-1-FIG-7">Figure 1-7</a>. Again, note the pipeline attachment below the
+printer, which identifies it as being on a network.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-7"/><img src="figs/sam2_0107.gif"/></div><h4 class="head4">Figure 1-7. A network printer available on Toltec</h4>
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-2.2.1"/>
+
+<h3 class="head3">Seeing things from the Unix side</h3>
+
+<p><a name="INDEX-29"/><a name="INDEX-30"/>As mentioned earlier, Samba
+appears in Unix as a set of daemon programs. You can view them with
+the Unix <a name="INDEX-31"/><em class="emphasis">ps</em> command; you can
+read any messages they generate through custom debug files or the
+Unix <em class="emphasis">syslog</em> (depending on how Samba is set up);
+and you can configure them from a single Samba configuration file:
+<em class="emphasis">smb.conf</em>. In addition, if you want to get an idea of
+what the daemons are doing, Samba has a program called
+<em class="emphasis">smbstatus</em><a name="INDEX-32"/> that will lay it all on the line. Here
+is how it works:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbstatus</b></tt>
+Processing section &quot;[homes]&quot;
+Processing section &quot;[printers]&quot;
+Processing section &quot;[spirit]&quot;
+
+Samba version 2.2.6
+Service uid gid pid machine
+-----------------------------------------
+spirit jay jay 7735 maya (172.16.1.6) Sun Aug 12 12:17:14 2002
+spirit jay jay 7779 aztec (172.16.1.2) Sun Aug 12 12:49:11 2002
+jay jay jay 7735 maya (172.16.1.6) Sun Aug 12 12:56:19 2002
+
+Locked files:
+Pid DenyMode R/W Oplock Name
+--------------------------------------------------
+7735 DENY_WRITE RDONLY NONE /u/RegClean.exe Sun Aug 12 13:01:22 2002
+
+Share mode memory usage (bytes):
+ 1048368(99%) free + 136(0%) used + 72(0%) overhead = 1048576(100%) total</pre></blockquote>
+
+<p>The Samba status from this output provides three sets of data, each
+divided into separate sections. The first section tells which systems
+have connected to the Samba server, identifying each client by its
+machine name (<tt class="literal">maya</tt> and <tt class="literal">aztec</tt>)
+and IP (Internet Protocol) address. The second section reports the
+name and status of the files that are currently in use on a share on
+the server, including the read/write status and any locks on the
+files. Finally, Samba reports the amount of memory it has currently
+allocated to the shares that it administers, including the amount
+actively used by the shares plus additional overhead. (Note that this
+is not the same as the total amount of memory that the
+<em class="emphasis">smbd</em> or <em class="emphasis">nmbd</em> processes are
+using.)</p>
+
+<p>Don't worry if you don't understand
+these statistics; they will become easier to understand as you move
+through the book.</p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-1-SECT-3"/>
+
+<h2 class="head1">Getting Familiar with an SMB Network</h2>
+
+<p><a name="INDEX-33"/>Now that you have had a brief tour of
+Samba, let's take some time to get familiar with
+Samba's adopted environment: an SMB network.
+Networking with SMB is significantly different from working with
+common TCP/IP protocols such as FTP and Telnet because there are
+several new concepts to learn and a lot of information to cover.
+First, we will discuss the basic concepts behind an SMB network,
+followed by some Microsoft implementations of it, and finally we will
+show you where a Samba server can and cannot fit into the picture.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-3.1"/>
+
+<h3 class="head2">Understanding NetBIOS</h3>
+
+<p>To begin, let's step back in time. In 1984, IBM
+authored a simple application programming interface (API) for
+networking its computers, called the <em class="firstterm">Network Basic
+Input/Output System
+</em>(<a name="INDEX-34"/>NetBIOS).
+The NetBIOS API provided a rudimentary design for an application to
+connect and share data with other computers.</p>
+
+<p>It's helpful to think of the NetBIOS API as
+networking extensions to the standard BIOS API calls. The BIOS
+contains low-level code for performing filesystem operations on the
+local computer. NetBIOS originally had to exchange instructions with
+computers across IBM PC or Token Ring networks. It therefore required
+a low-level transport protocol to carry its requests from one
+computer to the next.</p>
+
+<p>In late 1985, IBM released one such protocol, which it merged with
+the NetBIOS API to become the <em class="firstterm">NetBIOS Extended User
+Interface</em> (<em class="emphasis">NetBEUI</em> ).
+<a name="INDEX-35"/>NetBEUI was
+designed for small LANs, and it let each computer claim a name (up to
+15 characters) that wasn't already in use on the
+network. By a &quot;small LAN,&quot; we mean
+fewer than 255 nodes on the network&mdash;which was considered a
+generous number in 1985!</p>
+
+<p>The NetBEUI protocol was very popular with networking applications,
+including those running under Windows for Workgroups. Later,
+implementations of NetBIOS over Novell's IPX
+networking protocols also emerged, which competed with NetBEUI.
+However, the networking protocols of choice for the burgeoning
+Internet community were TCP/IP and UDP/IP, and implementing the
+NetBIOS APIs over those protocols soon became a necessity.</p>
+
+<p>Recall that TCP/IP uses numbers to represent computer addresses
+(192.168.220.100, for instance) while NetBIOS uses only names. This
+was a major issue when trying to mesh the two protocols together. In
+1987, the IETF published standardization documents, titled RFC 1001
+and 1002, that outlined how NetBIOS would work over a TCP/UDP
+network. This set of documents still governs each implementation that
+exists today, including those provided by Microsoft with its Windows
+operating systems, as well as the Samba suite.</p>
+
+<p>Since then, the standard that this document governs has become known
+as <em class="firstterm">NetBIOS over
+TCP/IP</em><a name="INDEX-36"/><a name="INDEX-37"/><a name="INDEX-38"/>, or NBT for short.<a name="FNPTR-3"/><a href="#FOOTNOTE-3">[3]</a> </p>
+
+<p>The NBT standard (RFC 1001/1002)
+currently outlines a trio of services on a network:</p>
+
+<ul><li>
+<p>A name service</p>
+</li><li>
+<p>Two communication services:</p>
+<ul><li>
+<p>Datagrams</p>
+</li>
+
+<li>
+<p>Sessions</p>
+</li></ul>
+</li>
+</ul>
+
+<p>The <a name="INDEX-39"/>name
+service solves the name-to-address problem mentioned earlier; it
+allows each computer to declare a specific name on the network that
+can be translated to a machine-readable IP address, much like
+today's Domain Name System (DNS) on the Internet.
+The <a name="INDEX-40"/>datagram and <a name="INDEX-41"/>session services are both
+secondary communication protocols used to transmit data back and
+forth from NetBIOS computers across the network.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-3.2"/>
+
+<h3 class="head2">Getting a Name</h3>
+
+<p><a name="INDEX-42"/><a name="INDEX-43"/>In the NetBIOS world, when each
+computer comes online, it wants to claim a name for itself; this is
+called <em class="firstterm">name registration</em>. However, no two
+computers in the same workgroup should be able to claim the same
+name; this would cause endless confusion for any computer that wanted
+to communicate with either of them. There are two different
+approaches to ensuring that this doesn't happen:</p>
+
+<ul><li>
+<p>Use an <em class="firstterm"/>NBNS</em> to keep track of which hosts have
+registered a NetBIOS name.</p>
+</li><li>
+<p>Allow each computer on the network to defend its name in the event
+that another computer attempts to use it.</p>
+</li></ul>
+<p><a href="ch01.html#samba2-CHP-1-FIG-8">Figure 1-8</a> illustrates a (failed) name
+registration, with and without an NBNS.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-8"/><img src="figs/sam2_0108.gif"/></div><h4 class="head4">Figure 1-8. Broadcast versus NBNS name registration</h4>
+
+<p><a name="INDEX-44"/><a name="INDEX-45"/>As mentioned earlier,
+there must be a way to resolve a NetBIOS name to a specific IP
+address; this is known as <em class="firstterm">name resolution</em>.
+There are two different approaches with NBT here as well:</p>
+
+<ul><li>
+<p>Have each computer report back its IP address when it
+&quot;hears&quot; a broadcast request for its
+NetBIOS name.</p>
+</li><li>
+<p>Use an NBNS to help resolve NetBIOS names to IP addresses.</p>
+</li></ul>
+<p><a href="ch01.html#samba2-CHP-1-FIG-9">Figure 1-9</a> illustrates the two types of name
+resolution.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-9"/><img src="figs/sam2_0109.gif"/></div><h4 class="head4">Figure 1-9. Broadcast versus NBNS name resolution</h4>
+
+<p>As you might expect, having an NBNS on your network can help out
+tremendously. To see exactly why, let's look at the
+broadcast method.</p>
+
+<p>Here, when a client computer boots, it will
+<a name="INDEX-46"/>broadcast a
+message declaring that it wishes to register a specified NetBIOS name
+as its own. If nobody objects to the use of the name, it keeps the
+name. On the other hand, if another computer on the local subnet is
+currently using the requested name, it will send a message back to
+the requesting client that the name is already taken. This is known
+as <em class="firstterm">defending</em><a name="INDEX-47"/><a name="INDEX-48"/> the hostname. This type of system
+comes in handy when one client has unexpectedly dropped off the
+network&mdash;another can take its name unchallenged&mdash;but it
+does incur an inordinate amount of traffic on the network for
+something as simple as name registration.</p>
+
+<p>With an NBNS, the same thing occurs, except the communication is
+confined to the requesting computer and the NBNS. No broadcasting
+occurs when the computer wishes to register the name; the
+registration message is simply sent directly from the client to the
+NBNS, and the NBNS replies regardless of whether the name is already
+taken. This is known as <em class="firstterm">point-to-point
+communication</em><a name="INDEX-49"/>, and it is often beneficial on
+networks with more than one subnet. This is because routers are
+generally configured to block incoming packets that are broadcast to
+all computers in the subnet.</p>
+
+<p>The same principles apply to name resolution. Without an NBNS,
+NetBIOS name resolution would also be done with a broadcast
+mechanism. All request packets would be sent to each computer in the
+network, with the hope that one computer that might be affected will
+respond directly back to the computer that asked. Using an NBNS and
+point-to-point communication for this purpose is far less taxing on
+the network than flooding the network with broadcasts for every
+name-resolution request.</p>
+
+<p>It can be argued that broadcast packets do not cause significant
+problems in modern, high-bandwidth networks of hosts with fast CPUs,
+if only a small number of hosts are on the network, or the demand for
+bandwidth is low. There are certainly cases where this is true;
+however, our advice throughout this book is to avoid relying on
+broadcasts as much as possible. This is a good rule to follow for
+large, busy networks, and if you follow our advice when configuring a
+small network, your network will be able to grow without encountering
+problems later on that might be difficult to diagnose. <a name="INDEX-50"/><a name="INDEX-51"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-3.3"/>
+
+<h3 class="head2">Node Types</h3>
+
+<p><a name="INDEX-52"/><a name="INDEX-53"/>How can you tell what strategy each
+client on your network will use when performing name registration and
+resolution? Each computer on an NBT network earns one of the
+following designations, depending on how it handles name registration
+and resolution: <a name="INDEX-54"/><a name="INDEX-55"/><a name="INDEX-56"/><a name="INDEX-57"/>b-node, p-node, m-node, and h-node. The
+behaviors of each type of node are summarized in <a href="ch01.html#samba2-CHP-1-TABLE-1">Table 1-1</a>.</p>
+
+<a name="samba2-CHP-1-TABLE-1"/><h4 class="head4">Table 1-1. NetBIOS node types</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Role</p>
+</th>
+<th>
+<p>Value</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>b-node</p>
+</td>
+<td>
+<p>Uses broadcast registration and resolution only.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>p-node</p>
+</td>
+<td>
+<p>Uses point-to-point registration and resolution only.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>m-node (mixed)</p>
+</td>
+<td>
+<p>Uses broadcast for registration. If successful, it notifies the NBNS
+of the result. Uses broadcast for resolution; uses the NBNS if
+broadcast is unsuccessful.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>h-node (hybrid)</p>
+</td>
+<td>
+<p>Uses the NBNS for registration and resolution; uses broadcast if the
+NBNS is unresponsive or inoperative.</p>
+</td>
+</tr>
+
+</table>
+
+<p>In the case of Windows clients, you will usually find them listed as
+h-nodes or hybrid nodes. The first three node types appear in RFC
+1001/1002, and h-nodes were invented later by Microsoft, as a more
+fault-tolerant method.</p>
+
+<p>You can find the node type of a Windows 95/98/Me computer by running
+the <em class="emphasis">winipcfg</em><a name="INDEX-58"/><a name="INDEX-59"/> command from the Start
+&rarr; Run dialog (or from an MS-DOS prompt) and clicking
+the More Info&gt;&gt; button. On Windows NT/2000/XP, you can use the
+<tt class="literal">ipconfig</tt><a name="INDEX-60"/><a name="INDEX-61"/><a name="INDEX-62"/><a name="INDEX-63"/>
+<tt class="literal">/all</tt> command in a command-prompt window. In either
+case, search for the line that says <tt class="literal">Node Type</tt>.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-3.4"/>
+
+<h3 class="head2">What's in a Name?</h3>
+
+<p>The names <a name="INDEX-64"/><a name="INDEX-65"/>NetBIOS uses are quite different
+from the DNS hostnames you might be familiar with. First, NetBIOS
+names exist in a flat namespace. In other words, there are no
+hierarchical levels, such as in <tt class="literal">oreilly.com</tt> (two
+levels) or <em class="emphasis">ftp</em><em class="emphasis">.samba.org</em> (three
+levels). NetBIOS names consist of a single unique string such as
+<tt class="literal">navaho</tt> or <tt class="literal">hopi</tt> within each
+workgroup or domain. Second, NetBIOS names are allowed to be only 15
+characters and can consist only of standard alphanumeric characters
+(a-z, A-Z, 0-9) and the following:</p>
+
+<blockquote><pre class="code">! @ # $ % ^ &amp; ( ) - ' { } . ~</pre></blockquote>
+
+<p>Although you are allowed to use a <a name="INDEX-66"/><a name="INDEX-67"/><a name="INDEX-68"/>period (.) in a NetBIOS name, we recommend
+against it because those names are not guaranteed to work in future
+versions of NBT.</p>
+
+<p>It's not a coincidence that all valid DNS names are
+also valid NetBIOS names. In fact, the unqualified DNS name for a
+Samba server is often reused as its NetBIOS name. For example, if you
+had a system with a hostname of <tt class="literal">mixtec.ora.com</tt> ,
+its NetBIOS name would likely be MIXTEC (followed by 9 spaces).</p>
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-3.4.1"/>
+
+<h3 class="head3">Resource names and types</h3>
+
+<p><a name="INDEX-69"/><a name="INDEX-70"/>With NetBIOS, a computer not
+only advertises its presence, but also tells others what types of
+services it offers. For example, <tt class="literal">mixtec</tt> can
+indicate that it's not just a workstation, but that
+it's also a file server and can receive Windows
+Messenger messages. This is done by adding a 16th byte to the end of
+the machine (resource) name, called the <em class="firstterm">resource
+type</em>, and registering the name multiple times, once for
+each service that it offers. See <a href="ch01.html#samba2-CHP-1-FIG-10">Figure 1-10</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-10"/><img src="figs/sam2_0110.gif"/></div><h4 class="head4">Figure 1-10. The structure of NetBIOS names</h4>
+
+<p>The 1-byte resource type indicates a unique service that the named
+computer provides. In this book, you will often see the resource type
+shown in angled brackets (&lt;&gt;) after the NetBIOS name, such as:</p>
+
+<blockquote><pre class="code">MIXTEC&lt;00&gt;</pre></blockquote>
+
+<p>You can see which names are registered for a particular NBT computer
+using the Windows command-line
+<em class="emphasis">nbtstat</em><a name="INDEX-71"/> utility.
+Because these services are unique (i.e., there cannot be more than
+one registered), you will see them listed as type UNIQUE in the
+output. For example, the following partial output describes the
+<tt class="literal">toltec</tt> server:</p>
+
+<blockquote><pre class="code">C:\&gt;<tt class="userinput"><b>nbtstat -a toltec</b></tt>
+
+ NetBIOS Remote Machine Name Table
+ Name Type Status
+---------------------------------------------
+TOLTEC &lt;00&gt; UNIQUE Registered
+TOLTEC &lt;03&gt; UNIQUE Registered
+TOLTEC &lt;20&gt; UNIQUE Registered
+...</pre></blockquote>
+
+<p>This says the server has registered the NetBIOS name
+<tt class="literal">toltec</tt> as a machine (computer) name, as a
+recipient of messages from the Windows Messenger service, and as a
+file server. Some possible attributes a name can have are listed in
+<a href="ch01.html#samba2-CHP-1-TABLE-2">Table 1-2</a>.</p>
+
+<a name="samba2-CHP-1-TABLE-2"/><h4 class="head4">Table 1-2. NetBIOS unique resource types</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Named resource</p>
+</th>
+<th>
+<p>Hexadecimal byte value</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>Standard Workstation Service</p>
+</td>
+<td>
+<p>00</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Messenger Service</p>
+</td>
+<td>
+<p>03</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>RAS Server Service</p>
+</td>
+<td>
+<p>06</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Domain Master Browser Service (associated with primary domain controller)</p>
+</td>
+<td>
+<p>1B</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Master Browser name</p>
+</td>
+<td>
+<p>1D</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>NetDDE Service</p>
+</td>
+<td>
+<p>1F</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Fileserver (including printer server)</p>
+</td>
+<td>
+<p>20</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>RAS Client Service</p>
+</td>
+<td>
+<p>21</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Network Monitor Agent</p>
+</td>
+<td>
+<p>BE</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Network Monitor Utility</p>
+</td>
+<td>
+<p>BF</p>
+</td>
+</tr>
+
+</table>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-3.4.2"/>
+
+<h3 class="head3">Group names and types</h3>
+
+<p>SMB also uses the concept of groups, with which computers can
+register themselves. Earlier we mentioned that the computers in our
+example belonged to a
+<em class="firstterm">workgroup</em><a name="INDEX-73"/>,
+which is a partition of computers on the same network. For example, a
+business might very easily have an ACCOUNTING and a SALES workgroup,
+each with different servers and printers. In the Windows world, a
+workgroup and an
+<a name="INDEX-74"/>SMB
+group are the same thing.</p>
+
+<p>Continuing our
+<em class="emphasis">nbtstat</em><a name="INDEX-75"/> example,
+the <tt class="literal">toltec</tt> Samba server is also a member of the
+METRAN workgroup (the GROUP attribute hex 00) and will participate in
+elections for the browse master (GROUP attribute 1E). Here is the
+remainder of the <em class="emphasis">nbtstat</em> output:</p>
+
+<blockquote><pre class="code"> NetBIOS Remote Machine Name Table
+ Name Type Status
+---------------------------------------------
+METRAN &lt;00&gt; GROUP Registered
+METRAN &lt;1E&gt; GROUP Registered
+..__MSBROWSE__.&lt;01&gt; GROUP Registered</pre></blockquote>
+
+<p>The possible group attributes a computer can have are illustrated in
+<a href="ch01.html#samba2-CHP-1-TABLE-3">Table 1-3</a>. More
+<a name="INDEX-76"/><a name="INDEX-77"/>information
+is available in <em class="emphasis">Windows NT in a Nutshell</em> by Eric
+<a name="INDEX-78"/>Pearce, also
+published by O'Reilly.</p>
+
+<a name="samba2-CHP-1-TABLE-3"/><h4 class="head4">Table 1-3. NetBIOS group resource types</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Named resource</p>
+</th>
+<th>
+<p>Hexadecimal byte value</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>Standard Workstation group</p>
+</td>
+<td>
+<p>00</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Logon server</p>
+</td>
+<td>
+<p>1C</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Master Browser name</p>
+</td>
+<td>
+<p>1D</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Normal Group name (used in browser elections)</p>
+</td>
+<td>
+<p>1E</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Internet Group name (administrative)</p>
+</td>
+<td>
+<p>20</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">&lt;01&gt;&lt;02&gt;_ _MSBROWSE_ _&lt;02&gt;</tt></p>
+</td>
+<td>
+<p>01</p>
+</td>
+</tr>
+
+</table>
+
+<p>The final entry, <tt class="literal">_ _ MSBROWSE _ _</tt>
+<a name="INDEX-80"/>, is used to announce a group to other
+master browsers. The nonprinting characters in the name show up as
+dots in an <em class="emphasis">nbtstat</em> printout.
+Don't worry if you don't understand
+all of the resource or group types. Some of them you will not need
+with Samba, and others you will pick up as you move through the rest
+of the chapter. The important thing to remember here is the logistics
+of the naming mechanism.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-3.4.3"/>
+
+<h3 class="head3">Scope ID</h3>
+
+<p>In the dark ages of SMB networking before NetBIOS groups were
+introduced, you could use a very primitive method to isolate groups
+of computers from the rest of the network. Each SMB packet contains a
+field called the <em class="firstterm">scope
+ID</em><a name="INDEX-81"/><a name="INDEX-82"/>, with the idea being that
+systems on the network could be configured to accept only packets
+with a scope ID matching that of their configuration. This feature
+was hardly ever used and unfortunately lingers in modern
+implementations. Some of the utilities included in the Samba
+distribution allow the scope ID to be set. Setting the scope ID in a
+network is likely to cause problems, and we are mentioning scope ID
+only so that you will not be confused by it when you later encounter
+it in various places.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-3.5"/>
+
+<h3 class="head2">Datagrams and Sessions</h3>
+
+<p>At this point, let's digress to discuss the
+responsibility of NBT: to provide connection services between two
+NetBIOS computers.
+<a name="INDEX-83"/>NBT
+offers two services: the <em class="firstterm">session
+service</em><a name="INDEX-84"/> and the
+<em class="firstterm">datagram service</em><a name="INDEX-85"/>.
+Understanding how these two services work is not essential to using
+Samba, but it does give you an idea of how NBT works and how to
+troubleshoot Samba when it doesn't work.</p>
+
+<p>The datagram service has no stable connection between computers.
+Packets of data are simply sent or broadcast from one computer to
+another, without regard to the order in which they arrive at the
+destination, or even if they arrive at all. The use of datagrams
+requires less processing overhead than sessions, although the
+reliability of the connection can suffer. Datagrams, therefore, are
+used for quickly sending nonvital blocks of data to one or more
+computers. The datagram service communicates using the simple
+primitives shown in <a href="ch01.html#samba2-CHP-1-TABLE-4">Table 1-4</a>.</p>
+
+<a name="samba2-CHP-1-TABLE-4"/><h4 class="head4">Table 1-4. Datagram primitives</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Primitive</p>
+</th>
+<th>
+<p>Description</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>Send Datagram</p>
+</td>
+<td>
+<p>Send datagram packet to computer or groups of computers.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Send Broadcast Datagram</p>
+</td>
+<td>
+<p>Broadcast datagram to any computer waiting with a Receive Broadcast
+datagram.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Receive Datagram</p>
+</td>
+<td>
+<p>Receive a datagram from a computer.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Receive Broadcast Datagram</p>
+</td>
+<td>
+<p>Wait for a Broadcast datagram.</p>
+</td>
+</tr>
+
+</table>
+
+<p>The session service is more complex. Sessions are a communication
+method that, in theory, offers the ability to detect problematic or
+inoperable connections between two NetBIOS applications. It helps to
+think of an NBT session as being similar to a telephone call, an
+analogy that obviously influenced the design of the CIFS standard.</p>
+
+<p>Once the connection is made, it remains open throughout the duration
+of the conversation, each side knows who the caller and the called
+computer are, and each can communicate with the simple primitives
+shown in <a href="ch01.html#samba2-CHP-1-TABLE-5">Table 1-5</a>.</p>
+
+<a name="samba2-CHP-1-TABLE-5"/><h4 class="head4">Table 1-5. Session primitives</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Primitive</p>
+</th>
+<th>
+<p>Description</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>Call</p>
+</td>
+<td>
+<p>Initiate a session with a computer listening under a specified name.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Listen</p>
+</td>
+<td>
+<p>Wait for a call from a known caller or any caller.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Hang-up</p>
+</td>
+<td>
+<p>Exit a call.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Send</p>
+</td>
+<td>
+<p>Send data to the other computer.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Receive</p>
+</td>
+<td>
+<p>Receive data from the other computer.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Session Status</p>
+</td>
+<td>
+<p>Get information on requested sessions.</p>
+</td>
+</tr>
+
+</table>
+
+<p>Sessions are the backbone of resource sharing on an NBT network. They
+are typically used for establishing stable connections from client
+computers to disk or printer shares on a server. The client
+&quot;calls&quot; the server and starts
+trading information such as which files it wishes to open, which data
+it wishes to exchange, etc. These calls can last a long
+time&mdash;hours, even days&mdash;and all of this occurs within the
+context of a single connection. If there is an error, the session
+software (TCP) will retransmit until the data is received properly,
+unlike the &quot;punt-and-pray&quot; approach
+of the datagram service (UDP).</p>
+
+<p>In truth, while sessions are supposed to handle problematic
+communications, they sometimes don't. If the
+connection is interrupted, session information that is open between
+the two computers might become invalid. If that happens, the only way
+to regain the session information is for the same two computers to
+call each other again and start over.</p>
+
+<p>If you want more information on each service, we recommend you look
+at RFC 1001. However, there are two important things to remember
+here:</p>
+
+<ul><li>
+<p><a name="INDEX-88"/>Sessions always
+occur between two NetBIOS computers. If a session service is
+interrupted, the client is supposed to store sufficient state
+information for it to reestablish the connection. However, in
+practice, this often does not happen.</p>
+</li><li>
+<p><a name="INDEX-89"/>Datagrams can
+be broadcast to multiple computers, but they are unreliable. In other
+words, there is no way for the source to know that the datagrams it
+sent have indeed arrived at their destinations. <a name="INDEX-90"/></p>
+</li></ul>
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-1-SECT-4"/>
+
+<h2 class="head1">An Introduction to the SMB Protocol</h2>
+
+<p><a name="INDEX-91"/>Now
+we're going to cover some low-level technical
+details and explore the elementals of the SMB protocol. You probably
+don't need to know much about this to implement a
+simple Samba network, and therefore you might want to skip or skim
+over this section and go on to the next one
+(&quot;Windows Workgroups and Domains&quot;)
+on your first reading. However, assuming you are going to be
+responsible for long-term maintenance of a Samba network, it will
+help if you understand how it actually works. You will more easily be
+able to diagnose and correct any odd problems that pop up.</p>
+
+<p>At a high level, the SMB protocol suite is relatively simple. It
+includes commands for all the file and print operations that you
+might perform on a local disk or printer, such as:</p>
+
+<ul><li>
+<p>Opening and closing files</p>
+</li><li>
+<p>Creating and deleting files and directories</p>
+</li><li>
+<p>Reading and writing files</p>
+</li><li>
+<p>Searching for files</p>
+</li><li>
+<p>Queueing and dequeueing files in a print spool</p>
+</li></ul>
+<p>Each operation can be encoded into an SMB message and transmitted to
+and from a server. The original name
+&quot;SMB&quot; comes from the way in which
+the commands are formatted: they are versions of the standard DOS
+system-call data structures, or <em class="firstterm">Server Message
+Blocks</em>, redesigned for transmitting to another computer
+across a network.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-4.1"/>
+
+<h3 class="head2">SMB Format</h3>
+
+<p>Richard <a name="INDEX-92"/>Sharpe of the Samba team defines SMB as
+a <em class="firstterm">request-response</em> protocol.<a name="FNPTR-4"/><a href="#FOOTNOTE-4">[4]</a> In effect,
+this means that a client sends an SMB request to a server and the
+server sends an SMB response back to the client. In only one rare
+circumstance does a server send a message that is not in response to
+a client.</p>
+
+<p>An <a name="INDEX-94"/>SMB message is not as complex as you
+might think. Let's take a closer look at the
+internal structure of such a message. It can be broken down into two
+parts: the <em class="firstterm">header</em>, which is a fixed size, and
+the <em class="firstterm">command string</em>, whose size can vary
+dramatically based on the contents of the message.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-4.1.1"/>
+
+<h3 class="head3">SMB header format</h3>
+
+<p><a href="ch01.html#samba2-CHP-1-TABLE-6">Table 1-6</a> shows the format of an
+<a name="INDEX-95"/>SMB header. The COM field identifies
+the command being performed. SMB commands are not required to use all
+the fields in the SMB header. For example, when a client first
+attempts to connect to a server, it does not yet have a tree
+identifier (TID) value&mdash;one is assigned after it successfully
+connects&mdash;so a null TID is placed in its header field. Other
+fields can be padded with zeros when not used.</p>
+
+<p>The <a name="INDEX-96"/>SMB header fields are listed in <a href="ch01.html#samba2-CHP-1-TABLE-6">Table 1-6</a>.</p>
+
+<a name="samba2-CHP-1-TABLE-6"/><h4 class="head4">Table 1-6. SMB header fields</h4><table border="1">
+
+
+
+
+<tr>
+<th>
+<p>Field</p>
+</th>
+<th>
+<p>Size (bytes)</p>
+</th>
+<th>
+<p>Description</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">0xFF 'SMB</tt>'</p>
+</td>
+<td>
+<p><tt class="literal">1</tt></p>
+</td>
+<td>
+<p>Protocol identifier</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">COM</tt></p>
+</td>
+<td>
+<p><tt class="literal">1</tt></p>
+</td>
+<td>
+<p>Command code, from 0x00 to 0xFF</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">RCLS</tt></p>
+</td>
+<td>
+<p><tt class="literal">1</tt></p>
+</td>
+<td>
+<p>Error class</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">REH</tt></p>
+</td>
+<td>
+<p><tt class="literal">1</tt></p>
+</td>
+<td>
+<p>Reserved</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">ERR</tt></p>
+</td>
+<td>
+<p><tt class="literal">2</tt></p>
+</td>
+<td>
+<p>Error code</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">REB</tt></p>
+</td>
+<td>
+<p><tt class="literal">1</tt></p>
+</td>
+<td>
+<p>Reserved</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">RES</tt></p>
+</td>
+<td>
+<p><tt class="literal">14</tt></p>
+</td>
+<td>
+<p>Reserved</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">TID</tt></p>
+</td>
+<td>
+<p><tt class="literal">2</tt></p>
+</td>
+<td>
+<p>TID; a unique ID for a resource in use by the client</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">PID</tt></p>
+</td>
+<td>
+<p><tt class="literal">2</tt></p>
+</td>
+<td>
+<p>Caller process ID</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">UID</tt></p>
+</td>
+<td>
+<p><tt class="literal">2</tt></p>
+</td>
+<td>
+<p>User identifier</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">MID</tt></p>
+</td>
+<td>
+<p><tt class="literal">2</tt></p>
+</td>
+<td>
+<p>Multiplex identifier; used to route requests inside a process</p>
+</td>
+</tr>
+
+</table>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-4.1.2"/>
+
+<h3 class="head3">SMB command format</h3>
+
+<p>Immediately after the header is a variable number of bytes that
+constitute an <a name="INDEX-97"/>SMB command or reply. Each command,
+such as Open File (COM field identifier: <tt class="literal">SMBopen</tt>)
+or Get Print Queue (<tt class="literal">SMBsplretq</tt> ), has its own set
+of parameters and data. Like the SMB header fields, not all of the
+command fields need to be filled, depending on the specific command.
+For example, the Get Server Attributes
+(<tt class="literal">SMBdskattr</tt>) command sets the WCT and BCC fields
+to zero. The fields of the command segment are shown in <a href="ch01.html#samba2-CHP-1-TABLE-7">Table 1-7</a>.</p>
+
+<a name="samba2-CHP-1-TABLE-7"/><h4 class="head4">Table 1-7. SMB command contents</h4><table border="1">
+
+
+
+
+<tr>
+<th>
+<p>Field</p>
+</th>
+<th>
+<p>Size (bytes)</p>
+</th>
+<th>
+<p>Description</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">WCT</tt></p>
+</td>
+<td>
+<p><tt class="literal">1</tt></p>
+</td>
+<td>
+<p>Word count</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">VWV</tt></p>
+</td>
+<td>
+<p>Variable</p>
+</td>
+<td>
+<p>Parameter words (size given by WCT)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">BCC</tt></p>
+</td>
+<td>
+<p><tt class="literal">2</tt></p>
+</td>
+<td>
+<p>Parameter byte count</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">DATA</tt></p>
+</td>
+<td>
+<p>Variable</p>
+</td>
+<td>
+<p>Data (size given by BCC)</p>
+</td>
+</tr>
+
+</table>
+
+<p>Don't worry if you don't understand
+each field; they are not necessary for using Samba at an
+administrator level. However, they do come in handy when debugging
+system messages. We will show you some of the more common SMB
+messages that clients and servers send using a modified version of
+<em class="filename">tcpdump</em> later in this section. (If you prefer an
+<a name="INDEX-98"/><a name="INDEX-99"/>SMB sniffer with a graphical
+interface, try Ethereal, which uses the GTK libraries; see
+<a href="http://www.ethereal.com">http://www.ethereal.com</a> for more
+information on this tool.)</p>
+
+<a name="samba2-CHP-1-NOTE-84"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>For more information on each command in the
+<a name="INDEX-100"/>SMB protocol, see the
+<em class="citetitle">CIFS Technical
+Reference</em><a name="INDEX-101"/> at <a href="http://www.snia.org/tech_activities/CIFS">http://www.snia.org/tech_activities/CIFS</a>.</p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-4.1.3"/>
+
+<h3 class="head3">SMB variations</h3>
+
+<p>The SMB protocol has been extended with new commands several times
+since its inception. Each new version is backward-compatible with the
+previous versions, so it is possible for a LAN to have clients and
+servers concurrently running different versions of the SMB protocol.</p>
+
+<p><a href="ch01.html#samba2-CHP-1-TABLE-8">Table 1-8</a> outlines the major versions of the
+<a name="INDEX-102"/>SMB
+protocol. Within each &quot;dialect&quot; of
+SMB are many sub-versions that include commands supporting particular
+releases of major operating systems. The ID string in column 2 is
+used by clients and servers to determine in which level of the
+protocol they will speak to each other.</p>
+
+<a name="samba2-CHP-1-TABLE-8"/><h4 class="head4">Table 1-8. SMB protocol dialects</h4><table border="1">
+
+
+
+
+<tr>
+<th>
+<p>Protocol name</p>
+</th>
+<th>
+<p>ID string</p>
+</th>
+<th>
+<p>Used by</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>Core</p>
+</td>
+<td>
+<p><tt class="literal">PC NETWORK PROGRAM 1.0</tt></p>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<p><a name="INDEX-103"/>Core Plus</p>
+</td>
+<td>
+<p><tt class="literal">MICROSOFT NETWORKS 1.03</tt></p>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<p><a name="INDEX-104"/>LAN Manager 1.0</p>
+</td>
+<td>
+<p><tt class="literal">LANMAN1.0</tt></p>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<p>LAN Manager 2.0</p>
+</td>
+<td>
+<p><tt class="literal">LM1.2X002</tt></p>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<p>LAN Manager 2.1</p>
+</td>
+<td>
+<p><tt class="literal">LANMAN2.1</tt></p>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<p><a name="INDEX-105"/>NT LAN
+Manager 1.0</p>
+</td>
+<td>
+<p><tt class="literal">NT LM 0.12</tt></p>
+</td>
+<td>
+<p>Windows NT 4.0</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><a name="INDEX-106"/>Samba's NT LM 0.12</p>
+</td>
+<td>
+<p><tt class="literal">Samba</tt></p>
+</td>
+<td>
+<p>Samba</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><a name="INDEX-107"/><a name="INDEX-108"/>Common
+Internet File System</p>
+</td>
+<td>
+<p><tt class="literal">CIFS 1.0</tt></p>
+</td>
+<td>
+<p>Windows 2000/XP</p>
+</td>
+</tr>
+
+</table>
+
+<p>Samba implements the NT LM 0.12 specification for NT LAN Manager 1.0.
+It is backward-compatible with all the other SMB variants. The CIFS
+specification is, in reality, LAN Manager 0.12 with a few specific
+additions.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-4.2"/>
+
+<h3 class="head2">SMB Clients and Servers</h3>
+
+<p><a name="INDEX-109"/><a name="INDEX-110"/>As
+mentioned earlier, SMB is a client/server protocol. In the purest
+sense, this means that a client sends a request to a server, which
+acts on the request and returns a reply. However, the client/server
+roles can often be reversed, sometimes within the context of a single
+SMB session. For example, consider the two Windows 95/98/Me computers
+in <a href="ch01.html#samba2-CHP-1-FIG-11">Figure 1-11</a>. The computer named
+<tt class="literal">maya</tt> shares a printer to the network, and the
+computer named <tt class="literal">toltec</tt> shares a disk directory.
+<tt class="literal">maya</tt> is in the client role when accessing
+<tt class="literal">toltec</tt>'s network drive and in the
+server role when printing a job for <tt class="literal">toltec</tt>.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-11"/><img src="figs/sam2_0111.gif"/></div><h4 class="head4">Figure 1-11. Two computers that both have resources to share</h4>
+
+<p>This brings out an important point in Samba terminology:</p>
+
+<ul><li>
+<p>A <em class="firstterm">server</em> is a computer with a resource to
+share.</p>
+</li><li>
+<p>A <em class="firstterm">client</em> is a computer that wishes to use that
+resource.</p>
+</li><li>
+<p>A computer can be a client, a server, or both, or it can be neither
+at any given time.</p>
+</li></ul>
+<p>Microsoft Windows products have both the SMB client and server built
+into the operating system, and it is common to find Windows acting as
+a server, client, both, or neither at any given time in a production
+network. Although Samba has been developed primarily to function as a
+server, there are also ways that it and associated software can act
+as an SMB client. As with Windows, it is even possible to set up a
+Unix system to act as an SMB client and not as a server. See <a href="ch05.html">Chapter 5</a> for more details on this topic.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-4.3"/>
+
+<h3 class="head2">A Simple SMB Connection</h3>
+
+<p><a name="INDEX-111"/>The client and server must complete
+three steps to establish a connection to a resource:</p>
+
+<ol><li>
+<p>Establish a NetBIOS session.</p>
+</li><li>
+<p>Negotiate the protocol variant.</p>
+</li><li>
+<p>Set session parameters, and make a tree connection to a resource.</p>
+</li></ol>
+<p>We will examine each step through the eyes of a useful tool that we
+mentioned earlier: the modified
+<em class="filename">tcpdump</em><a name="INDEX-112"/> that is
+available from the Samba web site.</p>
+
+<a name="samba2-CHP-1-NOTE-85"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>You can download the tcpdump program at <a href="http://www.samba.org">http://www.samba.org</a> in the
+<em class="filename">samba/ftp/tcpdump-smb</em> directory; the latest
+version as of this writing is 3.4-10. Use this program as you would
+use the standard <em class="filename">tcpdump</em> application, but add
+the <tt class="literal">-s 1500</tt> switch to ensure that you get the
+whole packet and not just the first few bytes.</p>
+</blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-4.4"/>
+
+<h3 class="head2">Establishing a NetBIOS Session</h3>
+
+<p><a name="INDEX-113"/>When a user first makes a request
+to access a network disk or send a print job to a remote printer,
+NetBIOS takes care of making a connection at the session layer. The
+result is a bidirectional channel between the client and server. The
+client and server need only two messages to establish this
+connection. This is shown in the following example session request
+and response, as captured by <em class="filename">tcpdump</em> .</p>
+
+<p>First, the client sends a request to open a session, and
+<em class="filename">tcpdump </em><a name="INDEX-114"/>reports:</p>
+
+<blockquote><pre class="code">&gt;&gt;&gt; NBT Packet
+NBT Session Request
+Flags=0x81000044
+Destination=TOLTEC NameType=0x20 (Server)
+Source=MAYA NameType=0x00 (Workstation)</pre></blockquote>
+
+<p>Then the server responds, granting a session to the client:</p>
+
+<blockquote><pre class="code">&gt;&gt;&gt; NBT Packet
+NBT Session Granted
+Flags=0x82000000</pre></blockquote>
+
+<p>At this point, there is an open channel between the client and server.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-4.5"/>
+
+<h3 class="head2">Negotiating the Protocol Variant</h3>
+
+<p>Next, the client sends a message to the server to negotiate an
+<a name="INDEX-115"/>SMB protocol. As mentioned
+earlier, the client sets its <a name="INDEX-116"/>tree identifier (TID) field to
+zero, because it does not yet know what TID to use. A <em class="emphasis">tree
+identifier</em> is a number that represents a connection to a
+share on a server.</p>
+
+<p>The command in the message is <tt class="literal">SMBnegprot</tt>, a
+request to negotiate a protocol variant that will be used for the
+entire session. Note that the client sends to the server a list of
+all the variants that it can speak, not vice versa:</p>
+
+<blockquote><pre class="code">&gt;&gt;&gt; NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=154
+
+SMB PACKET: SMBnegprot (REQUEST)
+SMB Command = 0x72
+Error class = 0x0
+Error code = 0
+Flags1 = 0x0
+Flags2 = 0x0
+Tree ID = 0
+Proc ID = 5315
+UID = 0
+MID = 257
+Word Count = 0
+Dialect=PC NETWORK PROGRAM 1.0
+Dialect=MICROSOFT NETWORKS 3.0
+Dialect=DOS LM1.2X002
+Dialect=DOS LANMAN2.1
+Dialect=Windows for Workgroups 3.1a
+Dialect=NT LM 0.12</pre></blockquote>
+
+<p>The server responds to the
+<tt class="literal">SMBnegprot</tt><a name="INDEX-117"/> request with an index (with counting
+starting at 0) into the list of variants that the client offered, or
+with the value 0xFF if none of the protocol variants is acceptable:</p>
+
+<blockquote><pre class="code">&gt;&gt;&gt; NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=84
+
+SMB PACKET: SMBnegprot (REPLY)
+SMB Command = 0x72
+Error class = 0x0
+Error code = 0
+Flags1 = 0x80
+Flags2 = 0x1
+Tree ID = 0
+Proc ID = 5315
+UID = 0
+MID = 257
+Word Count = 17
+NT1 Protocol
+DialectIndex=5
+[...]</pre></blockquote>
+
+<p>In this example, the server responds with the value 5, which
+indicates that the <tt class="literal">NT</tt> <tt class="literal">LM</tt>
+<tt class="literal">0.12</tt> dialect will be used for the remainder of the
+session.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-4.6"/>
+
+<h3 class="head2">Set Session and Login Parameters</h3>
+
+<p><a name="INDEX-118"/><a name="INDEX-119"/>The next step is to transmit session and
+login parameters for the session, which you do using the
+<a name="INDEX-120"/><tt class="literal">SMBSesssetupX</tt>
+command. The parameters include the following:</p>
+
+<ul><li>
+<p>The account name and password (if there is one)</p>
+</li><li>
+<p>The workgroup name</p>
+</li><li>
+<p>The maximum size of data that can be transferred</p>
+</li><li>
+<p>The number of pending requests that can be in the queue at a time</p>
+</li></ul>
+<p>The resulting output from <em class="filename">tcpdump </em>is:</p>
+
+<blockquote><pre class="code">&gt;&gt;&gt; NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=150
+
+SMB PACKET: SMBsesssetupX (REQUEST)
+SMB Command = 0x73
+Error class = 0x0
+Error code = 0
+Flags1 = 0x10
+Flags2 = 0x0
+Tree ID = 0
+Proc ID = 5315
+UID = 1
+MID = 257
+Word Count = 13
+Com2=0x75
+Res1=0x0
+Off2=120
+MaxBuffer=2920
+MaxMpx=50
+VcNumber=0
+SessionKey=0x1380
+CaseInsensitivePasswordLength=24
+CaseSensitivePasswordLength=0
+Res=0x0
+Capabilities=0x1
+Pass1&amp;Pass2&amp;Account&amp;Domain&amp;OS&amp;LanMan=
+ JAY METRAN Windows 4.0 Windows 4.0
+
+SMB PACKET: SMBtconX (REQUEST) (CHAINED)
+smbvwv[]=
+Com2=0xFF
+Off2=0
+Flags=0x2
+PassLen=1
+Passwd&amp;Path&amp;Device=
+smb_bcc=23
+smb_buf[]=\\TOLTEC\SPIRIT</pre></blockquote>
+
+<p>In this example, the <tt class="literal">SMBsesssetupX</tt> Session Setup
+command allows for an additional SMB command to be piggybacked onto
+it (indicated by the letter X at the end of the command name). The
+hexadecimal code of the second command is given in the
+<tt class="literal">Com2</tt> field. In this case the command is
+<tt class="literal">0x75</tt>, which is the <tt class="literal">SMBtconX</tt>
+<tt class="literal">(</tt>Tree Connect and X) command. The
+<tt class="literal">SMBtconX</tt><a name="INDEX-121"/> message looks for the name of the
+resource in the <em class="emphasis">smb_buf</em> buffer. In this example,
+<em class="emphasis">smb_buf</em> contains the string
+<tt class="literal">\\TOLTEC\SPIRIT</tt>, which is the full pathname to a
+shared directory on <tt class="literal">toltec</tt>. Using the
+&quot;and X&quot; commands like this speeds
+up each transaction because the server doesn't have
+to wait on the client to make a second request.</p>
+
+<p>Note that the TID is still zero. Finally, the server returns a TID to
+the client, indicating that the user has been authorized access and
+that the resource is ready to be used:</p>
+
+<blockquote><pre class="code">&gt;&gt;&gt; NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=85
+
+SMB PACKET: SMBsesssetupX (REPLY)
+SMB Command = 0x73
+Error class = 0x0
+Error code = 0
+Flags1 = 0x80
+Flags2 = 0x1
+Tree ID = 1
+Proc ID = 5315
+UID = 100
+MID = 257
+Word Count = 3
+Com2=0x75
+Off2=68
+Action=0x1
+[000] Unix Samba 2.2.6
+[010] METRAN
+
+SMB PACKET: SMBtconX (REPLY) (CHAINED)
+smbvwv[]=
+Com2=0xFF
+Off2=0
+smbbuf[]=
+ServiceType=A:</pre></blockquote>
+
+<p>The <em class="emphasis">ServiceType</em> field is set to
+&quot;A&quot; to indicate that this is a file
+service. Available service types are:</p>
+
+<ul><li>
+<p>&quot;A&quot; for a disk or file</p>
+</li><li>
+<p>&quot;LPT1&quot; for a spooled output</p>
+</li><li>
+<p>&quot;COMM&quot; for a direct-connect printer
+or modem</p>
+</li><li>
+<p>&quot;IPC&quot; for a named pipe</p>
+</li></ul>
+<p>Now that a TID has been assigned, the client can use it as a handle
+to perform any operation that it would use on a local disk drive. It
+can open files, read and write to them, delete them, create new
+files, search for filenames, and so on. <a name="INDEX-122"/></p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-1-SECT-5"/>
+
+<h2 class="head1">Windows Workgroups and Domains</h2>
+
+<p>Up to now, we've covered basic SMB technology, which
+is all you would need if you had nothing more advanced than MS-DOS
+clients on your network. We do assume you want to support Windows
+clients, especially the more recent versions, so next
+we'll describe the enhancements Microsoft has added
+to SMB networking&mdash;namely, Windows for Workgroups and Windows
+domains.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-5.1"/>
+
+<h3 class="head2">Windows Workgroups</h3>
+
+<p><a name="INDEX-123"/><a name="INDEX-124"/>Windows
+Workgroups are very similar to the SMB groups already described. You
+need to know just a few additional things.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-5.1.1"/>
+
+<h3 class="head3">Browsing</h3>
+
+<p><a name="INDEX-125"/>Browsing
+is the process of finding the other computers and shared resources in
+the Windows network. Note that there is no connection with a World
+Wide Web browser, apart from the general idea of
+&quot;discovering what's
+there.&quot; On the other hand, browsing the Windows
+network is like the Web in that what's out there can
+change without warning.</p>
+
+<p>Before browsing existed, users had to know the name of the computer
+they wanted to connect to on the network and then manually enter a
+UNC such as the following into an application or file manager to
+access resources:</p>
+
+<blockquote><pre class="code">\\toltec\spirit\</pre></blockquote>
+
+<p>Browsing is much more convenient, making it possible to examine the
+contents of a network by using the point-and-click GUI interface of
+the Network Neighborhood (or My Network Places<a name="FNPTR-5"/><a href="#FOOTNOTE-5">[5]</a>) on a Windows client.</p>
+
+<p>You will encounter two types of browsing in an SMB network:</p>
+
+<ul><li>
+<p><a name="INDEX-129"/>Browsing a list
+of computers and shared resources</p>
+</li><li>
+<p><a name="INDEX-130"/>Browsing the shared resource
+of a specific computer</p>
+</li></ul>
+<p>Let's look at the first one. On each LAN (or subnet)
+with a Windows workgroup or domain, one computer has the
+responsibility of maintaining a list of the computers that are
+currently accessible through the network. This computer is called the
+<em class="firstterm">local master
+browser</em><a name="INDEX-131"/><a name="INDEX-132"/>, and the list that it maintains is
+called the <em class="firstterm">browse
+list</em><a name="INDEX-133"/>. Computers on a subnet use the browse
+list to cut down on the amount of network traffic generated while
+browsing. Instead of each computer dynamically polling to determine a
+list of the currently available computers, the computer can simply
+query the local master browser to obtain a complete, up-to-date list.</p>
+
+<p>To browse the resources on a computer, a user must connect to the
+specific computer; this information cannot be obtained from the
+browse list. Browsing the list of resources on a computer can be done
+by double-clicking the computer's icon when it is
+presented in the Network Neighborhood. As you saw at the opening of
+the chapter, the computer will respond with a list of shared
+resources that can be accessed after the user is successfully
+authenticated.</p>
+
+<p>Each server on a Windows workgroup is required to announce its
+presence to the local master browser after it has registered a
+NetBIOS name, and (theoretically) announce that it is leaving the
+workgroup when it is shut down. It is the local master
+browser's responsibility to record what the servers
+have announced.</p>
+<a name="samba2-CHP-1-NOTE-86"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>The Windows <a name="INDEX-134"/>Network Neighborhood can behave
+oddly: until you select a particular computer to browse, the Network
+Neighborhood window might contain data that is not up-to-date. That
+means the Network Neighborhood window can be showing computers that
+have crashed or can be missing computers that
+haven't been noticed yet. Put succinctly, once
+you've selected a server and connected to it, you
+can be a lot more confident that the shares and printers really exist
+on the network.</p>
+</blockquote>
+
+<p>Unlike the roles you've seen earlier, almost any
+Windows system (including Windows for Workgroups and Windows 95/98/Me
+or NT/2000/XP) can act as a local master browser. The local master
+browser can have one or more
+<em class="firstterm"/><a name="INDEX-135"/><a name="INDEX-136"/>backup
+browsers</em> on the local subnet
+that will take over in the event that the local master browser fails
+or becomes inaccessible. To ensure fluid operation, the local backup
+browsers will frequently synchronize their browse list with the local
+master browser.</p>
+
+<p>Here is how to calculate the minimum number of backup browsers that
+will be allocated on a workgroup:</p>
+
+<ul><li>
+<p>If up to 32 Windows NT/2000/XP workstations are on the network, or up
+to 16 Windows 95/98/Me computers are on the network, the local master
+browser allocates one backup browser in addition to the local master
+browser.</p>
+</li><li>
+<p>If the number of Windows NT/2000/XP workstations falls between 33 and
+64, or the number of Windows 95/98/Me workstations falls between 17
+and 32, the local master browser allocates two backup browsers.</p>
+</li><li>
+<p>For each group of 32 NT/2000/XP workstations or 16 Windows 95/98/Me
+computers beyond this, the local master browser allocates another
+backup browser.</p>
+</li></ul>
+<p>There is currently no upper limit on the number of backup browsers
+that can be allocated by the local master browser.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-5.1.2"/>
+
+<h3 class="head3">Browsing elections</h3>
+
+<p><a name="INDEX-137"/>Browsing
+is a critical aspect of any Windows workgroup. However, not
+everything runs perfectly on any network. For example,
+let's say that a computer running Windows on the
+desk of a small company's CEO is the local master
+browser&mdash;that is, until he switches it off while plugging in his
+massage chair. At this point the Windows NT Workstation in the spare
+parts department might agree to take over the job. However, that
+computer is currently running a large, poorly written program that
+has brought its processor to its knees. The moral: browsing has to be
+very tolerant of servers coming and going. Because nearly every
+Windows system can serve as a browser, there has to be a way of
+deciding at any time who will take on the job. This decision-making
+process is called an <em class="firstterm">election</em>.</p>
+
+<p>An election algorithm is built into nearly all Windows operating
+systems such that they can each agree who is going to be a local
+master browser and who will be local backup browsers. An election can
+be forced at any time. For example, let's assume
+that the CEO has finished his massage and reboots his server. As the
+server comes online, it will announce its presence, and an election
+will take place to see if the PC in the spare parts department should
+still be the master browser.</p>
+
+<p>When an election is performed, each computer broadcasts information
+about itself via datagrams. This information includes the following:</p>
+
+<ul><li>
+<p>The version of the election protocol used</p>
+</li><li>
+<p>The operating system on the computer</p>
+</li><li>
+<p>The amount of time the client has been on the network</p>
+</li><li>
+<p>The hostname of the client</p>
+</li></ul>
+<p>These values determine which operating system has seniority and will
+fulfill the role of the local master browser. (<a href="ch07.html">Chapter 7</a> describes the election process in more
+detail.) The architecture developed to achieve this is not elegant
+and has built-in security problems. While a browsing domain can be
+integrated with domain security, the election algorithm does not take
+into consideration which computers become browsers. Thus it is
+possible for any computer running a browser service to register
+itself as participating in the browsing election and (after winning)
+being able to change the browse list. Nevertheless, browsing is a key
+feature of Windows networking, and backward-compatibility
+requirements will ensure that it is in use for years to come.
+<a name="INDEX-138"/></p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-5.1.3"/>
+
+<h3 class="head3">Windows 95/98/Me authentication</h3>
+
+<p>Three types of passwords arise when
+<a name="INDEX-139"/><a name="INDEX-140"/>Windows
+95/98/Me is operating in a Windows workgroup:</p>
+
+<ul><li>
+<p>A Windows password</p>
+</li><li>
+<p>A Windows Networking password</p>
+</li><li>
+<p>A password for each shared resource that has been assigned password
+protection</p>
+</li></ul>
+<p>The Windows <a name="INDEX-141"/>password functions in a manner
+that might be a source of confusion for Unix system administrators.
+It is not there to prevent unauthorized users from using the
+computer. (If you don't believe that, try clicking
+the Cancel button on the password dialog box and see what happens!)
+Instead, the Windows password is used to gain access to a file that
+contains the Windows Networking and network resource passwords. There
+is one such file per registered user of the system, and they can be
+found in the <em class="filename">C:\Windows</em> directory with a name
+composed of the user's account name, followed by a
+<em class="filename">.pwl</em><a name="INDEX-142"/><a name="INDEX-143"/><a name="INDEX-144"/> extension. For example, if the
+user's account name is
+&quot;sarah,&quot; the file will be
+<em class="filename">C:\Windows\sarah.pwl</em>. This file is encrypted
+using the Windows password as the encryption key.</p>
+
+<a name="samba2-CHP-1-NOTE-87"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>As a security measure, you might want to check for junk
+<em class="filename">.pwl</em> files on Windows 95/98/Me clients, which
+might have been created by mistakes users made while attempting to
+log on. A <em class="filename">.pwl</em> file is easily cracked and can
+contain valid passwords for Samba accounts and network shares.</p>
+</blockquote>
+
+<p>The first time the network is accessed, Windows attempts to use the
+Windows password as the Windows Networking password. If this is
+successful, the user will not be prompted for two separate passwords,
+and subsequent logins to the Windows system will automatically result
+in logging on to the Windows network as well, making things much
+simpler for the user.</p>
+
+<p>Shared network resources in the workgroup can also have passwords
+assigned to them to limit their accessibility. The first time a user
+attempts to access the resource, she is asked for its password, and a
+checkbox in the password dialog box gives the user the option to add
+the password to her password list. This is the default; if it is
+accepted, Windows will store the password in the
+user's <em class="filename">.pwl</em> file, and all
+further authentication to the resource will be handled automatically
+by Windows.</p>
+
+<p>Samba's approach to workgroup authentication is a
+little different, which is a result of blending the Windows workgroup
+model with that of the Unix host upon which Samba runs. This will be
+discussed further in <a href="ch09.html">Chapter 9</a>. <a name="INDEX-145"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-5.2"/>
+
+<h3 class="head2">Windows NT Domains</h3>
+
+<p><a name="INDEX-146"/>The
+peer-to-peer networking model of
+<a name="INDEX-147"/>workgroups functions fairly well as long as
+the number of computers on the network is small and there is a
+close-knit community of users. However, in larger networks the
+simplicity of workgroups becomes a limiting factor. Workgroups offer
+only the most basic level of security, and because each resource can
+have its own password, it is inconvenient (to say the least) for
+users to remember the password for each resource in a large network.
+Even if that were not a problem, many people find it frustrating to
+have to interrupt their creative workflow to enter a shared password
+into a dialog box every time another network resource is accessed.</p>
+
+<p>To support the needs of larger networks, such as those found in
+departmental computing environments, Microsoft introduced domains
+with Windows NT 3.51. A <em class="firstterm">Windows NT domain</em> is
+essentially a workgroup of SMB computers that has one addition: a
+server acting as a <em class="firstterm">domain
+controller</em><a name="INDEX-148"/> (see <a href="ch01.html#samba2-CHP-1-FIG-12">Figure 1-12</a>).</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-12"/><img src="figs/sam2_0112.gif"/></div><h4 class="head4">Figure 1-12. A simple Windows domain</h4>
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-5.2.1"/>
+
+<h3 class="head3">Domain controllers</h3>
+
+<p>A domain controller in a Windows NT domain functions much like a
+<a name="INDEX-149"/><a name="INDEX-150"/>Network
+Information Service (NIS) server in a Unix network, maintaining a
+domain-wide database of user and group information, as well as
+performing related services. The responsibilities of a domain
+controller are mainly centered around security, including
+<em class="firstterm">authentication</em><a name="INDEX-151"/>,
+the process of granting or denying a user access to the resources of
+the domain. This is typically done through the use of a username and
+password. The service that maintains the database on the domain
+controllers is called the <a name="INDEX-152"/><a name="INDEX-153"/>Security Account Manager (SAM).</p>
+
+<p>The <a name="INDEX-154"/>Windows NT security model revolves
+around <em class="firstterm">security
+identifiers</em><a name="INDEX-155"/><a name="INDEX-156"/> (SIDs) and <em class="firstterm">access
+control lists</em><a name="INDEX-157"/><a name="INDEX-158"/>
+(ACLs). Security identifiers are used to represent objects in the
+domain, which include (but are not limited to) users, groups,
+computers, and processes. SIDs are commonly written in ASCII form as
+hyphen-separated fields, like this:</p>
+
+<blockquote><pre class="code">S-1-5-21-1638239387-7675610646-9254035128-545</pre></blockquote>
+
+<p>The part of the SID starting with the
+&quot;S&quot; and leading up to the rightmost
+hyphen identifies a domain. The number after the rightmost hyphen is
+called a <a name="INDEX-159"/>relative identifier (RID) and is a unique
+number within the domain that identifies the user, group, computer,
+or other object. The RID is the analog of a <a name="INDEX-160"/>user ID (UID) or
+<a name="INDEX-161"/>group ID
+(GID) on a Unix system or within an NIS domain.</p>
+
+<p>ACLs supply the same function as
+&quot;rwx&quot;
+<a name="INDEX-162"/><a name="INDEX-163"/><a name="INDEX-164"/><a name="INDEX-165"/><a name="INDEX-166"/>file permissions that are common in Unix
+systems. However, ACLs are more versatile. Unix file permissions only
+set permissions for the owner and group to which the file belongs,
+and &quot;other,&quot; meaning everyone else.
+Windows NT/2000/XP ACLs allow permissions to be set individually for
+any number of arbitrary users and/or groups. ACLs are made up of one
+or more <em class="firstterm">access control
+entries</em><a name="INDEX-167"/> (ACEs), each of which contains an SID
+and the access rights associated with it.</p>
+
+<p>ACL support has been added as a standard feature for some Unix
+variants and is available as an add-on for others. Samba supports
+mappings between Windows and Unix ACLs, and this will be covered in
+<a href="ch08.html">Chapter 8</a>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-5.2.2"/>
+
+<h3 class="head3">Primary and backup domain controllers</h3>
+
+<p>You've already read about master and backup
+browsers. Domain controllers are similar in that a domain has a
+<em class="firstterm">primary domain
+controller</em><a name="INDEX-168"/><a name="INDEX-169"/><a name="INDEX-170"/> (PDC) and can have
+one or more <em class="firstterm">backup domain
+controllers</em><a name="INDEX-171"/> (BDCs) as well. If the PDC fails or
+becomes inaccessible, its duties are automatically taken over by one
+of the BDCs. BDCs frequently synchronize their SAM data with the PDC
+so if the need arises, any one of them can immediately begin
+performing domain-controller services without impacting the clients.
+However, note that BDCs have read-only copies of the SAM database;
+they can update their data only by synchronizing with a PDC. A server
+in a Windows domain can use the SAM of any PDC or BDC to authenticate
+a user who attempts to access its resources and log on to the domain.</p>
+
+<p>All recent versions of Windows can log on to a domain as clients to
+access the resources of the domain servers. The systems that are
+considered members of the domain are a more exclusive class, composed
+of the PDC and BDCs, as well as domain member servers, which are
+systems that have joined a domain as members, and are known to the
+domain controllers by having a computer account in the SAM database.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-5.2.3"/>
+
+<h3 class="head3">Authentication</h3>
+
+<p><a name="INDEX-172"/>When
+a user logs on to a Windows domain by typing in a username and
+password, a secure challenge and response protocol is invoked between
+the client computer and a domain controller to verify that the
+username and password are valid. Then the domain controller sends a
+SID back to the client, which uses it to create a
+<a name="INDEX-173"/>Security Access Token (SAT) that is valid
+only for that system, to be used for further authentication. This
+access token has information about the user coded into it, including
+the username, the group, and the rights the user has within the
+domain. At this point, the user is logged on to the domain.</p>
+
+<p>Subsequently, when the client attempts to access a shared resource
+within the domain, the client system enters into a secure challenge
+and response exchange with the server of the resource. The server
+then enters into another secure challenge and response conversation
+with a domain controller to check that the client is valid. (What
+actually happens is that the server uses information it gets from the
+client to pretend to be the client and authenticate itself with the
+domain controller. If the domain controller validates the
+credentials, it sends an SID back to the server, which uses the SID
+to create its own SAT for the client to enable access to its local
+resources on the client's behalf.) At this point,
+the client is authenticated for resources on the server and is
+allowed to access them. The server then uses the SID in the access
+token to determine what permissions the client has to use and modify
+the requested resource by comparing them to entries in the ACL of the
+resource.</p>
+
+<p>Although this method of authentication might seem overly complicated,
+it allows clients to authenticate without having plain-text passwords
+travel through the network, and it is much more difficult to crack
+than the relatively weak workgroup security we described earlier.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-5.2.4"/>
+
+<h3 class="head3">Name service with WINS and DNS</h3>
+
+<p>The <a name="INDEX-174"/><a name="INDEX-175"/>Windows
+Internet Name Service (WINS) is Microsoft's
+implementation of a NetBIOS name server (NBNS). As such, WINS
+inherits much of NetBIOS's characteristics. First,
+WINS is flat; you can have only simple machine names such as
+<tt class="literal">inca</tt>, <tt class="literal">mixtec</tt>, or
+<tt class="literal">navaho</tt>, and workgroups such as PERU, MEXICO, or
+USA. In addition, WINS is dynamic: when a client first comes online,
+it is required to report its hostname, its address, and its workgroup
+to the local WINS server. This WINS server will retain the
+information so long as the client periodically refreshes its WINS
+registration, which indicates that it's still
+connected to the network. Note that WINS servers are not workgroup-
+or domain-specific; they can contain information for multiple domains
+and/or workgroups, which might exist on more than one subnet.</p>
+
+<p>Multiple <a name="INDEX-176"/>WINS
+servers can be set to synchronize with each other. This allows
+entries for computers that come online and go offline in the network
+to propagate from one WINS server to another. While in theory this
+seems efficient, it can quickly become cumbersome if several WINS
+servers are covering a network. Because WINS services can cross
+multiple subnets (you'll either hardcode the address
+of a WINS server in each of your clients or obtain it via DHCP), it
+is often more efficient to have each Windows client, regardless of
+the number of Windows domains, point themselves to the same WINS
+server. That way, only one authoritative WINS server will have the
+correct information, instead of several WINS servers continually
+struggling to synchronize themselves with the most recent changes.</p>
+
+<p>The currently active WINS server is known as the <em class="firstterm">primary
+WINS server</em><a name="INDEX-177"/><a name="INDEX-178"/>. You can also install a secondary WINS
+server, which will take over if the primary WINS server fails or
+becomes inaccessible. Both the primary and any other WINS servers
+will synchronize their address databases on a periodic basis.</p>
+
+<p>In the Windows family of operating systems, only a server edition of
+Windows NT/2000 can act as a WINS server. Samba 2.2 can function as a
+primary WINS server, but cannot <a name="INDEX-179"/><a name="INDEX-180"/>synchronize
+its database with other WINS servers. It therefore cannot act as a
+secondary WINS server or as a primary WINS server for a Windows
+secondary WINS server.</p>
+
+<p>WINS handles name service by default, although Microsoft added DNS
+starting with Windows NT 4 Server. It is compatible with DNS that is
+standard on virtually every Unix system, and a Unix server (such as
+the Samba host) can also be used for DNS.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-1-SECT-5.2.5"/>
+
+<h3 class="head3">Trust relationships</h3>
+
+<p>One additional aspect of Windows NT domains not yet supported in
+Samba 2.2 is that it is possible to set up a <em class="emphasis">trust
+relationship</em><a name="INDEX-181"/><a name="INDEX-182"/><a name="INDEX-183"/> between domains, allowing clients
+within one domain to access the resources within another without the
+user having to go through additional authentication. The protocol
+that is followed is called <em class="emphasis">pass-through authentication</em>,
+<a name="INDEX-184"/><a name="INDEX-185"/>in which the
+user's credentials are passed from the client system
+in the first domain to the server in the second domain, which
+consults a domain controller in the first (trusted) domain to check
+that the user is valid before granting access to the resource.</p>
+
+<p>Note that in many aspects, the behaviors of a Windows workgroup and a
+Windows NT domain overlap. For example, the master and backup
+browsers in a domain are always the PDC and BDC, respectively.
+Let's update our Windows domain diagram to include
+both a local master and local backup browser. The result is shown in
+<a href="ch01.html#samba2-CHP-1-FIG-13">Figure 1-13</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-13"/><a name="INDEX-186"/><img src="figs/sam2_0113.gif"/></div><h4 class="head4">Figure 1-13. A Windows domain with a local master and local backup browser</h4>
+
+<p>The similarity between workgroups and NT domains is not accidental
+because the concept of Windows domains did not evolve until Windows
+NT 3.5 was introduced, and Windows domains were forced to remain
+backward-compatible with the workgroups present in Windows for
+Workgroups.</p>
+
+<p>Samba can function as a primary domain controller for Windows
+95/98/Me and Windows NT/2000/XP clients with the limitation that it
+can act as a PDC only, and not as a BDC.</p>
+
+<p>Samba can also function as a <em class="firstterm">domain member
+server</em><a name="INDEX-187"/><a name="INDEX-188"/>, meaning that it has a computer account
+in the PDC's account database and is therefore
+recognized as being part of the domain. A domain member server does
+not authenticate users logging on to the domain, but still handles
+security functions (such as file permissions) for domain users
+accessing its resources.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-5.3"/>
+
+<h3 class="head2">Active Directory Domains</h3>
+
+<p>Starting with Windows 2000, Microsoft has introduced
+<a name="INDEX-189"/><a name="INDEX-190"/>Active
+Directory, the next step beyond Windows NT domains. We
+won't go into much detail concerning Active
+Directory because it is a huge topic. <a name="INDEX-191"/>Samba 2.2 doesn't
+support Active Directory at all, and support in Samba 3.0 is limited
+to acting as a client. For now, be aware that with Active Directory,
+the authentication model is centered around
+<a name="INDEX-192"/>Lightweight Directory
+Access Protocol (LDAP), and name service is provided by DNS instead
+of WINS. Domains in Active Directory can be organized in a
+hierarchical tree structure, in which each domain controller operates
+as a peer, with no distinction between primary and backup controllers
+as in Windows NT domains.</p>
+
+<p>Windows 2000/XP systems can be set up as simple workgroup or Windows
+NT domain clients (which will function with Samba). The server
+editions of Windows 2000 can be set up to run Active Directory and
+support Windows NT domains for backward compatibility
+(<em class="firstterm">mixed mode</em>). In this case, Samba 2.2 works
+with Windows 2000 servers in the same way it works with Windows NT
+4.0 servers. When set up to operate in <em class="firstterm">native mode,
+</em><a name="INDEX-193"/>Windows 2000 servers support only
+Active Directory. Even so, <a name="INDEX-194"/>Samba 2.2 can operate as a server
+in a domain hosted by a native-mode Windows 2000 server, using the
+<a name="INDEX-195"/>Windows 2000 server's
+<em class="firstterm">PDC emulation mode</em>. However, it is not
+possible for Samba 2.2 or 3.0 to operate as a domain controller in a
+Windows 2000 Active Directory domain.</p>
+
+<p>If you want to know more about Active Directory, we encourage you to
+obtain a copy of the O'Reilly book,
+<em class="emphasis">Windows 2000 Active Directory</em>. <a name="INDEX-196"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-5.4"/>
+
+<h3 class="head2">Can a Windows Workgroup Span Multiple Subnets?</h3>
+
+<p><a name="INDEX-197"/><a name="INDEX-198"/>Yes, but most people who have
+done it have had their share of headaches. Spanning multiple subnets
+was not part of the initial design of Windows NT 3.5 or Windows for
+Workgroups. As a result, a Windows domain that spans two or more
+subnets is, in reality, the
+&quot;gluing&quot; together of two or more
+workgroups that share an identical name. The good news is that you
+can still use a PDC to control authentication across each subnet. The
+bad news is that things are not as simple with browsing.</p>
+
+<p>As mentioned previously, each subnet must have its own local master
+browser. When a Windows domain spans multiple subnets, a system
+administrator will have to assign one of the computers as the
+<em class="firstterm">domain master
+browser</em><a name="INDEX-199"/><a name="INDEX-200"/>. The domain master browser will keep a
+browse list for the entire Windows domain. This browse list is
+created by periodically synchronizing the browse lists of each local
+master browser with the browse list of the domain master browser.
+After the synchronization, the local master browser and the domain
+master browser should contain identical entries. See <a href="ch01.html#samba2-CHP-1-FIG-14">Figure 1-14</a> for an illustration.</p>
+
+<div class="figure"><a name="samba2-CHP-1-FIG-14"/><img src="figs/sam2_0114.gif"/></div><h4 class="head4">Figure 1-14. A workgroup that spans more than one subnet</h4>
+
+<p>Sound good? <a name="INDEX-201"/>Well, it's not quite
+nirvana for the following reasons:</p>
+
+<ul><li>
+<p>If it exists, a PDC always plays the role of the domain master
+browser. By Microsoft design, the two always share the NetBIOS
+resource type <tt class="literal">&lt;1B&gt;</tt> and (unfortunately)
+cannot be separated.</p>
+</li><li>
+<p>Windows 95/98/Me computers cannot become <em class="emphasis">or</em>
+<em class="emphasis">even contact</em> a domain master browser. This means
+that it is necessary to have at least one Windows NT/2000/XP system
+(or Samba server) on each subnet of a multisubnet workgroup.</p>
+</li></ul>
+<p>Each subnet's local master browser continues to
+maintain the browse list for its subnet, for which it becomes
+authoritative. So if a computer wants to see a list of servers within
+its own subnet, the local master browser of that subnet will be
+queried. If a computer wants to see a list of servers outside the
+subnet, it can still go only as far as the local master browser. This
+works because at appointed intervals, the authoritative browse list
+of a subnet's local master browser is synchronized
+with the domain master browser, which is synchronized with the local
+master browser of the other subnets in the domain. This is called
+<em class="firstterm">browse list propagation</em>.</p>
+
+<p>Samba can act as a domain master browser in a Windows NT domain, or
+it can act as a local master browser for a subnet, synchronizing its
+browse list with the domain master browser.</p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-1-SECT-6"/>
+
+<h2 class="head1">What's New in Samba 2.2?</h2>
+
+<p><a name="INDEX-202"/><a name="INDEX-203"/>In
+Version 2.2, Samba has more advanced support for Windows networking,
+including the ability to perform the more important tasks necessary
+for acting in a Windows NT domain. In addition, Samba 2.2 has some
+support for technologies that Microsoft introduced in Windows 2000,
+although the Samba team has saved Active Directory support for
+Version 3.0.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-6.1"/>
+
+<h3 class="head2">PDC Support for Windows 2000/XP Clients</h3>
+
+<p>Samba previously could act as a PDC to authenticate Windows 95/98/Me
+and Windows NT 4 systems. This functionality has been extended in
+Release 2.2 to include Windows 2000 and Windows XP. Thus, it is
+possible to have a Samba server supporting domain logons for a
+network of Windows clients, including the most recent releases from
+Microsoft. This can result in a very stable, high-performance, and
+more secure network, and gives you the added benefit of not having to
+purchase per-seat Windows CALs from Microsoft.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-6.2"/>
+
+<h3 class="head2">Microsoft Dfs Support</h3>
+
+<p><a name="INDEX-204"/>Microsoft Dfs allows shared resources that
+are dispersed among a number of servers in the network to be gathered
+together and appear to users as if they all exist in a single
+directory tree on one server. This method of organization makes life
+much simpler for users. Instead of having to browse around the
+network on a treasure hunt to locate the resource they want to use,
+they can go directly to the Dfs server and grab what they want. Samba
+2.2 offers support for serving Dfs, so a Windows server is no longer
+needed for this purpose.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-6.3"/>
+
+<h3 class="head2">Windows NT/2000/XP Printing Support</h3>
+
+<p>Windows NT/2000/XP has a different Remote Procedure Call (RPC)-based
+printer interface than Windows 95/98/Me does. In Samba 2.2, the
+Windows NT/2000/XP interface is supported. Along with this, the Samba
+team has been adding support for automatically downloading the
+printer driver from the Samba server while adding a new printer to a
+Windows client.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-6.4"/>
+
+<h3 class="head2">ACLs</h3>
+
+<p>Samba now supports
+<a name="INDEX-205"/>ACLs on its Unix host for Unix variants
+that support them. The list includes Solaris 2.6, 7, and 8, Irix,
+AIX, Linux (with either the ACL patch for the
+<a name="INDEX-206"/>ext2/ext3 filesystem from <a href="http://acl.bestbits.at">http://acl.bestbits.at</a> or when using the
+<a name="INDEX-207"/>XFS
+filesystem), and FreeBSD (Version 5.0 and later). When using ACL
+support, Samba translates between Unix ACLs and Windows NT/2000/XP
+ACLs, making the Samba host look and act more like a Windows
+NT/2000/XP server from the point of view of Windows clients.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-6.5"/>
+
+<h3 class="head2">Support for Windows Client Administration Tools</h3>
+
+<p>Windows comes with tools that can be used from a client to manage
+shared resources remotely on a Windows server. Samba 2.2 allows these
+tools to operate on shares on the Samba server as well.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-6.6"/>
+
+<h3 class="head2">Integration with Winbind</h3>
+
+<p><a name="INDEX-208"/>Winbind is a
+facility that allows users whose account information is stored in a
+Windows domain database to authenticate on a Unix system. The result
+is a unified logon environment, in which a user account can be kept
+on either the Unix system or a Windows NT/2000 domain controller.
+This greatly facilitates account management because administrators no
+longer need to keep the two systems synchronized, and it is possible
+for users whose accounts are held in a Windows domain to authenticate
+when accessing Samba shares.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-6.7"/>
+
+<h3 class="head2">Unix CIFS Extensions</h3>
+
+<p>The <a name="INDEX-209"/><a name="INDEX-210"/>Unix CIFS extensions were developed
+at Hewlett-Packard and introduced in Samba 2.2.4. They allow Samba
+servers to support Unix filesystem attributes, such as links and
+permissions, when sharing files with other Unix systems. This allows
+Samba to be used as an alternative to network file sharing (NFS) for
+Unix-to-Unix file sharing. An advantage of using Samba is that it
+authenticates individual users, whereas NFS authenticates only
+clients (based on their IP addresses, which is a poor security
+model). This gives Samba an edge in the area of security, along with
+its much greater configurability. See <a href="ch05.html">Chapter 5</a>
+for information on how to operate Unix systems as Samba clients.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-1-SECT-6.8"/>
+
+<h3 class="head2">And More...</h3>
+
+<p>As usual, the code has numerous improvements that do not show up at
+the administrative level in an immediate or obvious way. Samba now
+functions better on systems that employ <a name="INDEX-211"/>PAM
+(Pluggable Authentication Modules), and there is new support for
+profiling. Samba's support for oplocks has been
+strengthened, offering better integration with NFS server-terminated
+leases (currently on Irix and Linux only) and in the local filesystem
+with SMB locks mapped to POSIX locks (which is dependent on each Unix
+variant's implementation of POSIX locks). And of
+course there have been the usual bug fixes.</p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-1-SECT-7"/>
+
+<h2 class="head1">What's New in Samba 3.0?</h2>
+
+<p>The main distinguishing feature of <a name="INDEX-212"/><a name="INDEX-213"/>Samba 3.0
+is that it includes support for <a name="INDEX-214"/>Kerberos 5 authentication and
+<a name="INDEX-215"/>LDAP, which are
+required to act as clients in an Active Directory domain. Another
+feature that appeared in Samba 3.0 is support for Unicode, which
+greatly simplifies supporting international languages.</p>
+
+<p>In later Version 3 releases, the Samba team plans to develop support
+for
+<a name="INDEX-216"/>WINS
+replication, allowing Samba to act as a secondary WINS server or as a
+primary WINS server with Windows or Samba secondary WINS servers.
+Also planned are support for acting as a Windows NT BDC and support
+for Windows NT domain trust relationships.</p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-1-SECT-8"/>
+
+<h2 class="head1">What Can Samba Do?</h2>
+
+<p>Now let's wrap up by showing where Samba can help
+out and where it is limited. <a href="ch01.html#samba2-CHP-1-TABLE-9">Table 1-9</a> summarizes
+which roles Samba can and cannot play in a Windows NT or Active
+Directory domain or a Windows workgroup. Many of the Windows domain
+protocols are proprietary and have not been documented by Microsoft
+and therefore must be reverse-engineered by the Samba team before
+Samba can support them. As of Version 3.0, Samba cannot act as a
+backup in most roles and does not yet fully support Active Directory.</p>
+
+<a name="samba2-CHP-1-TABLE-9"/><h4 class="head4">Table 1-9. Samba roles (as of Version 3.0)</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Role</p>
+</th>
+<th>
+<p>Can perform?</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><a name="INDEX-217"/>File server</p>
+</td>
+<td>
+<p>Yes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Printer server</p>
+</td>
+<td>
+<p>Yes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Microsoft Dfs server</p>
+</td>
+<td>
+<p>Yes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Primary domain controller</p>
+</td>
+<td>
+<p>Yes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Backup domain controller</p>
+</td>
+<td>
+<p>No</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Active Directory domain controller</p>
+</td>
+<td>
+<p>No</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows 95/98/Me authentication</p>
+</td>
+<td>
+<p>Yes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows NT/2000/XP authentication</p>
+</td>
+<td>
+<p>Yes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Local master browser</p>
+</td>
+<td>
+<p>Yes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Local backup browser</p>
+</td>
+<td>
+<p>Yes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Domain master browser</p>
+</td>
+<td>
+<p>Yes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Primary WINS server</p>
+</td>
+<td>
+<p>Yes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Secondary WINS server</p>
+</td>
+<td>
+<p>No</p>
+</td>
+</tr>
+
+</table>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-1-SECT-9"/>
+
+<h2 class="head1">An Overview of the Samba Distribution</h2>
+
+<p><a name="INDEX-218"/>As mentioned earlier, Samba actually
+contains several programs that serve different but related purposes.
+These programs are documented more fully in <a href="appc.html">Appendix C</a>. For now, we will introduce each of them
+briefly and describe how they work together.</p>
+
+<p>The majority of the programs that come with Samba center on its two
+daemons. Let's take a refined look at the
+responsibilities of each daemon:</p>
+
+<dl>
+<dt><b><em class="emphasis">nmbd</em></b></dt>
+<dd>
+<p>The <em class="emphasis">nmbd</em><a name="INDEX-219"/> daemon is a simple name server that
+supplies WINS functionality. This daemon listens for name-server
+requests and provides the appropriate IP addresses when called upon.
+It also provides browse lists for the Network Neighborhood and
+participates in browsing elections.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbd</em></b></dt>
+<dd>
+<p>The <em class="emphasis">smbd</em><a name="INDEX-220"/> daemon manages the shared resources
+between the Samba server and its clients. It provides file, print,
+and browse services to <span class="acronym">SMB</span> clients across one or
+more networks and handles all notifications between the Samba server
+and the network clients. In addition, it is responsible for user
+authentication, resource locking, and data sharing through the
+<span class="acronym">SMB</span> protocol.</p>
+</dd>
+
+</dl>
+
+<p>New with Version 2.2, there is an additional daemon:</p>
+
+<dl>
+<dt><b><a name="INDEX-221"/><em class="emphasis">winbindd</em></b></dt>
+<dd>
+<p>This daemon is used along with the name service switch to get
+information on users and groups from a Windows NT server and allows
+Samba to authorize users through a Windows NT/2000 server.</p>
+</dd>
+
+</dl>
+
+<p>The Samba distribution also comes with a small set of Unix
+command-line tools:</p>
+
+<dl>
+<dt><b><em class="emphasis">findsmb</em><a name="INDEX-222"/></b></dt>
+<dd>
+<p>A program that searches the local network for computers that respond
+to SMB protocol and prints information on them.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">make_smbcodepage</em><a name="INDEX-223"/></b></dt>
+<dd>
+<p>A program used when working with Samba's
+internationalization features for telling Samba how to convert
+between upper- and lowercase in different character sets.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">make_unicodemap</em><a name="INDEX-224"/></b></dt>
+<dd>
+<p>Another internationalization program used with Samba for compiling
+Unicode map files that Samba uses to translate DOS codepages or Unix
+character sets into 16-bit unicode.</p>
+</dd>
+
+
+
+<dt><b><a name="INDEX-225"/><em class="emphasis">net</em></b></dt>
+<dd>
+<p>A new program distributed with Samba 3.0 that can be used to perform
+remote administration of servers.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">nmblookup</em><a name="INDEX-226"/></b></dt>
+<dd>
+<p>A program that provides NBT name lookups to find a
+computer's IP address when given its machine name.</p>
+</dd>
+
+
+
+<dt><b><a name="INDEX-227"/><em class="emphasis">pdbedit</em></b></dt>
+<dd>
+<p>A new program distributed with Samba 3.0 that is helpful for managing
+user accounts held in SAM databases.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">rpcclient</em><a name="INDEX-228"/></b></dt>
+<dd>
+<p>A program that can be used to run MS-RPC functions on Windows clients.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbcacls</em><a name="INDEX-229"/></b></dt>
+<dd>
+<p>A program that is used to set or show ACLs on Windows NT filesystems.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbclient</em><a name="INDEX-230"/></b></dt>
+<dd>
+<p>An <em class="emphasis">ftp</em>-like Unix client that can be used to connect to
+SMB shares and operate on them. The <em class="emphasis">smbclient</em>
+command is discussed in detail in <a href="ch05.html">Chapter 5</a>.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbcontrol</em><a name="INDEX-231"/></b></dt>
+<dd>
+<p>A simple administrative utility that sends messages to <em class="emphasis">nmbd</em>
+or <em class="emphasis">smbd</em>.</p>
+</dd>
+
+
+
+<dt><b><a name="INDEX-232"/><em class="emphasis">smbgroupedit</em></b></dt>
+<dd>
+<p>A command that can be used to define mappings between Windows NT
+groups and Unix groups. It is new in Samba 3.0.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbmnt</em><a name="INDEX-233"/></b></dt>
+<dd>
+<p>A helper utility used along with <em class="emphasis">smbmount.</em></p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbmount</em><a name="INDEX-234"/></b></dt>
+<dd>
+<p>A program that mounts an smbfs filesystem, allowing remote SMB shares
+to be mounted in the filesystem of the Samba host.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbpasswd</em><a name="INDEX-235"/></b></dt>
+<dd>
+<p>A program that allows an administrator to change the passwords used
+by Samba.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbsh</em><a name="INDEX-236"/></b></dt>
+<dd>
+<p>A tool that functions like a command shell to allow access to a
+remote SMB filesystem and allow Unix utilities to operate on it. This
+command is covered in <a href="ch05.html">Chapter 5</a>.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbspool</em><a name="INDEX-237"/></b></dt>
+<dd>
+<p>A print-spooling program used to send files to remote printers that
+are shared on the SMB network.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbstatus</em><a name="INDEX-238"/></b></dt>
+<dd>
+<p>A program that reports the current network connections to the shares
+on a Samba server.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbtar</em><a name="INDEX-239"/></b></dt>
+<dd>
+<p>A program similar to the Unix <em class="filename">tar</em> command, for
+backing up data in SMB shares.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">smbumount</em><a name="INDEX-240"/></b></dt>
+<dd>
+<p>A program that works along with <em class="emphasis">smbmount</em> to unmount
+smbfs filesystems.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">testparm</em><a name="INDEX-241"/></b></dt>
+<dd>
+<p>A simple program for checking the Samba configuration file.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">testprns</em><a name="INDEX-242"/></b></dt>
+<dd>
+<p>A program that tests whether printers on the Samba host are
+recognized by the <em class="filename">smbd</em> daemon.</p>
+</dd>
+
+
+
+<dt><b><em class="emphasis">wbinfo</em><a name="INDEX-243"/></b></dt>
+<dd>
+<p>A utility used to query the <em class="filename">winbindd
+</em><a name="INDEX-244"/>daemon.</p>
+</dd>
+
+</dl>
+
+<p>Each major release of Samba goes through an exposure test before
+it's announced. In addition, it is quickly updated
+afterward if problems or unwanted side effects are found. The latest
+stable distribution as of this writing is Samba 2.2.6, and this book
+focuses mainly on the functionality supported in Samba 2.2.6, as
+opposed to older versions of Samba.</p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-1-SECT-10"/>
+
+<h2 class="head1">How Can I Get Samba?</h2>
+
+<p><a name="INDEX-245"/><a name="INDEX-246"/>Source
+and binary distributions of Samba are available from mirror sites
+across the Internet. The primary web site for Samba is located at
+<a href="http://www.samba.org/">http://www.samba.org/</a>. From there, you
+can select a mirror site that is geographically near you.</p>
+
+<p>Most Linux and many Unix vendors provide binary packages. These can
+be more convenient to install and maintain than the Samba
+team's source or binary packages, due to the
+vendor's efforts to supply a package that matches
+its specific products. <a name="INDEX-247"/></p>
+
+
+</div>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> You
+can also right-click the shared resource in the Network Neighborhood
+and then select the Map Network Drive menu item.</p> <a name="FOOTNOTE-2"/> <p><a href="#FNPTR-2">[2]</a> Be
+warned that many end-user license agreements forbid installing a
+program on a network so that multiple clients can access it. Check
+the legal agreements that accompany the product to be absolutely
+sure.</p> <a name="FOOTNOTE-3"/> <p><a href="#FNPTR-3">[3]</a> You
+might also see the abbreviation NetBT, which is common in Microsoft
+literature.</p> <a name="FOOTNOTE-4"/>
+<p><a href="#FNPTR-4">[4]</a> See
+<a href="http://www.samba.org/cifs/docs/what-is-smb.html">http://www.samba.org/cifs/docs/what-is-smb.html</a>
+for Richard's excellent summary of
+<a name="INDEX-93"/>SMB.</p> <a name="FOOTNOTE-5"/> <p><a href="#FNPTR-5">[5]</a> This
+was originally called <a name="INDEX-126"/><a name="INDEX-127"/><a name="INDEX-128"/>Network Neighborhood in Windows 95/98/NT,
+but Microsoft has changed the name to My Network Places in the more
+recent Windows Me/2000/XP. We will continue to call it Network
+Neighborhood, and if you're using a new version of
+Windows, be aware that My Network Places can act a little differently
+in some ways.</p> </blockquote>
+
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+</body></html>
diff --git a/docs/htmldocs/using_samba/ch02.html b/docs/htmldocs/using_samba/ch02.html
new file mode 100644
index 00000000000..ecefb2fb7d8
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch02.html
@@ -0,0 +1,1849 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 2. Installing Samba on a Unix System</h1>
+
+<p><a name="INDEX-1"/>Now
+that you know what Samba can do for you and your users,
+it's time to get your own network set up.
+Let's start with the installation of Samba. When
+dancing the samba, one learns by taking small steps.
+It's just the same when installing Samba; we need to
+teach it step by step. This chapter will help you start off on the
+right foot.</p>
+
+<p>For illustrative purposes, we will be installing the 2.2.6 version of
+the Samba server on a Linux system running Version 2.4 of the kernel.
+However, the installation steps are essentially the same for all the
+platforms Samba supports.</p>
+
+
+<div class="sect1"><a name="samba2-CHP-2-SECT-1"/>
+
+<h2 class="head1">Bundled Versions</h2>
+
+<p><a name="INDEX-2"/><a name="INDEX-3"/>Samba is in such
+popular use that many Unix distributions come with it already
+installed. If you choose to use a bundled version of Samba, you can
+breeze through most of this chapter, but you'll be
+stuck with the Samba version and compile-time options your vendor
+selected for you. That version of Samba can't be any
+newer than the operating system release, so you're
+likely to be pretty far behind the latest developments. On the other
+hand, you can be fairly sure that a bundled version has been
+installed properly, and perhaps it will take only a few simple
+modifications to your <em class="emphasis">smb.conf</em> file for you to
+be off and running. Samba is mature enough that you probably
+don't need the latest release to meet your basic
+needs, so you might be perfectly happy running a bundled version.</p>
+
+<p>If you choose this option, be aware that your Samba files, including
+the very important
+<em class="emphasis">smb.conf</em>,<a name="INDEX-4"/> might be in different places
+than they would be if you were to install from a binary or source
+distribution. For example, with the Red Hat, Debian, and Mandrake
+Linux distributions, <em class="emphasis">smb.conf</em> and some other
+Samba-related files are in the <em class="emphasis">/etc/samba</em>
+directory.</p>
+
+<p>If Samba is already installed on your system, you can check to see
+what version you have by using the command:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbd -V</b></tt>
+Version 2.2.6</pre></blockquote>
+
+<p>(If this doesn't work, it might be because
+<em class="emphasis">smbd</em> is not in your shell's
+search path. If you have the <em class="emphasis">locate</em> or
+<em class="emphasis">whereis</em> command in your Unix variant, you can
+use it to locate the <em class="emphasis">smbd</em> executable.)</p>
+
+<p>You might also be able to use a system-specific tool to query a
+software-package maintenance utility. On Red Hat Linux, you can use
+the <em class="emphasis">rpm</em><a name="INDEX-5"/> command to query the installed packages
+for Samba:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>rpm -qa | grep samba</b></tt>
+samba-client-2.0.8-1.7.1
+samba-2.0.8-1.7.1
+samba-common-2.0.8-1.7.1</pre></blockquote>
+
+<p>This shows we have Samba 2.0.8, divided into three Red Hat Package
+Manager (RPM) packages, bundled with Red Hat 7.1. If your version of
+Samba is old, you might at the very least want to check with your
+vendor for an update.</p>
+
+<p>Otherwise, if you're sure you are going to install
+from a binary or source distribution, you can remove the RPM packages
+as follows:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>rpm -e samba</b></tt>
+# <tt class="userinput"><b>rpm -e samba-client</b></tt>
+# <tt class="userinput"><b>rpm -e samba-common</b></tt></pre></blockquote>
+
+<p>If you are not using Red Hat Linux, consult your
+system's documentation to find the method that works
+for you.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-1.1"/>
+
+<h3 class="head2">Binary or Source?</h3>
+
+<p><a name="INDEX-6"/>Precompiled
+&quot;binary&quot; packages are also
+available for a large number of Unix platforms. These packages
+contain binaries for each Samba executable, as well as the standard
+Samba documentation. Note that while installing a binary distribution
+can save you a fair amount of time and trouble, you should keep a
+couple of issues in mind when deciding whether to use the binary or
+compile the source yourself:</p>
+
+<ul><li>
+<p>The binary packages can lag behind the latest version of the software
+by one or two (maybe more) minor releases, especially after a series
+of small changes and for less popular platforms. Compare the release
+notes for the source and binary packages to make sure there
+aren't any new features that you need on your
+platform.</p>
+</li><li>
+<p>If you use a precompiled binary that is dynamically linked, you will
+need to ensure that you have the correct libraries required by the
+executables. If your system does not already have the required
+version of a library, you might have to install a new version. The
+<em class="filename">README</em> file or <em class="filename">makefile</em>
+that accompanies the binary distribution should list any special
+requirements.</p>
+
+<p>Many systems with shared libraries come with a nifty tool called
+<em class="emphasis">ldd</em>. This tool will tell you which libraries a
+specific binary requires and which libraries on the system satisfy
+that requirement. For example, checking the <em class="emphasis">smbd</em>
+program on our test machine gave us:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ldd smbd</b></tt>
+ libdl.so.2 =&gt; /lib/libdl.so.2 (0x40026000)
+ libnsl.so.1 =&gt; /lib/libnsl.so.1 (0x4002a000)
+ libpam.so.0 =&gt; /lib/libpam.so.0 (0x40041000)
+ libc.so.6 =&gt; /lib/libc.so.6 (0x40049000)
+ /lib/ld-linux.so.2 =&gt; /lib/ld-linux.so.2 (0x40000000)</pre></blockquote>
+
+<p>If there are any incompatibilities between Samba and specific
+libraries on your machine, the distribution-specific documentation
+should highlight them.</p>
+</li><li>
+<p>If your precompiled binary is statically linked, it is still possible
+to have problems. There have been cases in which the statically
+linked C library calls in Samba programs have been out of sync with
+the operating-system kernel, even though this is
+&quot;not supposed to happen.&quot;</p>
+</li><li>
+<p>Keep in mind that each binary distribution carries preset values
+about the target platform, such as default directories and
+configuration option values. Again, check the documentation and the
+makefile included in the source directory to see which directives and
+variables were used when the binary was compiled. In some cases,
+these will not be appropriate for your situation.</p>
+
+<p>A few configuration items can be reset with command-line options at
+runtime rather than at compile time. For example, if your binary
+tries to place any log, lock, or status files in the
+&quot;wrong&quot; place (for example, in
+<em class="filename">/usr/local</em> ), you can override this without
+recompiling.</p>
+</li></ul>
+<p>One point worth mentioning is that the Samba source requires an
+<a name="INDEX-7"/><a name="INDEX-8"/><a name="INDEX-9"/>ANSI C
+compiler. If you are on a legacy platform with a non-ANSI compiler,
+such as the <em class="emphasis">cc</em> compiler on SunOS Version 4,
+you'll have to install an ANSI-compliant compiler
+such as <em class="emphasis">gcc</em> <a name="INDEX-10"/>before you do anything else.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a>
+If installing a compiler isn't something you want to
+wrestle with, you can start off with a binary package. However, for
+the most flexibility and compatibility on your system, we always
+recommend compiling from the latest stable or production source.</p>
+
+<p>A typical installation will take about an hour to complete, including
+downloading the source files and compiling them, setting up the
+configuration files, and testing the server.</p>
+
+<p>Here is an overview of the steps:</p>
+
+<ol><li>
+<p><a name="INDEX-11"/>Download the source or binary files.</p>
+</li><li>
+<p>Read the installation documentation.</p>
+</li><li>
+<p>Configure a makefile.</p>
+</li><li>
+<p>Compile the server and utility programs.</p>
+</li><li>
+<p>Install the server files.</p>
+</li><li>
+<p>Create a Samba configuration file.</p>
+</li><li>
+<p>Test the configuration file.</p>
+</li><li>
+<p>Start the Samba daemons.</p>
+</li><li>
+<p>Test the Samba daemons. <a name="INDEX-12"/></p>
+</li></ol>
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-2-SECT-2"/>
+
+<h2 class="head1">Downloading the Samba Distribution</h2>
+
+<p><a name="INDEX-13"/>If
+you would like to download the latest version of the Samba software,
+the primary web site is <a href="http://www.samba.org">http://www.samba.org</a>. Once connected to this
+page, you'll see links to several Samba mirror sites
+across the world, both for the standard Samba web pages and for sites
+devoted exclusively to downloading Samba. For the best performance,
+choose a site that is closest to your own geographic location.</p>
+
+<p>The standard Samba web sites have Samba
+<a name="INDEX-14"/>documentation and
+<a name="INDEX-15"/>tutorials,
+<a name="INDEX-16"/>mailing-list
+archives, and the latest Samba <a name="INDEX-17"/>news, as well as source and binary
+distributions of Samba. The download sites (sometimes called
+<em class="emphasis">F T P sites</em>) have only the source and binary
+distributions. Unless you specifically want an older version of the
+Samba server or are going to install a binary distribution, download
+the latest source distribution from the closest mirror site. This
+distribution is always named:</p>
+
+<blockquote><pre class="code">samba-latest.tar.gz</pre></blockquote>
+
+<p>which for the 2.2.6 release is an approximately 5MB file.</p>
+
+<p>The source distribution has been archived with
+<em class="emphasis">tar</em> and then compressed with the GNU
+<em class="emphasis">gzip</em> program. To unpack it, move the file to the
+directory in which you want the Samba source directory to be located,
+then <em class="emphasis">cd</em> to that directory and run the command:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>tar xvfz samba-latest.tar.gz</b></tt></pre></blockquote>
+
+<p>Or, if you do not have the GNU <em class="emphasis">tar</em> program
+(which also handles the unzipping):</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>gunzip samba-latest.tar.gz</b></tt>
+$ <tt class="userinput"><b>tar xvf samba-latest.tar</b></tt></pre></blockquote>
+
+<p>In that latter case, you might need to install the GNU
+<em class="emphasis">gunzip</em> program first. While the
+<em class="emphasis">tar</em> command runs, it will print out a list of
+the files it installs.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-2.1"/>
+
+<h3 class="head2">Read the Documentation</h3>
+
+<p><a name="INDEX-18"/>This
+part might seem obvious, but at one time or other you probably
+uncompressed a package, blindly typed:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>configure; make; make install</b></tt></pre></blockquote>
+
+<p>and walked away to get another cup of coffee. Do yourself a favor and
+be a little more careful this time.</p>
+
+<p>In the top-level directory that you just installed, there is a file
+named <em class="filename">WHATSNEW.txt</em>, which contains the latest
+news about the release. If you are upgrading, you can find important
+information about bug fixes or configuration parameters that have
+been added or are no longer supported.</p>
+
+<p>With both source and binary packages you'll find a
+large number of documents in the <em class="filename">docs</em> directory,
+in a variety of formats. One file is especially important:</p>
+
+<blockquote><pre class="code">docs/htmldocs/UNIX_INSTALL.html</pre></blockquote>
+
+<p>This is the Samba Team's official instructions on
+installing Samba on a Unix system, which you might like to use as
+another perspective besides what we are telling you here.</p>
+
+<p>In general, we expect you'll find to be most useful
+the files in the following directories:</p>
+
+<dl>
+<dt><b>docs/faq</b></dt>
+<dd>
+<p>This is the Samba Frequently Asked Questions (FAQ) files.</p>
+</dd>
+
+
+
+<dt><b>docs/htmldocs</b></dt>
+<dd>
+<p>This is the miscellaneous documentation in HTML format.</p>
+</dd>
+
+
+
+<dt><b>docs/textdocs</b></dt>
+<dd>
+<p>Here is more documentation, in simple text format.</p>
+</dd>
+
+
+
+<dt><b>docs/manpages</b></dt>
+<dd>
+<p>You don't need to worry about these yet; during the
+installation, the files will be installed so that you can use the
+<em class="emphasis">man</em> command to read them. But you can take a
+look in the directory to see which manpages are available.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-2-SECT-3"/>
+
+<h2 class="head1">Configuring Samba</h2>
+
+<p><a name="INDEX-19"/><a name="INDEX-20"/>Samba automatically configures itself
+prior to compilation. This reduces the likelihood of a
+machine-specific problem, but you might end up wishing for an option
+after Samba has been installed.</p>
+
+<p>The source distribution of Samba 2.2 and above
+doesn't initially have a
+<a name="INDEX-21"/>makefile. Instead, one is
+generated through a <a name="INDEX-22"/><a name="INDEX-23"/>GNU <em class="filename">configure</em>
+script, which is located in the <em class="filename">samba-2.2.x
+/source/</em> directory. The <em class="firstterm">configure</em>
+script takes care of the machine-specific issues of building Samba.</p>
+
+<a name="samba2-CHP-2-NOTE-88"/><blockquote class="note"><h4 class="objtitle">NOTE</h4>
+
+
+
+<p>Before running the <em class="filename">configure</em> script, it is
+important that you become the root user on the system. Otherwise, you
+might get a warning such as:</p>
+
+
+<blockquote><pre class="code">configure: warning: running as non-root will disable some tests</pre></blockquote>
+
+
+<p>You don't want any test to be disabled when the
+Samba makefile is being created; it would leave the potential for
+errors down the road when compiling or running Samba on your system.</p>
+</blockquote>
+
+<p>When the <em class="filename">configure </em>script is run, it prints out
+messages telling what it is doing, and error messages might be mixed
+in. To make sure you see those very important error messages, we
+suggest you run <em class="filename">configure </em>with its standard
+output passed through some filter to capture the output and keep it
+from scrolling out of sight. One method is using the
+<em class="filename">more</em> command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>./configure | more</b></tt></pre></blockquote>
+
+<p>We will show you another in a moment.</p>
+
+<p>Although you can run <em class="filename">configure </em>as previously
+with no options, you might want to add support for extra features by
+passing options on the command line. For example:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>./configure --with-winbind</b></tt></pre></blockquote>
+
+<p>will configure the Samba makefile with support for winbind
+authentication. If you would like a complete list of options, type
+the following:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>./configure --help</b></tt></pre></blockquote>
+
+<p>Each option enables or disables various features. You typically
+enable a feature by specifying the
+<tt class="literal">--</tt><a name="INDEX-24"/><a name="INDEX-25"/><a name="INDEX-26"/><a name="INDEX-27"/><tt class="literal">with-</tt><em class="replaceable">feature</em>
+option, which will cause the feature to be compiled and installed.
+Likewise, if you specify a
+<tt class="literal">--without-</tt><em class="replaceable">feature</em>
+option, the feature will be disabled. A full list of configuration
+options is provided in <a href="appe.html">Appendix E</a>, but for now we
+want to point out three of them, which are features we cover later in
+this book:</p>
+
+<dl>
+<dt><b><tt class="literal">--with-msdfs</tt><a name="INDEX-28"/><a name="INDEX-29"/></b></dt>
+<dd>
+<p>Include support for Microsoft Distributed filesystem (Dfs), which
+allows dispersed network resources to be clumped together into one
+easy-to-navigate directory tree. See <a href="ch08.html">Chapter 8</a>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-smbwrapper</tt><a name="INDEX-30"/><a name="INDEX-31"/></b></dt>
+<dd>
+<p>Include SMB wrapper support, which allows programs running on the
+Unix host to access SMB shared folders as if they were Unix
+filesystems. We recommend using this option. See <a href="ch05.html">Chapter 5</a>.</p>
+</dd>
+
+
+
+<dt><b><tt class="literal">--with-smbmount</tt><a name="INDEX-32"/><a name="INDEX-33"/></b></dt>
+<dd>
+<p>Include <em class="emphasis">smbmount</em> support, which allows SMB
+shared folders to be mounted in the Unix filesystem. At the time of
+this writing, support for this feature exists only for Linux. This is
+also covered in <a href="ch05.html">Chapter 5</a>.</p>
+</dd>
+
+</dl>
+
+<p>Each option is disabled by default, and none of the features is
+essential to Samba. However, you may want to include them in your
+configuration (as we will in our example) at least to be able to try
+out the options in later chapters.</p>
+
+<p>In addition, <a href="ch02.html#samba2-CHP-2-TABLE-1">Table 2-1</a> shows some other parameters
+that you can give the <em class="filename">configure</em> script if you
+wish to store parts of the Samba distribution in different places,
+perhaps to make use of multiple disks or partitions. Note that the
+defaults sometimes refer to a prefix specified earlier in the table.</p>
+
+<a name="samba2-CHP-2-TABLE-1"/><h4 class="head4">Table 2-1. Additional configure options</h4><table border="1">
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Meaning</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">--prefix</tt><a name="INDEX-34"/><a name="INDEX-35"/>=<em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Install architecture-independent files at the base directory
+specified.</p>
+</td>
+<td>
+<p><em class="filename">/usr/local/samba</em></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--eprefix</tt><a name="INDEX-36"/><a name="INDEX-37"/>=<em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Install architecture-dependent files at the base directory specified.</p>
+</td>
+<td>
+<p><em class="filename">/usr/local/samba</em></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--bindir</tt><a name="INDEX-38"/><a name="INDEX-39"/>=<em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Install user executables in the directory specified.</p>
+</td>
+<td>
+<p><em class="replaceable">eprefix</em><em class="filename">/bin</em></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--sbindir</tt><a name="INDEX-40"/><a name="INDEX-41"/>=<em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Install administrator executables in the directory specified.</p>
+</td>
+<td>
+<p><em class="replaceable">eprefix</em><em class="filename">/bin</em></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--libexecdir</tt><a name="INDEX-42"/><a name="INDEX-43"/>=<em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Install program executables in the directory specified.</p>
+</td>
+<td>
+<p><em class="replaceable">eprefix</em><em class="filename">/libexec</em></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--datadir</tt><a name="INDEX-44"/><a name="INDEX-45"/>=<em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Install read-only architecture-independent data in the directory
+specified.</p>
+</td>
+<td>
+<p><em class="replaceable">prefix</em><em class="filename">/share</em></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--libdir</tt><a name="INDEX-46"/><a name="INDEX-47"/>=<em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Install program libraries in the directory specified.</p>
+</td>
+<td>
+<p><em class="replaceable">eprefix</em><em class="filename">/lib</em></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--includedir</tt><a name="INDEX-48"/><a name="INDEX-49"/>=<em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Install package-include files in the directory specified.</p>
+</td>
+<td>
+<p><em class="replaceable">prefix</em><em class="filename">/include</em></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--infodir</tt><a name="INDEX-50"/><a name="INDEX-51"/>=<em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Install additional information files in the directory specified.</p>
+</td>
+<td>
+<p><em class="replaceable">prefix</em><em class="filename">/info</em></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">--mandir</tt><a name="INDEX-52"/><a name="INDEX-53"/>=<em class="replaceable">directory</em></p>
+</td>
+<td>
+<p>Install manual pages in the directory specified.</p>
+</td>
+<td>
+<p><em class="replaceable">prefix</em><em class="filename">/man</em></p>
+</td>
+</tr>
+
+</table>
+
+<p>Here is a sample execution of the
+<em class="filename">configure</em><a name="INDEX-54"/>
+script, which creates a Samba 2.2.6 makefile for the Linux platform.
+Note that you must run the configure script in the
+<em class="emphasis">source</em> directory and that we are showing you yet
+another way to capture the output of the script:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>cd samba-2.2.6/source/</b></tt>
+$ <tt class="userinput"><b>su</b></tt>
+Password:
+# <tt class="userinput"><b>./configure --with-smbwrapper --with-smbmount \</b></tt>
+<tt class="userinput"><b>--with-msdfs --with-syslog --with-utmp 2&gt;&amp;1 | tee config.my.log</b></tt>
+loading cache ./config.cache
+checking for gcc... (cached) gcc
+checking whether the C compiler (gcc -O ) works... yes
+checking whether the C compiler (gcc -O ) is a cross-compiler... no
+checking whether we are using GNU C... (cached) yes
+checking whether gcc accepts -g... (cached) yes
+checking for a BSD-compatible install... (cached) /usr/bin/install -c
+
+<i class="lineannotation">...(content omitted)...</i>
+
+checking configure summary
+configure OK
+creating ./config.status
+creating include/stamp-h
+creating Makefile
+creating include/config.h</pre></blockquote>
+
+<p>In general, any message from <em class="filename">configure</em> that
+doesn't begin with the words
+<tt class="literal">checking</tt><a name="INDEX-55"/> or
+<tt class="literal">creating</tt><a name="INDEX-56"/> is an
+<a name="INDEX-57"/>error; it often helps to redirect the
+output of the configure script to a file so that you can quickly
+search for errors, as we did with the <em class="filename">tee</em>
+command earlier. If there was an error during configuration, more
+detailed information about it can be found in the
+<em class="filename">config.log</em><a name="INDEX-58"/> file, which is written to the local
+directory by the <em class="filename">configure</em> script, as well as in
+the <em class="filename">config.my.log</em> file, which we created by
+piping through the <em class="filename">tee</em> command. These files are
+very similar in both name and content, but be careful to check both
+of them for error messages before continuing!</p>
+
+<p>If the configuration works, you'll see a
+<tt class="literal">checking</tt> <tt class="literal">configure</tt>
+<tt class="literal">summary</tt> message followed by a
+<tt class="literal">configure</tt> <tt class="literal">OK</tt> message and four
+or five file-creation messages. So far, so good. <a name="INDEX-59"/></p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-2-SECT-4"/>
+
+<h2 class="head1">Compiling and Installing Samba</h2>
+
+<p><a name="INDEX-60"/><a name="INDEX-61"/><a name="INDEX-62"/><a name="INDEX-63"/>At this point you should be ready to build
+the Samba executables. Compiling is also easy: in the
+<em class="filename">source</em> directory, type <tt class="literal">make</tt>
+on the command line. The
+<em class="filename">make</em><a name="INDEX-64"/> utility will produce a stream of
+explanatory and success messages, beginning with:</p>
+
+<blockquote><pre class="code">Using FLAGS = -O -Iinclude ...</pre></blockquote>
+
+<p>This build includes compiles for both <em class="emphasis">smbd</em> and
+<em class="emphasis">nmbd</em> and ends in a linking command for
+<em class="filename">bin/nmblookup</em>. For example, here is a sample
+make of Samba Version 2.2.6 on a Linux server:</p>
+
+<blockquote><pre class="code"># make 2&gt;&amp;1 | tee make.log
+Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE64
+_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLOGFILEBASE=&quot;/usr/local/samba/va
+r&quot; -DCONFIGFILE=&quot;/usr/local/samba/lib/smb.conf&quot; -DLMHOSTSFILE=&quot;/usr/local/samba/
+lib/lmhosts&quot; -DSWATDIR=&quot;/usr/local/samba/swat&quot; -DSBINDIR=&quot;/usr/local/samba/bin
+&quot; -DLOCKDIR=&quot;/usr/local/samba/var/locks&quot; -DCODEPAGEDIR=&quot;/usr/local/samba/lib/cod
+epages&quot; -DDRIVERFILE=&quot;/usr/local/samba/lib/printers.def&quot; -DBINDIR=&quot;/usr/local/sa
+mba/bin&quot; -DHAVE_INCLUDES_H -DPASSWD_PROGRAM=&quot;/bin/passwd&quot; -DSMB_PASSWD_FILE=&quot;/u
+sr/local/samba/private/smbpasswd&quot; -DTDB_PASSWD_FILE=&quot;/usr/local/samba/private/sm
+bpasswd.tdb&quot;
+Using FLAGS32 = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE
+64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLOGFILEBASE=&quot;/usr/local/samba/
+var&quot; -DCONFIGFILE=&quot;/usr/local/samba/lib/smb.conf&quot; -DLMHOSTSFILE=&quot;/usr/local/samb
+a/lib/lmhosts&quot; -DSWATDIR=&quot;/usr/local/samba/swat&quot; -DSBINDIR=&quot;/usr/local/samba/b
+in&quot; -DLOCKDIR=&quot;/usr/local/samba/var/locks&quot; -DCODEPAGEDIR=&quot;/usr/local/samba/lib/c
+odepages&quot; -DDRIVERFILE=&quot;/usr/local/samba/lib/printers.def&quot; -DBINDIR=&quot;/usr/local/
+samba/bin&quot; -DHAVE_INCLUDES_H -DPASSWD_PROGRAM=&quot;/bin/passwd&quot; -DSMB_PASSWD_FILE=&quot;
+/usr/local/samba/private/smbpasswd&quot; -DTDB_PASSWD_FILE=&quot;/usr/local/samba/private/
+smbpasswd.tdb&quot;
+Using LIBS = -ldl -lnsl -lpam
+Compiling smbd/server.c
+Compiling smbd/files.c
+Compiling smbd/chgpasswd.c
+Compiling smbd/connection.c
+Compiling smbd/utmp.c
+Compiling smbd/session.c
+Compiling smbd/dfree.c
+Compiling smbd/dir.c
+
+<i class="lineannotation">...(content omitted)...</i>
+
+Compiling rpc_server/srv_srvsvc.c
+Compiling rpc_server/srv_srvsvc_nt.c
+Compiling rpc_server/srv_util.c
+Compiling rpc_server/srv_wkssvc.c
+Compiling rpc_server/srv_wkssvc_nt.c
+Compiling rpc_server/srv_pipe.c
+Compiling rpc_server/srv_dfs.c
+Compiling rpc_server/srv_dfs_nt.c
+Compiling rpc_server/srv_spoolss.c
+Compiling rpc_server/srv_spoolss_nt.c
+Compiling lib/util_getent.c
+Compiling rpc_parse/parse_lsa.c
+Compiling rpc_parse/parse_net.c
+Compiling rpc_parse/parsen/smbmount
+Compiling client/smbmnt.c
+Linking bin/smbmnt
+Compiling client/smbumount.c
+Linking bin/smbumount
+Compiling utils/nmblookup.c
+Linking bin/nmblookup</pre></blockquote>
+
+<p>If you encounter a problem when compiling, first check the Samba
+documentation to see if it is easily fixable. Another possibility is
+to search or post to the Samba mailing lists, which are given at the
+end of <a href="ch12.html">Chapter 12</a> and on the Samba home page. Most
+compilation issues are system-specific and almost always easy to
+overcome.</p>
+
+<p>Now that the files have been compiled, you can install them into the
+directories you identified with the command:</p>
+
+<blockquote><pre class="code">#<tt class="userinput"><b> make install</b></tt></pre></blockquote>
+
+<p>If you happen to be <a name="INDEX-65"/>upgrading, your old Samba files will be
+saved with the extension
+<em class="emphasis">.old</em>,<a name="INDEX-66"/> and you can go back to that previous
+version with the command
+<tt class="literal">make</tt><a name="INDEX-67"/> <tt class="literal">revert</tt>. After doing a
+<tt class="literal">make</tt><a name="INDEX-68"/> <tt class="literal">install</tt>, you should
+copy the <em class="emphasis">.old</em> files (if they exist) to a new
+location or name. Otherwise, the next time you install Samba, the
+original <em class="emphasis">.old</em> will be overwritten without
+warning and you could lose your earlier version. If you configured
+Samba to use the default locations for files, the new files will be
+installed in the directories listed in <a href="ch02.html#samba2-CHP-2-TABLE-2">Table 2-2</a>.
+Remember that you need to perform the installation from an account
+that has write privileges on these target directories; this is
+typically the root account.</p>
+
+<a name="samba2-CHP-2-TABLE-2"/><h4 class="head4">Table 2-2. Samba installation directories</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Directory</p>
+</th>
+<th>
+<p>Description</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><em class="emphasis">/usr/local/samba</em></p>
+</td>
+<td>
+<p>Main tree</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><em class="emphasis">/usr/local/samba/bin</em></p>
+</td>
+<td>
+<p>Binaries</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><em class="emphasis">/usr/local/samba/lib</em></p>
+</td>
+<td>
+<p><em class="emphasis">smb.conf</em>, <em class="emphasis">lmhosts</em>,
+configuration files, etc.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><em class="emphasis">/usr/local/samba/man</em></p>
+</td>
+<td>
+<p>Samba documentation</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><em class="emphasis">/usr/local/samba/private</em></p>
+</td>
+<td>
+<p>Samba-encrypted password file</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><em class="emphasis">/usr/local/samba/swat</em></p>
+</td>
+<td>
+<p>SWAT files</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><em class="emphasis">/usr/local/samba/var</em></p>
+</td>
+<td>
+<p>Samba log files, lock files, browse list info, shared memory files,
+process ID files</p>
+</td>
+</tr>
+
+</table>
+
+<p>Throughout the remainder of the book, we occasionally refer to the
+location of the main tree as <em class="filename">/usr/local/samba</em>.
+In most configurations, this is the base directory of the installed
+Samba package; however, it can vary from system to system<em class="filename">
+</em>.</p>
+
+<a name="samba2-CHP-2-NOTE-90"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Watch out if you've made <em class="filename">/usr</em> a
+read-only partition. You will want to put the logs, locks, and
+password files somewhere else.</p>
+</blockquote>
+
+<p>Here is the installation that we performed on our machine. You can
+see that we used <em class="filename">/usr/local/samba</em> as the base
+directory for the distribution:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>make install 2&gt;&amp;1 | tee make-install.log</b></tt>
+Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE64
+_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLOGFILEBASE=&quot;/usr/local/samba/va
+r&quot; -DCONFIGFILE=&quot;/usr/local/samba/lib/smb.conf&quot;
+
+<i class="lineannotation">...(content omitted)...</i>
+
+The binaries are installed. You can restore the old binaries (if there
+were any) using the command &quot;make revert&quot;. You can uninstall the binaries
+using the command &quot;make uninstallbin&quot; or &quot;make uninstall&quot; to uninstall
+binaries, manpages and shell scripts.
+
+<i class="lineannotation">...(content omitted)...</i>
+
+======================================================================
+The SWAT files have been installed. Remember to read the swat/README
+for information on enabling and using SWAT.
+======================================================================</pre></blockquote>
+
+<p>If the last message is about SWAT, you've
+successfully installed all the files. Congratulations! You now have
+Samba on your system!</p>
+
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-4.1"/>
+
+<h3 class="head2">Upgrading Your Installation</h3>
+
+<p><a name="INDEX-70"/><a name="INDEX-71"/>Eventually a new version of
+Samba will be released, and you will want to upgrade. This is simple;
+just repeat the same steps you used to install your current version.
+Download the source distribution from the Samba web site and install
+it, then run the <tt class="literal">./configure</tt>,
+<tt class="literal">make</tt>, and <tt class="literal">make</tt>
+<tt class="literal">install</tt> commands as before. If
+you've forgotten which options you used with the
+<a name="INDEX-72"/><a name="INDEX-73"/><a name="INDEX-74"/><a name="INDEX-75"/><em class="emphasis">configure</em>
+script, take a look at the
+<em class="filename">source/config.status</em><a name="INDEX-76"/><a name="INDEX-77"/> file in your previous
+version's source distribution. The first few lines
+of this file show the options used the last time
+<em class="emphasis">configure</em> was run.</p>
+
+<p>When you run the <tt class="literal">make
+install</tt><a name="INDEX-78"/> command to install your new
+version, the files of the previous version are replaced with the new
+ones, and then all you have to do is restart the Samba daemons to get
+your new version running. See <a href="ch02.html#samba2-CHP-2-SECT-8">Section 2.8</a> later in this chapter for directions on how to do this.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-4.2"/>
+
+<h3 class="head2">Reconfiguring Samba</h3>
+
+<p><a name="INDEX-79"/>If you
+have already compiled Samba and wish to recompile the same source
+code with different <em class="emphasis">configure</em> options, you
+should run the following three commands in the
+<em class="emphasis">source</em> directory before rerunning the
+<em class="emphasis">configure</em> script:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>autoconf</b></tt>
+# <tt class="userinput"><b>make clean</b></tt>
+# <tt class="userinput"><b>rm config.cache</b></tt></pre></blockquote>
+
+<p>This ensures that you are starting with a clean slate and that your
+previous <em class="emphasis">configure</em> command does not leave any
+data around that can affect your new build. From here, you can rerun
+<tt class="literal">./configure</tt> and then <tt class="literal">make</tt> and
+<tt class="literal">make install</tt>.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-4.3"/>
+
+<h3 class="head2">Setting Search Paths</h3>
+
+<p><a name="INDEX-80"/>You
+will probably want to run commands included in the Samba distribution
+without having to specify their full directory paths. For that to
+work, the directory in which the Samba executables are located,
+<em class="filename">/usr/local/samba/bin</em> by default, must be added
+to your shell's <a name="INDEX-81"/>PATH environment variable. This
+environment variable is usually set in one or more of the
+shell's startup files, which in the case of
+<em class="emphasis">bash</em> are <em class="filename">/etc/profile</em>
+(systemwide) and the <em class="filename">.bash_profile</em> and
+<em class="filename">.bashrc</em> files in each user's
+home directory.</p>
+
+<p>To be able to read the <a name="INDEX-82"/><a name="INDEX-83"/><a name="INDEX-84"/>Samba manual pages using the
+<em class="emphasis">man</em> command, the directory where
+Samba's manual pages reside,
+<em class="filename">/usr/local/samba/man</em> by default, must be in your
+<a name="INDEX-85"/>MANPATH environment variable. On Red
+Hat Linux, this can be accomplished by adding the following two lines
+to <em class="filename">/etc/man.config</em>:</p>
+
+<a name="INDEX-86"/><a name="INDEX-87"/><blockquote><pre class="code">
+MANPATH /usr/local/samba/man
+MANPATH_MAP /usr/local/samba/bin /usr/local/samba/man</pre></blockquote>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-2-SECT-5"/>
+
+<h2 class="head1">Enabling SWAT</h2>
+
+<p>The <a name="INDEX-88"/><a name="INDEX-89"/>Samba
+Web Administration Tool (SWAT) runs as a daemon under
+<em class="emphasis">inetd</em> or <em class="filename">xinetd </em>and
+provides a forms-based editor in your web browser for creating and
+modifying <a name="INDEX-90"/>Samba's
+configuration file. For SWAT to work, entries must be added for it in
+the <em class="filename">/etc/services</em> and
+<em class="filename">/etc/inetd.conf</em> (or
+<em class="filename">/etc/xinetd.d/swat) </em>configuration files. To add
+the entries, follow these two steps:</p>
+
+<ol><li>
+<p>Check your <em class="filename">/etc/services</em> file, and if it does
+not contain the following line, add it to the end of the file:</p>
+
+<blockquote><pre class="code">swat 901/tcp</pre></blockquote>
+</li>
+<li>
+<p>Now for <em class="filename">inetd </em><a name="INDEX-91"/>or <em class="filename">xinetd.
+</em><a name="INDEX-92"/>These are &quot;Internet
+super daemons&quot; that handle starting daemons on
+demand, instead of letting them sit around in memory consuming system
+resources. Most systems use <em class="filename">inetd, </em>but
+<em class="filename">xinetd </em>is also used in some versions of Unix,
+notably the Red Hat Linux (Versions 7 and newer) that we use in our
+examples. You can use the <em class="emphasis">ps</em> command to see
+which of the two your system is running.</p>
+</li></ol>
+<p>For <em class="filename">inetd, </em>add a line to the
+<em class="emphasis">/etc/</em><em class="filename">inetd.conf </em>file.
+(Check your <em class="filename">inetd.conf</em> manual page to see the
+exact format of the<em class="filename"> inetd.conf</em> file if it
+differs from the following example.) Don't forget to
+change the path to the SWAT binary if you installed it in a different
+location from the default <em class="filename">/usr/local/samba</em>:</p>
+
+<blockquote><pre class="code">swat stream tcp nowait root /usr/local/samba/bin/swat swat</pre></blockquote>
+
+<p>Then force <em class="filename">inetd</em> to reread its configuration
+file by sending it a SIGHUP (hangup) signal:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>/bin/kill -HUP -a inetd</b></tt></pre></blockquote>
+
+<p>Notice that we are using a version of the <em class="emphasis">kill</em>
+command that supports the <em class="emphasis">-a</em> option, so as to
+allow us to specify the process by name. On FreeBSD and Linux, you
+can use the <em class="emphasis">killall</em> command<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a> as follows:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>killall -HUP inetd</b></tt></pre></blockquote>
+
+<p>If you are not running Linux or FreeBSD and your version of
+<em class="emphasis">kill</em> doesn't have the
+<em class="emphasis">-a</em> option, you will need to use the
+<em class="emphasis">ps</em> command to find the process ID and then
+supply that to <em class="emphasis">kill</em>:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>ps ax | grep inetd</b></tt>
+ 780 ? S 0:00 inetd
+ 1981 pts/4 S 0:00 grep inetd
+# <tt class="userinput"><b>kill -HUP 780</b></tt></pre></blockquote>
+
+<p>If your system is using <em class="filename">xinet, </em>add a file named
+<em class="emphasis">swat</em> in your <em class="filename">/etc/xinetd.d
+</em>directory, containing the following:</p>
+
+<blockquote><pre class="code"># description: swat is the Samba Web Administration Tool, which
+# allows an administrator to configure Samba using a web
+# browser interface, with the URL http://localhost:901
+service swat.
+{
+ socket_type = stream
+ wait = no
+ protocol = tcp
+ only_from = localhost
+ user = root
+ log_on_failure += USERID
+ server = /usr/local/samba/bin/swat
+ port = 901
+ disable = no
+}</pre></blockquote>
+
+<p>Then <em class="emphasis">xinetd</em> needs to be sent a signal<a name="FNPTR-3"/><a href="#FOOTNOTE-3">[3]</a> to make it reread its configuration files:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>/bin/kill -HUP -a xinetd</b></tt></pre></blockquote>
+
+<p>And that's pretty much it for the installation.
+Before you can start up Samba, however, you need to create a
+configuration file for it.</p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-2-SECT-6"/>
+
+<h2 class="head1">A Basic Samba Configuration File</h2>
+
+<p><a name="INDEX-93"/>The
+key to configuring Samba is its configuration file,
+<em class="filename">smb.conf</em>. This configuration file can be very
+simple or extremely complex, and the rest of this book is devoted to
+helping you get deeply personal with this file. For now, however,
+we'll show you how to set up a single file service,
+which will allow you to fire up the Samba daemons and see that
+everything is running as it should be. In later chapters, you will
+see how to configure Samba for more complicated and interesting
+tasks.</p>
+
+<p>The installation process does not automatically create an
+<em class="filename">smb.conf</em> configuration file, although several
+example files are included in the Samba distribution. To test the
+server software, though, we'll use the following
+file, which you can create in a text editor. It should be named
+<em class="filename">smb.conf</em> and placed in the
+<em class="emphasis">/usr/local/samba/lib</em> directory:<a name="FNPTR-4"/><a href="#FOOTNOTE-4">[4]</a></p>
+
+<blockquote><pre class="code">[global]
+ workgroup = METRAN
+[test]
+ comment = For testing only, please
+ path = /usr/local/samba/tmp
+ read only = no
+ guest ok = yes</pre></blockquote>
+
+<p>This brief configuration file tells the Samba server to offer the
+<em class="filename">/usr/local/samba/tmp</em> directory on the server as
+an SMB share called <em class="emphasis">test</em>. The server also
+becomes part of the METRAN workgroup, of which each client must also
+be a part. If you have already chosen a name for your own workgroup,
+use the name of your workgroup instead of METRAN in the previous
+example. In case you are connecting your Samba system into an
+existing network and need to know the workgroup name, you can ask
+another system administrator or go to a Windows system in the
+workgroup and follow these instructions:</p>
+
+<ul><li>
+<p>Windows 95/98/Me/NT: open the Control Panel, then double-click the
+Network icon. Click the Identification tab, and look for the
+&quot;Workgroup:&quot; label.</p>
+</li><li>
+<p>Windows 2000: open the Control Panel and double-click the System
+icon. Click the Network Identification tab. The workgroup name will
+appear below the computer name.</p>
+</li><li>
+<p>Windows XP: open the Control Panel in Classic View mode and
+double-click the System icon. Then click the Computer Name tab.</p>
+</li></ul>
+<p>We'll use the <tt class="literal">[test]</tt> share in the
+next chapter to set up the Windows clients. For now, you can complete
+the setup by performing the following commands as root on your Unix
+server:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /usr/local/samba/tmp</b></tt>
+# <tt class="userinput"><b>chmod 777 /usr/local/samba/tmp</b></tt></pre></blockquote>
+
+<p>You might also want to put a file or two in the
+<em class="filename">/usr/local/samba/tmp</em> directory so that after
+your Windows systems are initially configured, you will have
+something to use to check that everything works.</p>
+
+<p>We should point out that in terms of system security, this is the
+worst setup possible. For the moment, however, we only wish to test
+Samba, so we'll leave security out of the picture.
+In addition, we will encounter some encrypted password issues with
+Windows clients later on, so this setup will afford us the least
+amount of headaches.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-6.1"/>
+
+<h3 class="head2">Encrypted Passwords</h3>
+
+<p><a name="INDEX-94"/><a name="INDEX-95"/><a name="INDEX-96"/>If your Windows clients are using Windows
+98 or Windows NT 4 Service Pack 3 or above (including Windows 2000
+and Windows XP) and you are using a version of Samba earlier than
+3.0, you must add the following entry to the
+<tt class="literal">[global]</tt> section of the Samba configuration file:</p>
+
+<blockquote><pre class="code">[global]
+ encrypt passwords = yes</pre></blockquote>
+
+<p>In addition, you must use the
+<em class="filename">smbpasswd</em><a name="INDEX-97"/> program (typically located in the
+directory <em class="filename">/usr/local/samba/bin/ </em>) to enter the
+username/password combinations of the Samba users into
+Samba's encrypted password database. For example, if
+you wanted to allow Unix user <tt class="literal">steve</tt> to access
+shares from a client system, you would use this command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbpasswd -a steve</b></tt>
+New SMB password:
+Retype new SMB password:
+Added user steve.</pre></blockquote>
+
+<p>When the first user is added, the program will output a message
+saying that the encrypted password database does not exist.
+Don't worry: it will then create the database for
+you. Make sure that the username/password combinations you add to the
+encrypted database match the usernames and passwords you intend to
+use on the Windows client side. You must run
+<em class="emphasis">smbpasswd</em> for each client user.</p>
+
+<p>In Samba 3.0, passwords are encrypted by default, so the
+<tt class="literal">encrypt</tt> <tt class="literal">passwords</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> parameter in the
+configuration file is optional. However, you will still need to run
+the <em class="emphasis">smbpasswd</em> command to add users to the
+encrypted password file.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-6.2"/>
+
+<h3 class="head2">Using SWAT</h3>
+
+<p><a name="INDEX-98"/>Creating
+a configuration file with SWAT is even easier than writing a
+configuration file by hand. To invoke SWAT, use your web browser to
+connect to <em class="emphasis">http://localhost:901</em>, and log on as
+root with the root password, as shown in <a href="ch02.html#samba2-CHP-2-FIG-1">Figure 2-1</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-2-FIG-1"/><a name="INDEX-99"/><img src="figs/sam2_0201.gif"/></div><h4 class="head4">Figure 2-1. SWAT login</h4>
+
+<p>After logging in, click the GLOBALS button at the top of the screen.
+You should see the Global Variables page shown in <a href="ch02.html#samba2-CHP-2-FIG-2">Figure 2-2</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-2-FIG-2"/><img src="figs/sam2_0202.gif"/></div><h4 class="head4">Figure 2-2. SWAT Global Variables page</h4>
+
+<p>In this example, notice that SWAT retrieved the workgroup name from
+the <em class="emphasis">smb.conf</em> file that you created. (If it
+didn't, go back and perform that step correctly.)
+Make sure that the <tt class="literal">security</tt> field is set to
+<tt class="literal">USER</tt>.</p>
+
+<p>If you are running Samba 2.2 and your Windows clients are at least
+Windows 98 or Windows NT 4 SP 3 or later versions, find
+<tt class="literal">encrypt</tt> <tt class="literal">passwords</tt> in the
+Security Options section and select <tt class="literal">yes</tt>.</p>
+
+<p>The only other option you need to change from the menu is one
+determining which system on the LAN resolves NetBIOS addresses; this
+system is called the <em class="emphasis">WINS server</em>. At the very
+bottom of the page, set the <tt class="literal">wins</tt>
+<tt class="literal">support</tt> field to <tt class="literal">Yes</tt>, unless
+you already have a WINS server on your network. If you do, put the
+WINS server's IP address in the
+<tt class="literal">wins</tt> <tt class="literal">server</tt> field instead. Then
+return to the top of the screen, and press the Commit Changes button
+to write the changes out to the <em class="emphasis">smb.conf</em> file.</p>
+
+<p>Next, click the SHARES icon. You should see a page similar to <a href="ch02.html#samba2-CHP-2-FIG-3">Figure 2-3</a>. Select <tt class="literal">test</tt> (to the right
+of the Choose Share button), and click the Choose Share button. You
+will see the Share Parameters screen, as shown in <a href="ch02.html#samba2-CHP-2-FIG-3">Figure 2-3</a>, with the <tt class="literal">comment</tt> and
+<tt class="literal">path</tt> fields filled in from your
+<em class="emphasis">smb.conf</em> file.</p>
+
+<div class="figure"><a name="samba2-CHP-2-FIG-3"/><img src="figs/sam2_0203.gif"/></div><h4 class="head4">Figure 2-3. SWAT Share Parameters screen</h4>
+
+<p>If you specified that you want to use encrypted passwords on the
+GLOBALS page, click the PASSWORD button. Near the top of the screen,
+you will see the Server Password Management section. Enter your Unix
+username and password in the spaces, and click the Add New User
+button. This functions the same as the <em class="emphasis">smbpasswd</em>
+utility and creates an entry in the
+<em class="emphasis">/usr/local/samba/private/smbpasswd</em> file to allow
+you to authenticate from a Windows client.</p>
+
+<p>Now click the VIEW button at the top, and SWAT shows you the
+following <em class="filename">smb.conf</em> file:</p>
+
+<blockquote><pre class="code"># Samba config file created using SWAT
+# from localhost (127.0.0.1)
+# Date: 2002/09/05 04:56:43
+
+# Global parameters
+ workgroup = METRAN
+ encrypt passwords = Yes
+ wins support = Yes
+
+[test]
+ comment = For testing only!
+ path = /usr/local/samba/tmp
+ read only = No</pre></blockquote>
+
+<p>Once this configuration file is completed, you can skip the next step
+because the output of SWAT is guaranteed to be syntactically correct.
+<a name="INDEX-100"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-6.3"/>
+
+<h3 class="head2">Disabling Oplocks</h3>
+
+<p>The <em class="filename">smb.conf</em><a name="INDEX-101"/><a name="INDEX-102"/>
+file you have just created is certainly good enough for the purpose
+of initial setup and testing, and you can use it as a starting point
+from which to develop the configuration of your production Samba
+server. But before you get too far with that, we want to bring one
+thing to your attention.</p>
+
+<p>If you are the type of administrator who is highly concerned about
+data integrity, you might want to make the following modification to
+your <em class="filename">smb.conf</em> file before continuing:</p>
+
+<blockquote><pre class="code">[global]
+ oplocks = no</pre></blockquote>
+
+<p>That is, use a text editor to add the line <tt class="literal">oplocks</tt>
+<tt class="literal">=</tt> <tt class="literal">no</tt> to the
+<tt class="literal">[global]</tt> section of your
+<em class="filename">smb.conf</em> file. With this example, as with other
+examples we will present throughout this book, you do not need to
+enter the <tt class="literal">[global]</tt> line again in your
+configuration file. We include it only to indicate in which section
+the parameter belongs.</p>
+
+<p>The <tt class="literal">oplocks</tt> <tt class="literal">=</tt>
+<tt class="literal">no</tt> parameter disables opportunistic locking by
+clients. This will result in significantly poorer performance, but
+will help ensure that flaky Windows clients and/or unreliable network
+hardware will not lead to corrupted files on the Samba server.</p>
+
+<p>We will cover opportunistic locking (oplocks) in more detail in the
+section &quot;Locks and Oplocks&quot; in
+<a href="ch08.html">Chapter 8</a>, and recommend that you understand the
+ideas presented there before implementing a production Samba server
+that serves database files or other valuable data.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-6.4"/>
+
+<h3 class="head2">Testing the Configuration File</h3>
+
+<p><a name="INDEX-103"/>If you
+didn't use SWAT to create your configuration file,
+you should probably test it to ensure that it is syntactically
+correct. It might seem silly to run a test program against an
+eight-line configuration file, but it's good
+practice for the real ones that we'll be writing
+later on.</p>
+
+<p>The test parser,
+<em class="filename">testparm</em><a name="INDEX-104"/>, examines an
+<em class="filename">smb.conf</em> file for syntax errors and reports any
+it finds along with a list of the services enabled on your machine.
+An example follows; you'll notice that in our haste
+to get the server running we mistyped <tt class="literal">workgroup</tt> as
+<tt class="literal">workgrp</tt> (the output is often lengthy, so we
+recommend capturing it with the <em class="emphasis">tee</em> command):</p>
+
+<blockquote><pre class="code">Load smb config files from smb.conf
+Unknown parameter encountered: &quot;workgrp&quot;
+Ignoring unknown parameter &quot;workgrp&quot;
+Processing section &quot;[test]&quot;
+Loaded services file OK.
+Press Enter to see a dump of your service definitions
+# Global parameters
+[global]
+ workgroup = WORKGROUP
+ netbios name =
+ netbios aliases =
+ server string = Samba 2.2.6
+ interfaces =
+ bind interfaces only = No
+
+<i class="lineannotation">...(content omitted)...</i>
+
+[test]
+ comment = For testing only!
+ path = /usr/local/samba/tmp
+ read only = No</pre></blockquote>
+
+<p>The interesting parts are at the top and bottom. The top of the
+output will flag any syntax errors that you might have made, and the
+bottom lists the services that the server thinks it should offer. A
+word of advice: make sure you and the server have the same
+expectations. <a name="INDEX-105"/></p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-2-SECT-7"/>
+
+<h2 class="head1">Firewall Configuration</h2>
+
+<p><a name="INDEX-106"/>As
+with any services that run on TCP/IP, the SMB networking services
+offered by Samba can be accessed from across the Internet unless your
+organization's firewall is properly configured. The
+following ports are used by Samba for SMB networking and SWAT:</p>
+
+<dl>
+<dt><b>Port 137</b></dt>
+<dd>
+<p>Used for NetBIOS network browsing</p>
+</dd>
+
+
+
+<dt><b>Port 138</b></dt>
+<dd>
+<p>Used for NetBIOS name service</p>
+</dd>
+
+
+
+<dt><b>Port 139</b></dt>
+<dd>
+<p>Used for file and printer sharing and other operations</p>
+</dd>
+
+
+
+<dt><b>Port 445</b></dt>
+<dd>
+<p>Used by Windows 2000/XP when NetBIOS over TCP/IP is disabled</p>
+</dd>
+
+
+
+<dt><b>Port 901</b></dt>
+<dd>
+<p>Used by SWAT</p>
+</dd>
+
+</dl>
+
+<p>At the minimum, your organization's Internet
+firewall should shut down all the ports in the list to traffic in
+both directions. Do not assume that preventing incoming connections
+is sufficient; there are cracks that trick Windows clients into
+sending data out of the local area network and into the Internet by
+SMB protocol, even from a local network that uses private IP
+addresses not forwarded by routers. If you want SMB traffic to travel
+across the Internet to remote sites, the best way is to use a virtual
+private network (VPN). See the O'Reilly book,
+<em class="citetitle">Virtual Private Networks</em>, for more information
+on this subject.</p>
+
+<p>In addition, you might wish to configure a firewall on the Samba host
+system to keep SMB packets from traveling further than necessary
+within your organization's network. For example,
+port 901 can be shut down for remote accesses so that SWAT can be run
+only on the Samba host system. If you are using Samba to serve only a
+fraction of the client systems within your organization, consider
+allowing SMB packets (i.e., packets on ports 137-139 and 445) to go
+to or come from only those clients.</p>
+
+<p>For more information on configuring firewalls, see the
+O'Reilly book <em class="citetitle">Building Internet
+Firewalls</em>.</p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-2-SECT-8"/>
+
+<h2 class="head1">Starting the Samba Daemons</h2>
+
+<p>Two Samba processes,
+<em class="emphasis">smbd</em><a name="INDEX-107"/> and
+<em class="emphasis">nmbd</em><a name="INDEX-108"/>, need to be running for Samba to work
+correctly. There are three ways to start them:</p>
+
+<ul><li>
+<p>Manually</p>
+</li><li>
+<p>Automatically, during system boot</p>
+</li><li>
+<p>From <em class="emphasis">inetd or xinetd</em></p>
+</li></ul>
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-8.1"/>
+
+<h3 class="head2">Starting the Daemons Manually</h3>
+
+<p><a name="INDEX-109"/><a name="INDEX-110"/>If you're in a
+hurry, you can start the Samba daemons by hand. As root, simply enter
+the following commands:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>/usr/local/samba/bin/smbd -D</b></tt>
+# <tt class="userinput"><b>/usr/local/samba/bin/nmbd -D</b></tt></pre></blockquote>
+
+<p>Samba will now be running on your system and is ready to accept
+connections. However, keep in mind that if either of the daemons exit
+for any reason (including system reboots), they will need to be
+restarted manually.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-8.2"/>
+
+<h3 class="head2">Automatic Startup</h3>
+
+<p><a name="INDEX-111"/><a name="INDEX-112"/>To have the Samba daemons
+started automatically when the system boots, you need to add the
+commands listed in the previous section to your standard Unix startup
+scripts. The exact method varies depending on the flavor of Unix
+you're using.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.1"/>
+
+<h3 class="head3">BSD Unix</h3>
+
+<p><a name="INDEX-113"/><a name="INDEX-114"/><a name="INDEX-115"/>With a BSD-style Unix, you need to append
+the following code to the <em class="filename">rc.local </em>file, which
+is typically found in the <em class="filename">/etc</em> or
+<em class="filename">/etc/rc.d</em> directories:</p>
+
+<blockquote><pre class="code">if [ -x /usr/local/samba/bin/smbd]; then
+ echo &quot;Starting smbd...&quot;
+ /usr/local/samba/bin/smbd -D
+ echo &quot;Starting nmbd...&quot;
+ /usr/local/samba/bin/nmbd -D
+fi</pre></blockquote>
+
+<p>This code is very simple: it checks to see if the
+<em class="filename">smbd</em> file exists and has execute permissions,
+and if it does, it starts up both of the Samba daemons on system
+boot.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.2"/>
+
+<h3 class="head3">System V Unix</h3>
+
+<p><a name="INDEX-116"/><a name="INDEX-117"/><a name="INDEX-118"/>With System V, things can get a little
+more complex. Depending on your Unix version, you might be able to
+get away with making a simple change to an
+<em class="filename">rc.local</em> file as with BSD Unix, but System V
+typically uses directories containing links to scripts that control
+daemons on the system. Hence, you need to instruct the system how to
+start and stop the Samba daemons. The first step to implement this is
+to modify the contents of the <em class="filename">/etc/rc.d/init.d</em>
+directory by adding something similar to the following shell script,
+which for this example we will name <em class="filename">smb </em>:</p>
+
+<blockquote><pre class="code">#!/bin/sh
+
+# Check that the Samba configuration file exists
+[ -f /usr/local/samba/lib/smb.conf ] || exit 0
+
+start( )
+{
+ echo -n &quot;Starting SMB services: &quot;
+ /usr/local/samba/bin/smbd -D
+ ERROR=$?
+ echo
+
+ echo -n &quot;Starting NMB services: &quot;
+ /usr/local/samba/bin/nmbd -D
+ ERROR2=$?
+ if [ $ERROR2 -ne 0 ]
+ then
+ ERROR=1
+ fi
+ echo
+
+ return $ERROR
+}
+
+stop( )
+{
+ echo -n &quot;Shutting down SMB services: &quot;
+ /bin/kill -TERM -a smbd
+ ERROR=$?
+ echo
+
+ echo -n &quot;Shutting down NMB services: &quot;
+ /bin/kill -TERM -a nmbd
+ ERROR2=$?
+ if [ $ERROR2 -ne 0 ]
+ then
+ ERROR=1
+ fi
+ echo
+
+ return $ERROR
+}
+
+case &quot;$1&quot; in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ *)
+ echo &quot;Usage: $0 {start|stop}&quot;
+ exit 1
+esac
+
+exit $?</pre></blockquote>
+
+<p>With this script, you can start and stop <em class="emphasis">smbd</em>
+and <em class="emphasis">nmbd</em> like this:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>/etc/rc.d/init.d/smb start</b></tt>
+Starting SMB services:
+Starting NMB services:
+# <tt class="userinput"><b>ps ax | grep mbd</b></tt>
+ 1268 ? S 0:00 /usr/local/samba/bin/smbd -D
+ 1270 ? S 0:00 /usr/local/samba/bin/nmbd -D
+ 1465 pts/2 S 0:00 grep mbd
+# <tt class="userinput"><b>/etc/rc.d/init.d/smb stop</b></tt>
+Shutting down SMB services:
+Shutting down NMB services:</pre></blockquote>
+
+<p>If you are having trouble writing a startup script for your system,
+check to see if there is a packaged release of Samba (available from
+your Unix vendor or the Samba FTP site). If so, you might be able to
+extract a startup script from it to use as a starting point.
+Typically, this script doesn't change much (if at
+all) from release to release, so using a script from an older Samba
+version should not be a problem. Another possibility is to check the
+<em class="filename">packaging</em> directory in the Samba source
+distribution. In that directory, there are subdirectories for many
+Unix versions in which you can find a startup script for those
+versions. Even if your version isn't included, you
+can probably find a startup script for a similar version to use as a
+starting point.</p>
+
+<p>Finally, we need to add symbolic links to the
+<em class="filename">smb</em> script in the
+<em class="emphasis">/etc/rc.d/rcX.d</em> directories:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc3.d/S35smb</b></tt>
+# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc5.d/S35smb</b></tt>
+
+# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc0.d/K35smb</b></tt>
+# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc1.d/K35smb</b></tt>
+# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc2.d/K35smb</b></tt>
+# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc4.d/K35smb</b></tt>
+# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc6.d/K35smb</b></tt></pre></blockquote>
+
+<p>The first two commands, with link names starting with an
+&quot;S&quot;, cause Samba to be started when
+entering runlevels 3 or 5, which are the runlevels in which network
+file sharing (NFS) is normally enabled. The second group of commands,
+with link names starting with a
+&quot;K&quot;, cause Samba to be shut down
+when entering any of the other runlevels (0, 1, 2, 4, or 6).</p>
+
+<p>The links starting with &quot;S&quot; are
+used to start the daemons, and the links starting with
+&quot;K&quot; are used for killing them. When
+the runlevel is changed, the links starting with
+&quot;K&quot; in the corresponding directory
+(e.g., the <em class="filename">rc3.d</em> directory for runlevel 3) are
+executed, followed by the links starting with
+&quot;S&quot;. If we wanted, we could have
+Samba restarted when switching between runlevels 3 and 5 by adding a
+<em class="filename">K35smb</em> link to each <em class="filename">rc3.d</em>
+and <em class="filename">rc5.d </em>directory.</p>
+
+<p>The number after the K or S in the link names is used to set the
+order in which all the daemons with links in the directory are
+started or killed off. Get a long listing of the
+<em class="emphasis">rc3.d</em> or <em class="emphasis">rc5.d</em> directories
+to see how this is set up on your system. We use 35 to match the
+behavior of Red Hat's Samba RPM package. The
+important thing is to make sure when starting Samba that all services
+it requires are started before it. When shutting down, it is a good
+idea to shut down Samba before services it requires to avoid excess
+error messages in the log files, but the order is not as crucial.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.3"/>
+
+<h3 class="head3">Darwin and Mac OS X</h3>
+
+<p><a name="INDEX-119"/><a name="INDEX-120"/><a name="INDEX-121"/><a name="INDEX-122"/>An installation of Samba is bundled with the
+Darwin distribution, which is included in Mac OS X.<a name="FNPTR-5"/><a href="#FOOTNOTE-5">[5]</a> </p>
+
+<p>The Samba daemons are started during system
+boot by the script
+<em class="filename">/System/Library/StartupItems/Samba/Samba</em>. To
+trigger the execution of this script, edit the file
+<em class="filename">/etc/hostconfig</em> and change the SMBSERVER
+parameter to look like this:</p>
+
+<blockquote><pre class="code">SMBSERVER=-YES-</pre></blockquote>
+
+<p>On Mac OS X, the graphical user interface (GUI) provides an
+alternative to using the command line. Launch the System Preferences
+application, and select Sharing (see <a href="ch02.html#samba2-CHP-2-FIG-4">Figure 2-4</a>).
+Under the Services tab, turn on Windows File Sharing. This will make
+the aforementioned change to <em class="filename">/etc/hostconfig</em> and
+immediately execute the startup item.</p>
+
+<div class="figure"><a name="samba2-CHP-2-FIG-4"/><img src="figs/sam2_0204.gif"/></div><h4 class="head4">Figure 2-4. Mac OS X sharing preferences</h4>
+
+<p>If you decide to install Samba yourself on Mac OS X,
+it's best not to stomp on the installation provided
+with the OS. Use the procedures detailed earlier in this chapter to
+install the software into <em class="filename">/usr/local/samba</em> or
+some other area unaffected by OS upgrades. (Remember to set up users
+with <em class="emphasis">smbpasswd</em> if you're using
+encrypted passwords, as described earlier in this chapter. This step
+is handled automatically with entries in
+<em class="filename">/var/db/samba/hash</em> if you're
+using the built-in server on Mac OS X.) Once you've
+got that working, you can edit the Samba startup item script to refer
+to your installation, like this:</p>
+
+<blockquote><pre class="code"> #!/bin/sh
+ # Start Samba
+
+ . /etc/rc.common
+
+ if [ &quot;${SMBSERVER:=-NO-}&quot; = &quot;-YES-&quot; ]; then
+ ConsoleMessage &quot;Starting SMB server&quot;
+
+ if [ -f /usr/local/samba/lib/smb.conf ]; then
+ /usr/local/samba/bin/smbd -D
+ /usr/local/samba/bin/nmbd -D
+ fi
+ fi</pre></blockquote>
+
+<p>However, beware of OS updates, which can wipe out your changes. One
+solution is to make the script immutable, like this:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>chflags uchg /System/Library/StartupItems/Samba/Samba</b></tt></pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.4"/>
+
+<h3 class="head3">Testing automatic startup</h3>
+
+<p><a name="INDEX-123"/><a name="INDEX-124"/>If you can afford a few minutes of
+downtime, reboot your system and again use the
+<em class="emphasis">ps</em> command to check that the
+<em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em> daemons are
+running. And if you are managing a 24/7 server, we highly recommend
+that you find some downtime in which to reboot and perform this
+check. Otherwise, your next unscheduled downtime might surprise you
+with a mysterious absence of SMB networking services when the system
+comes up again! <a name="INDEX-125"/><a name="INDEX-126"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-2-SECT-8.3"/>
+
+<h3 class="head2">Starting from inetd</h3>
+
+<p><a name="INDEX-127"/><a name="INDEX-128"/><a name="INDEX-129"/>The <em class="emphasis">inetd</em>
+<em class="emphasis"><a name="FNPTR-6"/><a href="#FOOTNOTE-6">[6]</a></em> daemon is a Unix
+system's Internet &quot;super
+daemon.&quot; It listens on ports defined in
+<em class="filename">/etc/services</em> and executes the appropriate
+program for each port, which is defined in
+<em class="filename">/etc/inetd.conf</em>. The advantage of this scheme is
+that you can have a large number of daemons ready to answer queries,
+but they don't all have to be running all the time.
+Instead, <em class="emphasis">inetd</em> listens for connection requests
+and starts the appropriate daemon when it is needed. The penalty is a
+small overhead cost of creating a new daemon process, as well as the
+fact that you need to edit two files rather than one to set things
+up. The <em class="emphasis">inetd</em> daemon is handy if you have only
+one or two Samba users or your machine is running too many daemons
+already. It's also easier to perform an upgrade
+without disturbing an existing connection.</p>
+
+<p>If you wish to start from <em class="filename">inetd</em>, first open
+<em class="filename">/etc/services</em> in your text editor. If you
+don't already have them defined, add the following
+two lines:</p>
+
+<blockquote><pre class="code">netbios-ssn 139/tcp
+netbios-ns 137/udp</pre></blockquote>
+
+<p>Next, edit <em class="filename">/etc/inetd.conf</em>. Look for the
+following two lines and add them if they don't
+exist. If you already have <tt class="literal">smbd</tt> and
+<tt class="literal">nmbd</tt> lines in the file, edit them to point at the
+new <em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em>
+you've installed. Your brand of Unix might use a
+slightly different syntax in this file; use the existing entries and
+the <em class="filename">inetd.conf </em> manual
+page as a guide:</p>
+
+<blockquote><pre class="code">netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd
+netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd</pre></blockquote>
+
+<p>Finally, kill any <em class="emphasis">smbd</em> or
+<em class="emphasis">nmbd</em> processes and send the
+<em class="emphasis">inetd</em> process a hangup (HUP) signal to tell it
+to reread its configuration file:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>/bin/kill -TERM -a smbd</b></tt>
+# <tt class="userinput"><b>/bin/kill -TERM -a nmbd</b></tt>
+# <tt class="userinput"><b>/bin/kill -HUP -a inetd</b></tt></pre></blockquote>
+
+<p>After that, Samba should be up and running.</p>
+
+<p>As we've pointed out before, Red Hat and perhaps
+other Unix vendors supply <em class="emphasis">xinetd</em> rather than
+<em class="emphasis">inetd</em>. If you need to use
+<em class="emphasis">xinetd</em>, you will need to supply a configuration
+file in the <em class="emphasis">/etc/xinetd.d</em> directory.
+<a name="INDEX-130"/></p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-2-SECT-9"/>
+
+<h2 class="head1">Testing the Samba Daemons</h2>
+
+<p><a name="INDEX-131"/><a name="INDEX-132"/>We're
+nearly done with the Samba server setup. All that's
+left to do is to make sure everything is working as we think it
+should. A convenient way to do this is to use the
+<em class="filename">smbclient</em><a name="INDEX-133"/> program to examine what the server is
+offering to the network. If everything is set up properly, you should
+be able to do the following:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>/usr/local/samba/bin/smbclient -U% -L localhost</b></tt>
+added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0
+Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.6]
+
+ Sharename Type Comment
+ --------- ---- -------
+ test Disk For testing only, please
+ IPC$ IPC IPC Service (Samba 2.2.6)
+ ADMIN$ Disk IPC Service (Samba 2.2.6)
+
+ Server Comment
+ --------- -------
+ TOLTEC Samba 2.2.6 on toltec
+
+ Workgroup Master
+ --------- -------
+ METRAN TOLTEC</pre></blockquote>
+
+<p>If there is a problem, don't panic! Try to start the
+daemons manually, and check the system output or the debug files at
+<em class="filename">/usr/local/samba/var/log.smb</em><a name="INDEX-134"/><a name="INDEX-135"/><a name="INDEX-136"/> to see if you can determine what happened.
+If you think it might be a more serious problem, skip to <a href="ch12.html">Chapter 12</a> for help on troubleshooting the Samba daemons.</p>
+
+<p>If it worked, congratulations! You now have successfully set up the
+Samba server with a disk share. It's a simple one,
+but we can use it to set up and test the Windows 95/98/Me and
+NT/2000/XP clients in the next chapter. Then we will start making it
+more interesting by adding services such as home directories,
+printers, and security, and by seeing how to integrate the server
+into a larger Windows domain. <a name="INDEX-137"/></p>
+
+
+</div>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/>
+<p><a href="#FNPTR-1">[1]</a> <em class="emphasis">gcc</em> binaries are available for almost
+every modern machine. See <a href="http://www.gnu.org/">http://www.gnu.org/</a> for a list of sites with
+<em class="emphasis">gcc</em> and other GNU software.</p> <a name="FOOTNOTE-2"/> <p><a href="#FNPTR-2">[2]</a> Do
+not confuse this with the Solaris <em class="emphasis">killall</em>
+command, which performs part of the system shutdown sequence!</p>
+<a name="FOOTNOTE-3"/>
+<p><a href="#FNPTR-3">[3]</a> Depending on the version of <em class="emphasis">xinetd</em> you
+have and how it was compiled, you might need to send a USR1 or some
+other signal rather than the HUP signal. Check the manual page for
+<em class="emphasis">xinetd (8)</em> on your system for details.</p>
+<a name="FOOTNOTE-4"/>
+<p><a href="#FNPTR-4">[4]</a> If you did not compile Samba, but instead downloaded a binary,
+check with the documentation for the package to find out where it
+expects the <em class="filename">smb.conf</em> file to be. Or, try running
+the <em class="emphasis">testparm</em> program and look for the location
+of <em class="filename">smb.conf</em> in the first line of output. If
+Samba came preinstalled with your Unix system, an
+<em class="filename">smb.conf</em> file is probably already somewhere on
+your system.</p> <a name="FOOTNOTE-5"/>
+<p><a href="#FNPTR-5">[5]</a> In this book, we cover Darwin Version 6.0 and OS X Version
+10.2.</p> <a name="FOOTNOTE-6"/> <p><a href="#FNPTR-6">[6]</a> With early releases of Samba 2.2, there were reports
+of intermittent errors when starting from <em class="emphasis">inetd</em>.
+We provide this information so that it will be available for later
+releases when the problem will hopefully have been identified and
+corrected.</p> </blockquote>
+
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+</body></html>
diff --git a/docs/htmldocs/using_samba/ch03.html b/docs/htmldocs/using_samba/ch03.html
new file mode 100644
index 00000000000..16e86f4f6df
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch03.html
@@ -0,0 +1,2086 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 3. Configuring Windows Clients</h1>
+
+
+<p><a name="INDEX-1"/><a name="INDEX-2"/>Configuring Windows to use
+your new Samba server is really quite simple. SMB is
+Microsoft's native language for resource sharing on
+a local area network, so much of the installation and setup on the
+Windows client side have been taken care of already.</p>
+
+
+<div class="sect1"><a name="samba2-CHP-3-SECT-1"/>
+
+<h2 class="head1">Windows Networking Concepts</h2>
+
+<p><a name="INDEX-3"/><a name="INDEX-4"/>Windows is different from Unix in
+many ways, including how it supports networking. Before we get into
+the hands-on task of clicking our way through the dialog boxes to
+configure each version of Windows, we need to provide you with a
+common foundation of networking technologies and concepts that apply
+to the entire family of Windows operating systems.</p>
+
+<p>For each Windows version, these are the main issues we will be
+dealing with:</p>
+
+<ul><li>
+<p>Making sure required networking components are installed and bound to
+the network adapter</p>
+</li><li>
+<p>Configuring networking with a valid IP address, netmask and gateway,
+and WINS and DNS name servers</p>
+</li><li>
+<p>Assigning workgroup and computer names</p>
+</li><li>
+<p>Setting the username(s) and password(s)</p>
+</li></ul>
+<p>In addition, some minor issues involving communication and
+coordination between Windows and Unix are different among Windows
+versions.</p>
+
+<p>One can go crazy thinking about the ways in which Unix is different
+from Windows, or the ways in which members of the Windows family are
+different from each other in underlying technology, behavior, or
+appearance. For now let's just focus on their
+similarities and see if we can find some common ground.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-1.1"/>
+
+<h3 class="head2">Components</h3>
+
+<p><a name="INDEX-5"/><a name="INDEX-6"/>Unix
+systems historically have been monolithic in nature, requiring
+recompilation or relinking to create a kernel with a customized
+feature set. However, modern versions have the ability to load or
+unload device drivers or various other operating-system features as
+modules while the system is running, without even needing to reboot.</p>
+
+<p>Windows allows for configuration by installing or uninstalling
+<em class="firstterm">components</em>. As far as networking goes,
+components can be one of three things:<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a></p>
+
+<ul><li>
+<p>Protocols</p>
+</li><li>
+<p>Clients</p>
+</li><li>
+<p>Services</p>
+</li></ul>
+<p>Since Samba works using the TCP/IP protocol, of course
+we'll want to have that installed. In some cases, we
+also will want to find protocols to <em class="emphasis">uninstall</em>.
+For example, if Netware protocol (IPX/SPX) is not required on the
+network, it might as well be removed.</p>
+
+<p><a name="INDEX-7"/><a name="INDEX-8"/>NetBEUI protocol should be removed if
+possible. Having NetBEUI running at the same time as NetBIOS over
+TCP/IP causes the system to look for services under two different
+protocols, only one of which is likely to be in use. When Windows is
+configured with one or more unused protocols, 30-second delays will
+result when Windows tries to communicate with the unused protocol.
+Eventually, it times out and tries another one, until it finds one
+that works. This fruitless searching results in terrible performance.</p>
+
+<p>The other two items in the list, client and service components, are
+pretty much what you'd expect. Client components
+perform tasks related to connecting with network servers, and service
+components are for making the local system into a server of resources
+on the network. In <a href="ch01.html">Chapter 1</a> we told you that SMB
+systems can act as both clients and servers, offering resources on
+the network at the same time they request resources. In accordance
+with that, it is possible to install a component for SMB client
+services and, separately, a service component that allows file and
+printer shares on the local system to be accessible from other
+systems on the network.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-1.1.1"/>
+
+<h3 class="head3">Bindings</h3>
+
+<p><a name="INDEX-9"/><a name="INDEX-10"/><a name="INDEX-11"/>Once
+a networking component is installed, it must be
+<em class="firstterm">bound</em> to a hardware interface, or
+<em class="firstterm">adapter</em>, to be used on the network. At first
+this might seem like an odd complication; however, it is a conceptual
+model that allows the associations between hardware and software to
+be clearly displayed and easily modified through a graphical
+interface.</p>
+
+<p>We will want to make sure that your Windows client has both TCP/IP
+and the client component for SMB networking installed and also that
+it is bound to the network adapter that connects to our Samba
+network, which in most cases will be an Ethernet adapter.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-1.2"/>
+
+<h3 class="head2">IP Address</h3>
+
+<p>Just like any Unix system (or any other system that is using TCP/IP),
+your Windows systems will need an <a name="INDEX-12"/>IP address. If you are using
+<a name="INDEX-13"/>DHCP
+on your network, you can configure Windows to obtain its IP address
+automatically by using a DHCP server. Otherwise, you will need to
+assign a static IP address manually along with a netmask.<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a></p>
+
+<p>If you are on a private network where you have the authority to
+assign your own IP addresses, you can select from addresses in one of
+three ranges:<a name="FNPTR-3"/><a href="#FOOTNOTE-3">[3]</a></p>
+
+<ul><li>
+<p>10.0.0.1 through 10.255.255.254</p>
+</li><li>
+<p>172.16.0.1 through 172.31.255.254</p>
+</li><li>
+<p>192.168.0.1 through 192.168.255.254</p>
+</li></ul>
+<p>These address ranges are reserved for private networks not directly
+connected to the Internet. For more information on using these
+private network addresses, see RFC 1918.</p>
+
+<p>If you're not maintaining your own separate network,
+see your system administrator for some available addresses on your
+network, as well as for the proper netmask to use.</p>
+
+<p>You should also be prepared to enter the IP address of the default
+gateway for the network. In some networks, the default gateway is the
+system or router that connects the LAN to the Internet. In other
+cases, the default gateway connects a subnet into a larger
+departmental or enterprise network.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-1.3"/>
+
+<h3 class="head2">Name Resolution</h3>
+
+<p><a name="INDEX-14"/><a name="INDEX-15"/>Name resolution is the function of
+translating human-friendly hostnames, such as
+<em class="emphasis">hopi</em>, or fully qualified domain names (FQDNs),
+such as <tt class="literal">mixtec.metran.cx</tt>, into IP addresses, such
+as 172.16.1.11 or 172.16.1.7.</p>
+
+<p>Unix systems can perform name resolution using an
+<em class="filename">/etc/hosts</em><a name="INDEX-16"/><a name="INDEX-17"/> file at the minimum, and more commonly can
+also incorporate services such as
+<a name="INDEX-18"/>DNS (Domain Name System)
+and <a name="INDEX-19"/>NIS (Network Information Service).
+Thus, name resolution is not necessarily performed by one isolated
+part of the operating system or one daemon, but is a system that can
+have a number of dispersed parts (although the
+<a name="INDEX-20"/>name
+service switch, with its
+<em class="filename">/etc/nsswitch.conf</em><a name="INDEX-21"/><a name="INDEX-22"/> configuration file, helps to tie them
+together).</p>
+
+<p>Although the specific implementation is different, name resolution in
+Windows is also performed by querying a number of resources, some of
+which are similar (or even identical) to their Unix counterparts.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-1.3.1"/>
+
+<h3 class="head3">Broadcast name resolution</h3>
+
+<p>On the other hand, there is one way in which Windows is not at all
+similar to Unix. If a Windows workstation is set up with no WINS name
+server, it will use the broadcast method of
+<a name="INDEX-23"/><a name="INDEX-24"/>name resolution, as described in <a href="ch01.html">Chapter 1</a>,<a name="FNPTR-4"/><a href="#FOOTNOTE-4">[4]</a> probably resulting in a
+very busy network. And even if you provide name servers for your
+Windows system to use, it might still resort to broadcast name
+resolution if it is unsuccessful at querying the name servers. For
+this reason, we recommend that you provide multiple reliable name
+servers for your Windows computers on the network.</p>
+
+<p>If that weren't enough to get you interested in
+setting up WINS and DNS servers, broadcast name resolution is usually
+limited to working on the local subnet because routers are usually
+configured not to forward broadcast packets to other networks.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-1.3.2"/>
+
+<h3 class="head3">WINS</h3>
+
+<p>We've already told you about WINS in <a href="ch01.html">Chapter 1</a>, and we don't have much more
+to say about it here. WINS can translate simple NetBIOS computer
+names such as <em class="emphasis">huastec</em> or
+<em class="emphasis">navajo</em> into IP addresses, as required on an SMB
+network. Of course, the interesting thing here is that Samba can act
+as a WINS server if you include the line:</p>
+
+<blockquote><pre class="code">wins support = yes</pre></blockquote>
+
+<p>in your Samba server's
+<em class="filename">smb.conf</em><a name="INDEX-25"/><a name="INDEX-26"/> file.
+This can be a good thing, to be sure, and we highly recommend it. Not
+only will you have a reliable WINS server to reduce the number of
+broadcast packets, but you won't need to run Windows
+NT/2000/XP to get it.</p>
+<a name="samba2-CHP-3-NOTE-91"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>One caveat about using Samba as a <a name="INDEX-27"/><a name="INDEX-28"/>WINS server is that Samba (up to Version
+2.2, at least) cannot synchronize with other WINS servers. So if you
+specify a Samba server as your Windows system's WINS
+server, you must be careful not to specify any additional (i.e.,
+secondary) WINS servers. If you do, you are likely to run into
+problems because the servers will not be able to synchronize their
+databases with each other. In Samba's defense, if
+you are using a Samba WINS server (running on a typically reliable
+Unix host), you will probably have little need for a secondary WINS
+server anyway.</p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-1.3.3"/>
+
+<h3 class="head3">LMHOSTS</h3>
+
+<p>All Windows versions support a backup method of name resolution, in
+the form of a file called
+<em class="filename">LMHOSTS</em><a name="INDEX-29"/> <em class="emphasis"><a name="FNPTR-5"/><a href="#FOOTNOTE-5">[5]</a></em>
+that contains a lookup table of computer names and IP addresses. This
+exists for &quot;historical purposes,&quot;
+and is a rather awkward method of name resolution because it requires
+the administrator (i.e., you!) to keep copies of
+<em class="filename">LMHOSTS</em> up to date on every single Windows
+system on the network. To be fully effective,
+<em class="filename">LMHOSTS</em> would have to be updated every time a
+new system were added to (or removed from) the network. Of course,
+there might be ways to automate that process, but a better option
+would be simply to run a WINS name server that is intentionally
+designed to solve that specific problem.</p>
+
+<p>There are perhaps a couple of reasons why you might want to bother
+with <em class="filename">LMHOSTS</em> files. In rare situations, there
+might be no WINS server on the network. Or maybe a WINS server
+exists, but it's unreliable. In both cases, if the
+Windows system has a valid <em class="filename">LMHOSTS</em> file, it can
+help to avoid your network bogging down from those dreaded broadcast
+name queries.</p>
+
+<p>The format of the <em class="filename">LMHOSTS</em> file is simple and
+similar to the <em class="filename">/etc/hosts</em> file with which you
+might be familiar from running Unix systems. Here are the contents of
+a sample <em class="filename">LMHOSTS</em> file:</p>
+
+<blockquote><pre class="code">172.16.1.1 toltec
+172.16.1.2 aztec
+172.16.1.3 mixtec
+172.16.1.4 zapotec
+172.16.1.5 huastec
+172.16.1.6 maya
+172.16.1.7 olmec
+172.16.1.8 chichimec
+172.16.1.11 hopi
+172.16.1.12 zuni
+172.16.1.13 dine
+172.16.1.14 pima
+172.16.1.15 apache
+172.16.1.21 inca
+172.16.1.22 qero</pre></blockquote>
+
+<p>As you can see, the format is like that of
+<em class="filename">/etc/hosts</em>, except that instead of an FQDN
+(e.g., <tt class="literal">toltec.metran.cx</tt>), only a NetBIOS computer
+name (<tt class="literal">toltec</tt>) is given. One way to create an
+<em class="filename">LMHOSTS</em> file for your Windows systems is to copy
+a <em class="filename">/etc/hosts</em> file and edit out the parts you
+don't need. This will work great if your network
+doesn't have a DNS (or NIS) name server and the Unix
+system is dependent on <em class="filename">/etc/hosts</em> for its own
+name service. But if your Unix system is querying a DNS server (which
+is the most frequent case on anything larger than the very smallest
+networks), you would be better advised to look in the DNS
+server's configuration files for your source of
+computer names and IP addresses.</p>
+
+<p>If you do not have administrative access to your
+network's DNS server, you might be able to use tools
+such as <em class="emphasis">nslookup</em><a name="INDEX-30"/>,
+<em class="emphasis">nmap</em><a name="INDEX-31"/>, and
+<em class="emphasis">dig</em><a name="INDEX-32"/> to query the server and obtain the
+information you need.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-1.3.4"/>
+
+<h3 class="head3">DNS</h3>
+
+<p>The <a name="INDEX-33"/><a name="INDEX-34"/>DNS
+is responsible for translating human-readable, Internet-style
+hostnames such as <tt class="literal">pima.metran.cx</tt> or
+<tt class="literal">sales.oreilly.com</tt> into IP addresses.</p>
+
+<p>On your first reading of this section, you might be wondering what a
+section on DNS is doing in a book about NetBIOS and SMB networking.
+Remember, we told you that Windows can use more than WINS (NetBIOS
+Name Service) in its strategy for performing name resolution. Because
+DNS is also able to supply IP addresses for simple hostnames (which
+are usually the same as NetBIOS computer names), it can be helpful to
+configure Windows to know about a DNS server on your network. This is
+slightly more important for newer Windows versions than older ones,
+and more so for Windows NT/2000/XP than for Windows 95/98/Me, because
+nowadays Microsoft is focusing more on TCP/IP as the standard
+protocol and DNS as the primary name service.</p>
+
+<p>To find the address of your DNS server, look at the file
+<em class="emphasis">/etc/resolv.conf</em><a name="INDEX-35"/><a name="INDEX-36"/> on your Samba server or any other Unix
+system on the local network that is using DNS. It looks like the
+following:</p>
+
+<blockquote><pre class="code">#resolv.conf
+domain metran.cx
+nameserver 127.0.0.1
+nameserver 172.16.1.53</pre></blockquote>
+
+<p>In this example, the first name server in the list is 127.0.0.1,
+which indicates that the Samba server is also a DNS server for this
+LAN.<a name="FNPTR-6"/><a href="#FOOTNOTE-6">[6]</a> In that case, you would use its network IP
+address (not <a name="INDEX-37"/><a name="INDEX-38"/>127.0.0.1, its localhost address)
+for your DNS server when configuring Windows. Otherwise, use the
+other addresses you find in the lines beginning with
+<tt class="literal">nameserver</tt>. Try to select ones on your own
+network. Any name servers listed in
+<em class="emphasis">/etc/resolv.conf</em> should work, but
+you'll get better performance by using a server
+nearby.</p>
+
+<p>All versions of Windows can be configured to know of multiple domain
+name servers, and you might wish to take advantage of this for
+increased reliability. If the first domain name server does not
+respond, Windows can try others in its list.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-1.3.5"/>
+
+<h3 class="head3"><em class="filename">HOSTS</em></h3>
+
+<p>Similar to how the <em class="filename">LMHOSTS</em> file can be added to
+supplement WINS, the
+<em class="filename">HOSTS</em><a name="INDEX-39"/> file on a Windows system can be optionally
+added to supplement DNS name resolution. Most of our comments
+regarding <em class="filename">LMHOSTS</em> also apply here.</p>
+
+<p>This time the format of the file is not just similar to that of
+<em class="filename">/etc/hosts</em> found on Unix&mdash;the format is
+<em class="emphasis">exactly</em> the same. You can simply copy
+<em class="filename">/etc/hosts</em> from your Samba server or other Unix
+system to the proper directory on your Windows system.</p>
+
+<p>On Windows 95/98/Me, the <em class="filename">HOSTS</em> file goes in the
+Windows installation directory, which is usually
+<em class="filename">C:\Windows</em>. Note that a file called
+<em class="filename">hosts.sam</em><a name="INDEX-40"/> is already there, which is a sample
+<em class="filename">HOSTS</em> file provided by Microsoft.</p>
+
+<p>On Windows NT/2000/XP, the <em class="filename">HOSTS</em> file goes in
+the <em class="filename">\system32\drivers\etc</em> directory under the
+Windows installation directory, which is usually
+<em class="filename">C:\WINNT</em>.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-1.4"/>
+
+<h3 class="head2">Passwords</h3>
+
+<p><a name="INDEX-41"/><a name="INDEX-42"/><a name="INDEX-43"/>Unix systems use
+username and password pairs to authenticate users either on a local
+system or in an NIS domain. Windows NT/2000/XP are very similar; a
+user supplies his username and password to log on to the local system
+or to a Windows domain.</p>
+
+<p>When the SMB network is set up as a workgroup, things are different.
+There is no domain to log on to, although shares on the network can
+be password-protected. In this case, one password is associated with
+each password-protected share, rather than with individual users.</p>
+
+<p>Samba's default user-level
+<a name="INDEX-44"/>authentication in a workgroup is
+different from that of Windows. To access shares on the Samba host,
+users are required to supply a valid username and password for an
+account on the Samba host. This will be discussed in more detail in
+<a href="ch09.html">Chapter 9</a>.</p>
+
+<p><a name="INDEX-45"/>An unfortunate
+complication arises with passwords. In the first release of Windows
+95 and in Windows NT 4.0 with Service Pack 2 (SP2) or less, as well
+as in all previous versions of Windows, passwords are allowed to be
+sent over the network in plain text. But in Windows 95 with the
+network redirector update,<a name="FNPTR-7"/><a href="#FOOTNOTE-7">[7]</a></p>
+
+<p>Windows NT 4.0 SP3 or later, and all subsequent releases of Windows,
+a registry setting must be <a name="INDEX-46"/><a name="INDEX-47"/><a name="INDEX-48"/>modified to enable plain-text
+passwords. These more modern versions of Windows prefer to send
+encrypted passwords, and if you are working with one of them (and
+don't want to have to modify the registry), you must
+have the line:</p>
+
+<blockquote><pre class="code">encrypt passwords = yes</pre></blockquote>
+
+<p>in the <tt class="literal">[global]</tt> section of your
+<em class="filename">smb.conf</em><a name="INDEX-49"/><a name="INDEX-50"/> file. In addition, you must run the
+command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbpasswd -a <em class="replaceable">username</em></b></tt></pre></blockquote>
+
+<p>for each user on the Samba host to add their passwords to
+Samba's collection of encrypted passwords. We showed
+you how to do this in <a href="ch02.html">Chapter 2</a>.</p>
+
+<p>If your first attempt to access a Samba share results in a dialog box
+asking for a password for
+<tt class="literal">IPC$</tt><a name="INDEX-51"/><a name="INDEX-52"/>, as shown in <a href="ch03.html#samba2-CHP-3-FIG-1">Figure 3-1</a>, it is probably because you neglected either
+or both of these two steps, and the Samba server did not recognize
+the encrypted password that the Windows system sent to it. Another
+possible dialog box that might come up is the one shown in <a href="ch03.html#samba2-CHP-3-FIG-2">Figure 3-2</a>, which was presented by a Windows 2000 client.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-1"/><img src="figs/sam2_0301.gif"/></div><h4 class="head4">Figure 3-1. Windows 98 asking for IPC$ password</h4>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-2"/><img src="figs/sam2_0302.gif"/></div><h4 class="head4">Figure 3-2. Windows 2000 logon error dialog</h4>
+
+<p>The rest of this chapter is divided into four sections. The first
+section covers setting up Windows 95/98/Me computers, and the rest of
+the sections cover Windows NT 4.0, Windows 2000, and Windows XP
+individually. Each section roughly parallels the order in which
+we've introduced networking concepts in this
+section. You need to read only the section that applies to the
+Windows version with which you are working, and once you have
+finished reading it, you can continue at the beginning of the next
+chapter where we will start covering more advanced Samba features and
+networking issues.</p>
+
+<a name="samba2-CHP-3-NOTE-92"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Keep in mind that we are continuing our example from <a href="ch02.html">Chapter 2</a>, in which we are setting up a very simple
+prototype network using a workgroup that has very lax security. After
+you have the basics working, we recommend you continue with later
+chapters to learn how to implement both better security and a Samba
+domain. <a name="INDEX-53"/></p>
+</blockquote>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-3-SECT-2"/>
+
+<h2 class="head1">Setting Up Windows 95/98/Me Computers</h2>
+
+<p>The <a name="INDEX-54"/>Windows 95/98/Me operating systems are very
+similar to each other, and as far as this chapter is concerned, it is
+possible to treat them with a common set of directions.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-2.1"/>
+
+<h3 class="head2">Setting Up the Network</h3>
+
+<p>Samba uses TCP/IP to communicate with clients on the network, so you
+will need to make sure there is support for TCP/IP on each Windows
+client. Unlike Unix operating systems, Windows does not necessarily
+have support for TCP/IP installed. However, when Windows is installed
+on a computer with a network card or a network card is added to a
+system already running Windows, TCP/IP support is installed by
+default, along with the Client for Microsoft Networks, which supports
+SMB file and printer sharing.</p>
+
+<p>To make sure both services are installed on your Windows system,
+double-click the Network icon in the Control Panel to open the
+Network dialog box, as shown in <a href="ch03.html#samba2-CHP-3-FIG-3">Figure 3-3</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-3"/><img src="figs/sam2_0303.gif"/></div><h4 class="head4">Figure 3-3. The Windows 95/98/Me Network dialog</h4>
+
+<p>You should see at least the Client for Microsoft Networks component
+installed on the system, and hopefully a networking device
+(preferably an Ethernet card) bound to the TCP/IP protocol. If there
+is only one networking hardware device, you'll see
+the TCP/IP protocol listed below the device to which it is bound, as
+shown in <a href="ch03.html#samba2-CHP-3-FIG-1">Figure 3-1</a>.</p>
+
+<p>You might also see &quot;File and printer sharing for
+Microsoft Networks,&quot; which is used to make the
+system into a server. In addition, you might see NetBEUI or Novell
+Networking. Definitely remove NetBEUI unless you are sure you need
+it, and if you don't have any Novell servers on your
+network, you can remove Novell (IPX/SPX) as well. To remove a
+service, simply click its name and then click the Remove button.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-2.1.1"/>
+
+<h3 class="head3">Adding TCP/IP</h3>
+
+<p><a name="INDEX-55"/><a name="INDEX-56"/>If
+you don't see TCP/IP listed, you'll
+need to install the protocol.</p>
+
+<p>You can add the protocol by inserting the Windows distribution CD-ROM
+in your CD-ROM drive and clicking the Add button below the component
+window. Indicate that you wish to add a protocol by selecting
+Protocol and clicking &quot;Add...&quot; on
+the following dialog box, which should look similar to <a href="ch03.html#samba2-CHP-3-FIG-4">Figure 3-4</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-4"/><img src="figs/sam2_0304.gif"/></div><h4 class="head4">Figure 3-4. Selecting a component type</h4>
+
+<p>After that, select manufacturer Microsoft, then protocol TCP/IP, as
+shown in <a href="ch03.html#samba2-CHP-3-FIG-3">Figure 3-3</a>, then click OK. After doing so,
+you will be returned to the network dialog. Click OK to close the
+dialog box, and Windows will install the necessary components from
+the CD-ROM and request that the system be rebooted. Go ahead and
+reboot the system, and you're set.</p>
+
+<p>If Client for Microsoft Networks is not in the list, you can add it
+similarly. The only significant difference is that you are adding a
+client instead of a protocol, so make sure to select
+&quot;Client&quot; rather than
+&quot;Protocol&quot; when asked.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-2.1.2"/>
+
+<h3 class="head3">Configuring TCP/IP</h3>
+
+<p><a name="INDEX-57"/><a name="INDEX-58"/>If you have more than one networking
+device (for example, both an Ethernet card and a modem for dial-up
+networking), the protocol to hardware bindings will be indicated by
+arrows, as shown in <a href="ch03.html#samba2-CHP-3-FIG-5">Figure 3-5</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-5"/><img src="figs/sam2_0305.gif"/></div><h4 class="head4">Figure 3-5. Selecting a protocol to install</h4>
+
+<p>Select the TCP/IP protocol linked to the networking device that will
+be accessing the Samba network. If you have only one networking
+device, simply click the TCP/IP item. Now click the Properties button
+to open the TCP/IP Properties dialog. You should see something
+similar to <a href="ch03.html#samba2-CHP-3-FIG-6">Figure 3-6</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-6"/><img src="figs/sam2_0306.gif"/></div><h4 class="head4">Figure 3-6. Selecting the correct TCP/IP protocol</h4>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-2.1.3"/>
+
+<h3 class="head3">IP Address tab</h3>
+
+<p><a name="INDEX-59"/><a name="INDEX-60"/>The
+IP Address tab is shown in <a href="ch03.html#samba2-CHP-3-FIG-7">Figure 3-7</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-7"/><img src="figs/sam2_0307.gif"/></div><h4 class="head4">Figure 3-7. The IP Address tab</h4>
+
+<p>If you use DHCP on your network to provide IP addresses automatically
+to Windows systems, select the &quot;Obtain an IP address
+automatically&quot; radio button. Otherwise, click the
+&quot;Specify an IP address&quot; radio
+button and enter the client's address and subnet
+mask in the space provided. You or your network manager should have
+selected an address for the client on the same subnet (LAN) as the
+Samba server.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-2.1.4"/>
+
+<h3 class="head3">WINS Configuration tab</h3>
+
+<p><a name="INDEX-61"/><a name="INDEX-62"/>If you've
+enabled WINS on Samba or are choosing to make use of another WINS
+server on your network, you must tell Windows the
+server's address. After selecting the WINS
+Configuration tab, you will see the dialog box shown in <a href="ch03.html#samba2-CHP-3-FIG-8">Figure 3-8</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-8"/><img src="figs/sam2_0308.gif"/></div><h4 class="head4">Figure 3-8. The WINS Configuration tab</h4>
+
+<p>This is for Windows 98/Me; Windows 95 is just a little different,
+having separate spaces for the primary and backup WINS server IP
+addresses.</p>
+
+<p>Select the &quot;Enable WINS Resolution&quot;
+radio button, and enter the WINS server's address in
+the space provided, then click the Add button. Do not enter anything
+in the Scope ID field.</p>
+<a name="samba2-CHP-3-NOTE-93"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>A bug in Windows 95/98 sometimes causes the IP address of the WINS
+server to disappear after the OK button is clicked. This happens only
+when only a primary WINS server has been specified. The workaround is
+to fill in the fields for both primary and secondary WINS servers,
+using the same IP address for each.</p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-2.1.5"/>
+
+<h3 class="head3">DNS Configuration tab</h3>
+
+<p><a name="INDEX-63"/><a name="INDEX-64"/>Unless you are using DHCP, you
+will need to provide the IP address of one or more DNS servers. Click
+the DNS tab, then click the &quot;Enable
+DNS&quot; radio button, and type the IP address of one or
+more DNS servers into the appropriate field, shown in <a href="ch03.html#samba2-CHP-3-FIG-9">Figure 3-9</a>, to add the server's address
+to the top DNS Server Search Order field.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-9"/><img src="figs/sam2_0309.gif"/></div><h4 class="head4">Figure 3-9. The DNS Configuration tab</h4>
+
+<p>Also, provide the hostname (which is the same as the NetBIOS computer
+name) of the Windows 95/98/Me computer and your Internet domain. (You
+will need to enter the computer name again later, along with the
+workgroup. Make sure to enter the same name each time.) You can
+safely ignore the Domain Suffix Search Order field for anything
+related to Samba.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-2.1.6"/>
+
+<h3 class="head3">LMHOSTS file</h3>
+
+<p><a name="INDEX-65"/><a name="INDEX-66"/>If
+you want to install an <em class="filename">LMHOSTS</em> file, it must be
+placed in your Windows installation directory (usually
+<em class="filename">C:\Windows</em>). In the same directory, Microsoft
+has provided a sample <em class="filename">LMHOSTS</em> file named
+<em class="filename">lmhosts.sam</em>, which you might want to look at for
+further information on the file's format.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-2.1.7"/>
+
+<h3 class="head3">NetBIOS tab</h3>
+
+<p><a name="INDEX-67"/><a name="INDEX-68"/>This tab
+appears in Windows 98/Me, but not in Windows 95. All you need to do
+here is make sure the checkbox is checked, enabling NetBIOS over
+TCP/IP. If TCP/IP is your only protocol installed (as we recommended
+earlier), the selection will be grayed out, with the box checked so
+that you couldn't uncheck it even if you wanted to.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-2.1.8"/>
+
+<h3 class="head3">Bindings tab</h3>
+
+<p><a name="INDEX-69"/><a name="INDEX-70"/>The
+final tab to look at is Bindings, as shown in <a href="ch03.html#samba2-CHP-3-FIG-10">Figure 3-10</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-10"/><img src="figs/sam2_0310.gif"/></div><h4 class="head4">Figure 3-10. The Bindings tab</h4>
+
+<p>You should have a check beside Client for Microsoft Networks,
+indicating that it's using TCP/IP. If you have
+&quot;File and printer sharing for Microsoft
+Networks&quot; in the dialog, it should also be checked,
+as shown in <a href="ch03.html#samba2-CHP-3-FIG-10">Figure 3-10</a>.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-2.2"/>
+
+<h3 class="head2">Setting the Computer Name and Workgroup</h3>
+
+<p><a name="INDEX-71"/><a name="INDEX-72"/><a name="INDEX-73"/><a name="INDEX-74"/>Finally, click the OK button in the
+TCP/IP configuration dialog, and you'll be taken
+back to the Network Configuration dialog. Then select the
+Identification tab, which will take you to the dialog box shown in
+<a href="ch03.html#samba2-CHP-3-FIG-11">Figure 3-11</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-11"/><img src="figs/sam2_0311.gif"/></div><h4 class="head4">Figure 3-11. The Identification tab</h4>
+
+<p>This is where you set your system's NetBIOS name
+(which Microsoft likes to call &quot;computer
+name&quot;). Usually, it is best to make this the same as
+your DNS hostname, if you are going to have one for this system. For
+example, if the system's DNS name is
+<tt class="literal">huastec.metran.cx</tt>, give the computer a NetBIOS
+name of <tt class="literal">huastec</tt> on this tab.</p>
+
+<p>You also set your workgroup name here. In our case,
+it's METRAN, but if you used a different one in
+<a href="ch02.html">Chapter 2</a>, when creating the Samba configuration
+file, use that instead. Just don't call it WORKGROUP
+(the default workgroup name) or you'll be in the
+same workgroup as every misconfigured Windows computer on the planet!</p>
+
+<p>You can also enter a comment string for this computer. See if you can
+come up with some way of describing it that will remind you of what
+and where it is when you see the comment in a list displayed on
+another computer. Everyone on the network will be able to see your
+comment, so be careful not to include any information that might be
+useful to crackers.</p>
+
+<p>Finally, click the OK button and follow whatever instructions Windows
+provides. (You might have to insert your Windows distribution CD-ROM
+and/or reboot.)</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-2.3"/>
+
+<h3 class="head2">Username and Password</h3>
+
+<p><a name="INDEX-75"/><a name="INDEX-76"/><a name="INDEX-77"/>You have probably already given
+Windows a username and password by now. However, to authenticate with
+the Samba server, your Windows username and password must match with
+a valid account on the Samba server.</p>
+
+<p>It is simple to add a new user and password to a Windows 95/98/Me
+system. Just reboot or log out, and when you are prompted for a
+username and password, enter your Unix username and password. (If you
+are using encrypted passwords, you must run
+<em class="emphasis">smbpasswd</em> on the Unix host to enter them into
+Samba's password database, if you have not already
+done so.) You can use this method to add as many users as you want,
+so as to allow more than one user to use the Windows system to gain
+access to the Samba shares.</p>
+
+<p>If you mistakenly entered the wrong password or your Unix password
+changes, you can change your password on the Windows system by going
+to the Control Panel and double-clicking the Passwords icon. This
+will bring up the Passwords Properties dialog. Click the Change
+Passwords tab, and you will see the dialog shown in <a href="ch03.html#samba2-CHP-3-FIG-12">Figure 3-12</a>. Now click the &quot;Change
+Windows Password...&quot; button, which will bring up the
+Change Windows Password dialog box, shown in <a href="ch03.html#samba2-CHP-3-FIG-13">Figure 3-13</a>. As indicated by the text entry fields in the
+dialog, enter your old password, and then the new password, and again
+to confirm it. Click the OK button and then the Close button on the
+Password Properties dialog box. Reboot or log out, and use your new
+password when you log in again.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-12"/><img src="figs/sam2_0312.gif"/></div><h4 class="head4">Figure 3-12. The Password Properties dialog</h4>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-13"/><img src="figs/sam2_0313.gif"/></div><h4 class="head4">Figure 3-13. The Change Windows Password dialog</h4>
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-2.3.1"/>
+
+<h3 class="head3">Logging in for the first time</h3>
+
+<p>If you don't have a Change Passwords tab in the
+Passwords Properties window, it is because networking is not fully
+set up yet. Assuming you've followed all the
+directions given so far, you just need to reboot; when the system
+comes up, it will ask you to log in with a username and a password.</p>
+
+<p>Now for the big moment. Your Samba server is running, and you have
+set up your Windows 95/98/Me client to communicate with it.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-2.3.2"/>
+
+<h3 class="head3">Accessing the Samba Server from Windows 95/98</h3>
+
+<p><a name="INDEX-78"/><a name="INDEX-79"/>Double-click the Network Neighborhood
+icon on the desktop. You should see your Samba server listed as a
+member of the workgroup, as shown in <a href="ch03.html#samba2-CHP-3-FIG-14">Figure 3-14</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-14"/><img src="figs/sam2_0314.gif"/></div><h4 class="head4">Figure 3-14. Windows 95/98 Network Neighborhood</h4>
+
+<p>Double-clicking the server name will show the resources that the
+server is offering to the network, as shown in <a href="ch03.html#samba2-CHP-3-FIG-15">Figure 3-15</a> (in this case, the <em class="emphasis">test</em>
+directory).</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-15"/><img src="figs/sam2_0315.gif"/></div><h4 class="head4">Figure 3-15. The test shared folder on the Toltec server</h4>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-2.3.3"/>
+
+<h3 class="head3">Accessing the Samba Server from Windows Me</h3>
+
+<p>Double-click the My Network Places icon on the desktop. You should
+see the test shared directory as shown in <a href="ch03.html#samba2-CHP-3-FIG-16">Figure 3-16</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-16"/><img src="figs/sam2_0316.gif"/></div><h4 class="head4">Figure 3-16. My Network Places on Windows Me</h4>
+
+<p>Double-click the Entire Network icon, and you should see an icon for
+your workgroup, as shown in <a href="ch03.html#samba2-CHP-3-FIG-17">Figure 3-17</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-17"/><img src="figs/sam2_0317.gif"/></div><h4 class="head4">Figure 3-17. Entire Network window, showing the Metran workgroup</h4>
+
+<p>Double-clicking the workgroup icon will bring up a window showing
+every computer in the workgroup, which should include your Samba
+server, as shown in <a href="ch03.html#samba2-CHP-3-FIG-18">Figure 3-18</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-18"/><img src="figs/sam2_0318.gif"/></div><h4 class="head4">Figure 3-18. Computers in Metran workgroup</h4>
+
+<p>Double-click the Samba server's icon, and you will
+get a window showing its shared resources (in this case, the test
+directory) as shown in <a href="ch03.html#samba2-CHP-3-FIG-19">Figure 3-19</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-19"/><img src="figs/sam2_0319.gif"/></div><h4 class="head4">Figure 3-19. View of shares on the Toltec server</h4>
+
+<p>If you don't see the server listed, it might be that
+browsing is not working correctly or maybe the server is just taking
+a few minutes to show up in the browse list. In either case, you can
+click the Start button, then select
+&quot;Run...&quot;. This will give you a
+dialog box into which you can type the name of your server and the
+share name <em class="emphasis">test</em> in the Windows UNC format
+<em class="filename">\\</em><em class="replaceable">server</em><em class="filename">\test</em>,
+as we did in <a href="ch01.html">Chapter 1</a>. This should open a window
+on the desktop showing the contents of the folder. If this does not
+work, there is likely a problem with name resolution, and you can try
+using the server's IP address instead of its
+computer name, like this:</p>
+
+<blockquote><pre class="code">\\172.16.1.1\test</pre></blockquote>
+
+<p>If things still aren't right, go directly to <a href="ch12.html#samba2-CHP-12-SECT-2">Section 12.2</a> to troubleshoot what is wrong
+with the network.</p>
+
+<p>If it works, congratulations! Try copying files to and from the
+server using the Windows drag-and-drop functionality. You might be
+pleasantly surprised how seamlessly everything works. <a name="INDEX-80"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-3-SECT-3"/>
+
+<h2 class="head1">Setting Up Windows NT 4.0 Computers</h2>
+
+<p>Configuring <a name="INDEX-81"/>Windows NT
+is a little different than configuring Windows 95/98/Me. To use Samba
+with Windows NT, you will need both the Workstation service and the
+TCP/IP protocol. Both come standard with NT, but
+we'll work through installing and configuring them
+to make sure they are configured correctly.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-3.1"/>
+
+<h3 class="head2">Basic Configuration</h3>
+
+<p><a name="INDEX-82"/>This section presents the steps
+to follow for TCP/IP-related configuration on Windows NT to get it to
+cooperate with Samba. If you need more details on Windows NT network
+administration, refer to Craig <a name="INDEX-83"/>Hunt and Robert Bruce
+<a name="INDEX-84"/>Thompson's
+<em class="citetitle">Windows NT TCP/IP Network Administration
+</em>(O'Reilly), an excellent guide.</p>
+
+<p>You should perform the following steps as the
+<tt class="literal">Administrator</tt> or another user in the
+<tt class="literal">Administrators</tt> group.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-3.1.1"/>
+
+<h3 class="head3">Installing the TCP/IP protocol</h3>
+
+<p><a name="INDEX-85"/><a name="INDEX-86"/>From
+the Control Panel, double-click the Network icon, click the Protocols
+tab in the Network dialog box, and look to see if you have the TCP/IP
+protocol installed, as shown in <a href="ch03.html#samba2-CHP-3-FIG-20">Figure 3-20</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-20"/><img src="figs/sam2_0320.gif"/></div><h4 class="head4">Figure 3-20. The Protocols tab</h4>
+
+<p>If the protocol is not installed, you need to add it. Click the Add
+button, which will display the Select Network Protocol dialog box
+shown in <a href="ch03.html#samba2-CHP-3-FIG-21">Figure 3-21</a>. You should immediately see the
+TCP/IP protocol as one of the last protocols listed.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-21"/><img src="figs/sam2_0321.gif"/></div><h4 class="head4">Figure 3-21. Select Network Protocol dialog box</h4>
+
+<p>Select TCP/IP as the protocol and confirm it. If
+possible, install only the TCP/IP protocol. If you see anything other
+than TCP/IP listed in the Protocols tab and it is not a protocol that
+you need, you can remove it. If you try to remove a protocol and get
+an error message saying that the protocol is being used by another
+service, you need to click the Services tab and remove that service
+before you can remove the protocol. For example, to remove the NWLink
+IPX/SPX Compatible Transport protocol, you would need to remove the
+Client Service for Netware first.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-3.1.2"/>
+
+<h3 class="head3">Installing the Workstation service</h3>
+
+<p><a name="INDEX-87"/><a name="INDEX-88"/>After installing TCP/IP, click the
+Services tab in the Network dialog, and check that you have a
+Workstation service, as shown at the end of the list in <a href="ch03.html#samba2-CHP-3-FIG-22">Figure 3-22</a>.<a name="FNPTR-8"/><a href="#FOOTNOTE-8">[8]</a></p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-22"/><img src="figs/sam2_0322.gif"/></div><h4 class="head4">Figure 3-22. Network Services tab</h4>
+
+<p>This service is actually the Microsoft Networking Client, which
+allows the computer to access SMB services. The Workstation service
+is mandatory. The service is installed by default on both Windows NT
+Workstation 4.0 and NT Server 4.0. If it's not
+there, you can install it much like TCP/IP. In this case you need to
+click the Add button and then select Workstation Service, as shown in
+<a href="ch03.html#samba2-CHP-3-FIG-23">Figure 3-23</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-23"/><img src="figs/sam2_0323.gif"/></div><h4 class="head4">Figure 3-23. Select Network Service dialog box</h4>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-3.1.3"/>
+
+<h3 class="head3">Configuring TCP/IP</h3>
+
+<p><a name="INDEX-89"/><a name="INDEX-90"/>After you've installed
+the Workstation service, return to the Protocols tab and select the
+TCP/IP Protocol entry in the window. Then click the Properties button
+below the window. The Microsoft TCP/IP Protocol dialog will be
+displayed. There are five tabs in the dialog, and you will need to
+work with four of them:</p>
+
+<ul><li>
+<p>IP Address</p>
+</li><li>
+<p>WINS Address</p>
+</li><li>
+<p>DNS</p>
+</li><li>
+<p>Bindings</p>
+</li></ul>
+
+<div class="sect4"><a name="samba2-CHP-3-SECT-3.1.1.1"/>
+
+<h4 class="head4">IP Address tab</h4>
+
+<p><a name="INDEX-91"/><a name="INDEX-92"/>The IP
+Address tab is shown in <a href="ch03.html#samba2-CHP-3-FIG-24">Figure 3-24</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-24"/><img src="figs/sam2_0324.gif"/></div><h4 class="head4">Figure 3-24. Microsoft TCP/IP Properties dialog for Windows NT</h4>
+
+<p>Select the &quot;Specify an IP address&quot;
+radio button, and enter the computer's IP address
+and netmask in the space provided for the proper adapter (Ethernet
+card). You or your network manager should have selected an address
+for the client on the same subnet (LAN) as the Samba server. For
+example, if the server's address is 172.16.1.1 and
+its network mask is 255.255.255.0, you might use the address
+172.16.1.13 (if it is available) for the NT workstation, along with
+the same netmask. If you use DHCP on your network, select the
+&quot;Obtain an IP Address from a DHCP
+server&quot; button instead.</p>
+
+<p>The gateway field refers to a system typically known as a
+<em class="emphasis">router</em>. If you have routers connecting multiple
+networks, you should enter the IP address of the one on your subnet.
+In our example, the gateway happens to be the same system as the
+Samba server, but they do not by any means have to be the same.</p>
+
+
+</div>
+
+
+
+<div class="sect4"><a name="samba2-CHP-3-SECT-3.1.1.2"/>
+
+<h4 class="head4">WINS Address tab</h4>
+
+<p><a name="INDEX-93"/><a name="INDEX-94"/>Click the
+WINS Address tab, shown in <a href="ch03.html#samba2-CHP-3-FIG-25">Figure 3-25</a>, and you can
+begin to enter information about name servers. Enter the address of
+your WINS server in the space labeled Primary WINS Server. If your
+Samba server is providing WINS service (in other words, you have the
+line <tt class="literal">wins</tt> <tt class="literal">support</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> in the
+<em class="emphasis">smb.conf</em> file of your Samba server), provide the
+Samba server's IP address here. Otherwise, provide
+the address of another WINS server on your network.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-25"/><img src="figs/sam2_0325.gif"/></div><h4 class="head4">Figure 3-25. The WINS Address tab</h4>
+
+<p>You probably noticed that there is a field here for the network
+adapter. This field must specify the Ethernet adapter on which
+you're running TCP/IP so that WINS will provide name
+service on the correct network. For example, if you have both a LAN
+and a dial-up adapter, make sure you have the LAN's
+network card specified here.</p>
+
+<p>The checkboxes in the lower half of the dialog are for enabling two
+other methods of name resolution that Windows can incorporate into
+its name service. Samba doesn't require either of
+them, but you might want to enable them to increase the reliability
+or functionality of name service for your client. See <a href="ch07.html">Chapter 7</a> for further information on name resolution
+issues.</p>
+
+<p>If you'd like to use a DNS server, select the Enable
+DNS for Windows Resolution checkbox. In addition, you will need to do
+some configuration to allow the Windows system to find the DNS
+server, unless you're using DHCP.</p>
+
+
+</div>
+
+
+
+<div class="sect4"><a name="samba2-CHP-3-SECT-3.1.1.3"/>
+
+<h4 class="head4">DNS tab</h4>
+
+<p><a name="INDEX-95"/><a name="INDEX-96"/>Click
+the tab for DNS, as shown in <a href="ch03.html#samba2-CHP-3-FIG-26">Figure 3-26</a>. Enter the
+IP addresses for one or more DNS servers in the space provided. Also,
+enter the hostname (which should be the same as the NetBIOS computer
+name). You will enter this again later in another control panel, so
+make sure they match. Finally, enter the DNS domain on which this
+system resides. For example, if your workstation has a domain name
+such as <em class="emphasis">metran.cx</em>, enter it here. You can safely
+ignore the other options.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-26"/><img src="figs/sam2_0326.gif"/></div><h4 class="head4">Figure 3-26. The DNS tab</h4>
+
+
+</div>
+
+
+
+<div class="sect4"><a name="samba2-CHP-3-SECT-3.1.1.4"/>
+
+<h4 class="head4">The LMHOSTS file</h4>
+
+<p>If you want to install an
+<em class="filename">LMHOSTS</em><a name="INDEX-97"/><a name="INDEX-98"/> file, it
+must be placed in the directory
+<em class="filename">\system32\drivers\etc</em> under your Windows
+installation directory (usually <em class="filename">C:\WINNT</em>). The
+easy way to make sure it gets to the proper location is to use the
+Import LMHOSTS button on the WINS Address tab. (But if you want to do
+it over the network, you will have to do that after file sharing is
+configured!) Remember to click the Enable LMHOSTS Lookup checkbox on
+the WINS Address tab to enable this functionality.</p>
+
+<p>When you are satisfied with your settings for IP Address, WINS
+Address, and DNS, click OK to return to the Network dialog box.</p>
+
+
+</div>
+
+
+
+<div class="sect4"><a name="samba2-CHP-3-SECT-3.1.1.5"/>
+
+<h4 class="head4">Bindings</h4>
+
+<p><a name="INDEX-99"/><a name="INDEX-100"/>Now click the
+Bindings tab, and check the bindings of network hardware, services,
+and protocols. Set the &quot;Show Bindings
+for&quot; field to &quot;all
+services,&quot; and click all the + buttons in the tree.
+You should see a display similar to <a href="ch03.html#samba2-CHP-3-FIG-27">Figure 3-27</a>,
+which shows that the NetBIOS, Server, and Workstation interface
+services are connected to the WINS client running TCP/IP protocol,
+and that the WINS client is bound to the Ethernet adapter of the
+local area network.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-27"/><img src="figs/sam2_0327.gif"/></div><h4 class="head4">Figure 3-27. The Bindings tab</h4>
+
+<p>You can safely leave the default values for the remainder of the tabs
+in the Network dialog box. Click the OK button to complete the
+configuration. Once the proper files are loaded (if any), you might
+need to reboot for your changes to take effect.</p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-3.2"/>
+
+<h3 class="head2">Computer Name and Workgroup</h3>
+
+<p><a name="INDEX-101"/><a name="INDEX-102"/><a name="INDEX-103"/><a name="INDEX-104"/>The next
+thing you need to do is to give the system a NetBIOS computer name.
+From the Control Panel, double-click the Network icon to open the
+Network dialog box. The first tab in this dialog box should be the
+Identification tab, as illustrated in <a href="ch03.html#samba2-CHP-3-FIG-28">Figure 3-28</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-28"/><img src="figs/sam2_0328.gif"/></div><h4 class="head4">Figure 3-28. The Identification tab</h4>
+
+<p>Here, you need to identify your computer with a name and change the
+default workgroup to the one you specified in the
+<em class="emphasis">smb.conf</em> file of your Samba server. Click the
+Change button below the two text fields. This will open an
+Identification Changes dialog box, where you can set the workgroup
+and the computer name, as shown in <a href="ch03.html#samba2-CHP-3-FIG-29">Figure 3-29</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-29"/><img src="figs/sam2_0329.gif"/></div><h4 class="head4">Figure 3-29. The Identification Changes dialog</h4>
+<a name="samba2-CHP-3-NOTE-94"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>You entered the computer name earlier as a DNS hostname while
+configuring TCP/IP, so be sure that the two names match. The name you
+set here is the NetBIOS name. You're allowed to make
+it different from the TCP/IP hostname, but doing so is usually not a
+good idea. Don't worry that Windows NT forces the
+computer name and the workgroup to be all capital letters;
+it's smart enough to figure out what you mean when
+it connects to the network.</p>
+</blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-3.3"/>
+
+<h3 class="head2">Adding a User</h3>
+
+<p><a name="INDEX-105"/><a name="INDEX-106"/>In all
+the previous steps, you were logged into your Windows NT system as
+<tt class="literal">Administrator</tt> or another user in the
+<tt class="literal">Administrators</tt> group. To access resources on the
+Samba server, you will need to have a username and password that the
+Samba server recognizes as valid. Generally, the best way to do this
+is to add a user to your NT system, with the same username and
+password as a user on the Samba host system.</p>
+
+<a name="samba2-CHP-3-NOTE-95"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>The directions in this section assume that your network is set up as
+a workgroup. If you have already set up your network as a domain, as
+we describe in <a href="ch04.html">Chapter 4</a>, you do not need to
+follow the instructions here for adding a local user on the Windows
+NT client system. Simply log on to the domain from the client using a
+username and password in Samba's
+<em class="filename">smbpasswd</em> account database, and continue with
+the next section, <a href="ch03.html#samba2-CHP-3-SECT-3.4">Section 3.3.4</a>.</p>
+</blockquote>
+
+<p>To add a new user, open the Start menu, navigate through the Programs
+submenu to Administrative Tools (Common), and select User Manager for
+Domains. Click the User menu and select the first item, Add User...,
+shown in <a href="ch03.html#samba2-CHP-3-FIG-30">Figure 3-30</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-30"/><img src="figs/sam2_0330.gif"/></div><h4 class="head4">Figure 3-30. User Manager for Domains window</h4>
+
+<p>This brings up the New User dialog box shown in <a href="ch03.html#samba2-CHP-3-FIG-31">Figure 3-31</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-31"/><img src="figs/sam2_0331.gif"/></div><h4 class="head4">Figure 3-31. The New User dialog</h4>
+
+<p>Fill it out as shown, using the username and password that were added
+in the previous chapter, and make sure that only the checkbox labeled
+Password Never Expires is checked. (This is not the default!) Click
+the Add button to add the user, and then click the Close button. You
+should now see your new account added to the list in the User Manager
+dialog box.</p>
+
+<p>Now open the Start menu, select Shut Down, and select the
+&quot;Close all programs and log on as a different
+user?&quot; radio button. Click the Yes button, then log
+in as the user you just added.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-3.4"/>
+
+<h3 class="head2">Connecting to the Samba Server</h3>
+
+<p>Now for the big moment. Your <a name="INDEX-107"/><a name="INDEX-108"/>Samba
+server is running, and you have set up your NT client to communicate
+with it. Double-click the Network Neighborhood icon on the desktop,
+and you should see your Samba server listed as a member of the
+workgroup, as shown in <a href="ch03.html#samba2-CHP-3-FIG-32">Figure 3-32</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-32"/><img src="figs/sam2_0332.gif"/></div><h4 class="head4">Figure 3-32. The Windows NT Network Neighborhood</h4>
+
+<p>Double-clicking the server name will show the resources that the
+server is offering to the network, as shown in <a href="ch03.html#samba2-CHP-3-FIG-33">Figure 3-33</a>. In this case, the <em class="filename">test</em>
+directory and the default printer are offered to the Windows NT
+workstation.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-33"/><img src="figs/sam2_0333.gif"/></div><h4 class="head4">Figure 3-33. Shares offered by the Toltec server</h4>
+
+<p>If you don't see the server listed,
+don't panic. Select Run... from the Start menu. A
+dialog box appears that allows you to type the name of your server
+and its share directory in Windows format. For example, you would
+enter
+<em class="filename">\\</em>toltec<em class="filename">\</em><tt class="literal">test</tt>,
+as shown in <a href="ch03.html#samba2-CHP-3-FIG-34">Figure 3-34</a>, and use your
+server's hostname instead of
+&quot;toltec&quot;.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-34"/><img src="figs/sam2_0334.gif"/></div><h4 class="head4">Figure 3-34. Opening a shared directory, using the server's NetBIOS name in the UNC</h4>
+
+<p>This will work even if browsing services are not set up right, which
+is a common problem. You can also work around a name-service problem
+by entering the server's IP Address (such as
+172.16.1.1 in our example) instead of the Samba
+server's hostname, as shown in <a href="ch03.html#samba2-CHP-3-FIG-35">Figure 3-35</a>. Go back and check your configuration, and if
+things still aren't right, go to <a href="ch12.html#samba2-CHP-12-SECT-2">Section 12.2</a> to troubleshoot what is wrong with the
+network.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-35"/><img src="figs/sam2_0335.gif"/></div><h4 class="head4">Figure 3-35. Opening a shared directory, using the server's IP address in the UNC</h4>
+
+<p>If it works, congratulations! Try copying files to and from the
+server by dragging their icons to and from the folder on the Samba
+share. You might be pleasantly surprised how seamlessly everything
+works. <a name="INDEX-109"/></p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-3-SECT-4"/>
+
+<h2 class="head1">Setting Up Windows 2000 Computers</h2>
+
+<p><a name="INDEX-110"/>Although
+Windows 2000 is based on NT technology and is similar to Windows NT
+in many respects, configuring it for use with Samba is quite
+different.</p>
+
+<p>You should perform the following steps as the
+<tt class="literal">Administrator</tt> or another user in the
+<tt class="literal">Administrators</tt> group.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-4.1"/>
+
+<h3 class="head2">Networking Components</h3>
+
+<p><a name="INDEX-111"/><a name="INDEX-112"/>Go to the Control Panel and
+double-click the Network and Dial-up Connections icon. You should see
+at least one Local Area Connection icon. If there is more than one,
+identify the one that corresponds to the network adapter that is
+connected to your Samba network. Right-click the Local Area
+Connection icon, and click the Properties button. (Or double-click
+the Local Area Connection icon, and then click the Properties button
+in the dialog box that comes up.) You should now be looking at the
+Local Area Connection Properties dialog box, as shown in <a href="ch03.html#samba2-CHP-3-FIG-36">Figure 3-36</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-36"/><img src="figs/sam2_0336.gif"/></div><h4 class="head4">Figure 3-36. Windows 2000 Local Area Connection Properties dialog</h4>
+
+<p>First of all, you might want to click the Configure button under the
+field for the network adapter, to make sure you see the message
+&quot;This device is working properly&quot;
+in the Device status window. If there is a problem, make sure to
+correct it before continuing. You should also see the message
+&quot;Use this device (enable)&quot; in the
+Device usage field of the dialog box. Make sure to set it this way if
+it is not already. Click OK or Cancel to get back to the Local Area
+Connection Properties dialog box.</p>
+
+<p>You should see at least the following two components:</p>
+
+<ul><li>
+<p>Client for Microsoft Networks</p>
+</li><li>
+<p>Internet Protocol (TCP/IP)</p>
+</li></ul>
+<p>If you do not see either Client for Microsoft Networks or Internet
+Protocol (TCP/IP) in your list, you will need to add them. For
+either, the method is to click the Install... button, click the type
+of component (Client or Protocol), and then click the Add... button.
+Next, click the component you want to add, and click the OK button.
+You should see the component added to the list with the others.</p>
+
+<p>Some components should be removed if you see them in the list:</p>
+
+<ul><li>
+<p>NetBEUI Protocol</p>
+</li><li>
+<p>NWLink NetBIOS</p>
+</li><li>
+<p>NWLink IPX/SPX/NetBIOS Compatible Transport Protocol</p>
+</li><li>
+<p>Client Service for Netware</p>
+</li></ul>
+<p>If you see anything other than TCP/IP listed as a protocol, and it is
+not a protocol that you need, you can remove it. Uninstall NetBEUI,
+unless you are sure you need it, and the other three if you do not
+need to support Netware. If you try to remove a protocol and get an
+error message saying that the protocol is being used by another
+service, you need to remove that service before you can remove the
+protocol. For example, to remove the NWLink IPX/SPX Compatible
+Transport Protocol, you would need to remove the Client Service for
+Netware first.</p>
+
+<p>To remove a component, click the component in the list, click the
+Uninstall button, and then click Yes in the dialog box that pops up.
+In some cases, Windows might need to reboot to put the change into
+effect.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-4.2"/>
+
+<h3 class="head2">Bindings</h3>
+
+<p><a name="INDEX-113"/><a name="INDEX-114"/>Next to each
+client, service, or protocol listed in the window in the Local Area
+Connections Properties dialog box, you will see a checkbox. Make sure
+the checkbox is checked for both Client for Microsoft Networks and
+Internet Protocol (TCP/IP). The check marks indicate the networking
+components are bound to the network adapter shown at the top of the
+dialog box.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-4.3"/>
+
+<h3 class="head2">Configuring TCP/IP</h3>
+
+<p><a name="INDEX-115"/><a name="INDEX-116"/>Now click Internet Protocol (TCP/IP),
+and then click Properties to open the Internet Protocol (TCP/IP)
+Properties dialog box, shown in <a href="ch03.html#samba2-CHP-3-FIG-37">Figure 3-37</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-37"/><img src="figs/sam2_0337.gif"/></div><h4 class="head4">Figure 3-37. Internet Protocol (TCP/IP) Properties dialog</h4>
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-4.3.1"/>
+
+<h3 class="head3">IP address</h3>
+
+<p><a name="INDEX-117"/><a name="INDEX-118"/>If
+you are using DHCP on your network to assign IP addresses
+dynamically, select the &quot;Obtain IP address
+automatically&quot; radio button. Otherwise, select the
+&quot;Use the following address:&quot; radio
+button, and fill in the computer's IP address and
+netmask in the spaces provided. You or your network manager should
+have selected an address for the client on the same subnet (LAN) as
+the Samba server. For example, if the server's
+address is 172.16.1.1 and its network mask is 255.255.255.0, you
+might use the address 172.16.1.14, if it is available, along with the
+same netmask. You can also fill in the IP address of the default
+gateway.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-4.3.2"/>
+
+<h3 class="head3">DNS server</h3>
+
+<p><a name="INDEX-119"/><a name="INDEX-120"/>In
+the lower part of the dialog box, click the &quot;Use the
+following DNS server addresses:&quot; radio button, and
+fill in the IP address of your DNS server.</p>
+
+<p>Now click the Advanced... button to bring up the Advanced TCP/IP
+Settings dialog box, and then click the WINS tab.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-4.3.3"/>
+
+<h3 class="head3">WINS server</h3>
+
+<p><a name="INDEX-121"/><a name="INDEX-122"/>Enter the
+address of your WINS server in the space labeled
+&quot;WINS addresses, in order of use:&quot;.
+If your Samba server is providing WINS service (in other words, you
+have the line <tt class="literal">wins</tt> <tt class="literal">service</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> in the
+<em class="emphasis">smb.conf</em> file of your Samba server), provide the
+Samba server's IP address here. Otherwise, provide
+the address of another WINS server on your network.</p>
+
+<p>Near the bottom of the dialog box, select the radio button labeled
+&quot;Enable NetBIOS over TCP/IP&quot;. <a href="ch03.html#samba2-CHP-3-FIG-38">Figure 3-38</a> shows what your Advanced TCP/IP Settings
+dialog box should look like at this point.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-38"/><img src="figs/sam2_0338.gif"/></div><h4 class="head4">Figure 3-38. Advanced TCP/IP Settings dialog, showing WINS tab</h4>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-4.3.4"/>
+
+<h3 class="head3">The LMHOSTS file</h3>
+
+<p>If you want to install an
+<em class="filename">LMHOSTS</em><a name="INDEX-123"/><a name="INDEX-124"/> file,
+it must be placed in the <em class="filename">\system32\drivers\etc</em>
+directory under your Windows installation directory (usually
+<em class="filename">C:\WINNT</em> ). The easy way to make sure it gets to
+the proper location is to use the Import LMHOSTS... button on the
+WINS Address tab. (But if you want to do it over the network, you
+will have to do that after file sharing is configured!) Remember to
+click the Enable LMHOSTS Lookup checkbox on the WINS Address tab to
+enable this functionality.</p>
+
+<p>When you are satisfied with your settings for IP Address, WINS
+Address, and DNS, click the OK buttons in each open dialog box to
+complete the configuration. Windows might need to load some files
+from the Windows 2000 distribution CD-ROM, and you might need to
+reboot for your changes to take effect.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-4.4"/>
+
+<h3 class="head2">Computer and Workgroup Names</h3>
+
+<p><a name="INDEX-125"/><a name="INDEX-126"/><a name="INDEX-127"/><a name="INDEX-128"/>From
+the Control Panel, double-click the System icon to open the System
+Properties dialog box. Click the Network Identification tab, and your
+System Properties dialog box will look similar to <a href="ch03.html#samba2-CHP-3-FIG-39">Figure 3-39</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-39"/><img src="figs/sam2_0339.gif"/></div><h4 class="head4">Figure 3-39. System Properties dialog, showing Network Identification tab</h4>
+
+<p>To give your system computer a name and a workgroup, click the
+Properties button, which will bring up the Identification Changes
+dialog box, as in <a href="ch03.html#samba2-CHP-3-FIG-40">Figure 3-40</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-40"/><img src="figs/sam2_0340.gif"/></div><h4 class="head4">Figure 3-40. Identification Changes dialog</h4>
+
+<p>You need to identify your computer with a name and change the
+workgroup to the one you specified in the
+<em class="emphasis">smb.conf</em> file of your Samba server.
+Don't worry that Windows forces the computer name
+and the workgroup to be all capital letters; it's
+smart enough to figure out what you mean when it connects to the
+network.</p>
+
+<p>Click the More... button to bring up the DNS Suffix and NetBIOS
+Computer Name dialog box, shown in <a href="ch03.html#samba2-CHP-3-FIG-41">Figure 3-41</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-41"/><img src="figs/sam2_0341.gif"/></div><h4 class="head4">Figure 3-41. DNS Suffix and NetBIOS Computer Name dialog</h4>
+
+<p>Enter the DNS domain name of this computer in the text field labeled
+Primary DNS Suffix for this computer:, and then click OK. You should
+now see the FQDN of this system underneath the label
+&quot;Full computer name:&quot;. Click the OK
+button and then reboot when requested to put your configuration
+changes into effect. Once again, log in using your administrative
+account.</p>
+<a name="samba2-CHP-3-NOTE-96"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>There have been reports of authentication problems with Samba when a
+username on a Windows 2000 system is the same as its computer name.</p>
+</blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-4.5"/>
+
+<h3 class="head2">Adding a Samba-Enabled User</h3>
+
+<p><a name="INDEX-129"/><a name="INDEX-130"/>So far,
+you have been logged into your Windows 2000 system as a user in the
+<tt class="literal">Administrators</tt> group. To access resources on the
+Samba server, you will need a username and password that the Samba
+server recognizes as valid. If your administrative account has such a
+username and password, you can use it, but you might want to access
+your system and the network from a nonadministrative user account
+instead.</p>
+<a name="samba2-CHP-3-NOTE-97"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>The directions in this section assume that your network is set up as
+a workgroup. If you have already set up your network as a domain, as
+we describe in <a href="ch04.html">Chapter 4</a>, you do not need to
+follow the instructions here for adding a local user on the Windows
+2000 client system. Simply log on to the domain from the client using
+a username and password in Samba's
+<em class="filename">smbpasswd</em> account database, and continue with
+the next section, <a href="ch03.html#samba2-CHP-3-SECT-4.6">Section 3.4.6</a>.</p>
+</blockquote>
+
+<p>To add a new user, open the Control Panel, and double-click the Users
+and Passwords icon to open the Users and Passwords dialog box, shown
+in <a href="ch03.html#samba2-CHP-3-FIG-42">Figure 3-42</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-42"/><img src="figs/sam2_0342.gif"/></div><h4 class="head4">Figure 3-42. Users and Passwords dialog</h4>
+
+<p>The first thing to do is make sure the checkbox labeled
+&quot;Users must enter a user name and password to use
+this computer.&quot; is checked. Next, click the Add...
+button to bring up the first dialog box of the User Wizard, shown in
+<a href="ch03.html#samba2-CHP-3-FIG-43">Figure 3-43</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-43"/><img src="figs/sam2_0343.gif"/></div><h4 class="head4">Figure 3-43. Adding a new user</h4>
+
+<p>Fill out the fields, using the username of a valid user account on
+the Samba host, and then click the Next &gt; button to enter and
+confirm the user's password. This password must be
+the same as the user's password on the Samba host.
+If you are using encrypted passwords, make sure this username and
+password are the same as what you used when you ran the
+<em class="emphasis">smbpasswd</em> program. Click the Next &gt; button,
+which brings up the final dialog box, shown in <a href="ch03.html#samba2-CHP-3-FIG-44">Figure 3-44</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-44"/><img src="figs/sam2_0344.gif"/></div><h4 class="head4">Figure 3-44. Specifying a group for the new user</h4>
+
+<p>Pick a group for the user (the default Standard User should do), and
+click the Finish button. You should now see your new account added to
+the list in the Users and Passwords dialog box. Click the OK button
+to complete the process.</p>
+
+<p>Now return to the Users and Passwords control panel window, click the
+Advanced tab, then click on the Advanced button. Click the Users
+folder in the left side of the Local Users and Groups window that
+appears, and then double-click the account you just added in the
+right side of the window. In the Properties window that opens, click
+the checkbox labeled Password never expires. You are done! Click the
+OK buttons in all the dialog boxes, and close all open windows.</p>
+
+<p>Open the Start menu, select Shut Down, and select Log off
+<em class="emphasis">username</em> from the drop-down menu. Click the OK
+button, then log on with the username and password you just added.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-4.6"/>
+
+<h3 class="head2">Connecting to the Samba Server</h3>
+
+<p>Now for the big moment. Your Samba server is running, and you have
+set up your <a name="INDEX-131"/><a name="INDEX-132"/>Windows 2000 client to communicate with
+it. Double-click the My Network Places icon on the desktop, and then
+double-click the Computers Near Me icon to browse the workgroup. You
+should see your Samba server listed as a member of the workgroup, as
+shown in <a href="ch03.html#samba2-CHP-3-FIG-45">Figure 3-45</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-45"/><img src="figs/sam2_0345.gif"/></div><h4 class="head4">Figure 3-45. The Computers Near Me window, showing computers in the workgroup</h4>
+
+<p>Double-clicking the server name will show the resources that the
+server is offering to the network, as shown in <a href="ch03.html#samba2-CHP-3-FIG-46">Figure 3-46</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-46"/><img src="figs/sam2_0346.gif"/></div><h4 class="head4">Figure 3-46. Shares offered by the Toltec server</h4>
+
+<p>In this case, the <em class="filename">test</em> directory and the default
+printer are offered to the Windows 2000 workstation. If you
+don't see the server listed, don't
+panic. Select Run from the Start menu. A dialog box appears that
+allows you to type the name of your server and its share directory in
+Windows format. For example, you would enter
+<em class="filename">\\toltec\</em><tt class="literal">test</tt>, as shown in
+<a href="ch03.html#samba2-CHP-3-FIG-47">Figure 3-47</a>, and use your server's
+hostname instead of &quot;toltec&quot;.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-47"/><img src="figs/sam2_0347.gif"/></div><h4 class="head4">Figure 3-47. Opening a shared directory, using the server's NetBIOS name in the UNC</h4>
+
+<p>This will work even if browsing services are not set up right, which
+is a common problem. You can also work around a name-service problem
+by entering the server's IP address (such as
+172.16.1.1 in our example) instead of the Samba
+server's hostname, as shown in <a href="ch03.html#samba2-CHP-3-FIG-48">Figure 3-48</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-48"/><img src="figs/sam2_0348.gif"/></div><h4 class="head4">Figure 3-48. Opening a shared directory, using the server's IP address in the UNC</h4>
+
+<p>If things still aren't right, go directly to <a href="ch12.html#samba2-CHP-12-SECT-2">Section 12.2</a> to troubleshoot what is wrong
+with the network.</p>
+
+<p>If it works, congratulations! Try copying files to and from the
+server. You will be pleasantly surprised how seamlessly everything
+works. Now that you've finished setting up the Samba
+server and its clients, you can proceed to the next chapter.
+<a name="INDEX-133"/></p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-3-SECT-5"/>
+
+<h2 class="head1">Setting Up Windows XP Computers</h2>
+
+<p>Although <a name="INDEX-134"/>Windows XP
+is very similar to Windows 2000, it has a very different user
+interface, and there are a number of subtle differences. For example,
+getting to the Control Panel is different than in any previous
+version of Windows&mdash;one must click the Control Panel item from
+the Start menu (there is no Settings item in the Start menu in XP).
+By default, XP will display the Control Panel in Category View mode.
+If you see this, click the Switch to Classic View item in the
+upper-left corner of the window. All of our directions are for using
+the Control Panel in Classic View mode.</p>
+
+<p>You should perform the following steps as the
+<tt class="literal">Administrator</tt> or another user in the
+Administrators group.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-5.1"/>
+
+<h3 class="head2">Networking Components</h3>
+
+<p><a name="INDEX-135"/><a name="INDEX-136"/>Go to the Control Panel and
+double-click the Network and Dial-up Connections icon. You should see
+at least one Local Area Connection icon. If there is more than one,
+identify the one that corresponds to the network adapter that is
+connected to your Samba network. Right-click the Local Area
+Connection icon and click the Properties button. (Or double-click the
+Local Area Connection icon and then click the Properties button in
+the dialog box that comes up.) You should now be looking at the Local
+Area Connection Properties dialog box, as shown in <a href="ch03.html#samba2-CHP-3-FIG-49">Figure 3-49</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-49"/><img src="figs/sam2_0349.gif"/></div><h4 class="head4">Figure 3-49. The Local Area Connection Properties dialog</h4>
+
+<p>First of all, you might want to click the Configure button under the
+field for the network adapter to make sure you see the message
+&quot;This device is working properly&quot;
+in the Device status window. If there is a problem, make sure to
+correct it before continuing. You should also see the message
+&quot;Use this device (enable)&quot; in the
+Device usage field of the dialog box. Make sure to set it this way if
+it is not already. Click OK or Cancel to close this dialog box, then
+reopen the Local Area Connection Properties dialog box.</p>
+
+<p>You should see at least the following two components:</p>
+
+<ul><li>
+<p>Client for Microsoft Networks</p>
+</li><li>
+<p>Internet Protocol (TCP/IP)</p>
+</li></ul>
+<p>If you do not see either Client for Microsoft Networks or Internet
+Protocol (TCP/IP) in your list, you will need to add them. For
+either, the method is to click the Install... button, click the type
+of component (Client or Protocol), and then click the Add... button.
+Next, click the component you want to add, and click the OK button.
+You should see the component added to the list with the others.</p>
+
+<p>If you see anything other than TCP/IP listed as a protocol, and it is
+not a protocol that you need, you can remove it. If NetBEUI appears
+in the list, uninstall it if you possibly can. Also uninstall any
+Netware-related components if you do not need to support Netware. If
+you try to remove a protocol and get an error message saying that the
+protocol is being used by another service, you need to remove that
+service before you can remove the protocol. For example, to remove
+the NWLink IPX/SPX Compatible Transport Protocol, you would need to
+remove the Client Service for Netware first.</p>
+
+<p>To remove a component, click the component in the list, click the
+Uninstall button, and then click Yes in the dialog box that pops up.
+In some cases, Windows might need to reboot to put the change into
+effect.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-5.1.1"/>
+
+<h3 class="head3">Bindings</h3>
+
+<p><a name="INDEX-137"/><a name="INDEX-138"/>Next to each client, service, or protocol
+listed in the window in the Local Area Connections Properties dialog
+box, you will see a checkbox. Make sure the checkbox is checked for
+both Client for Microsoft Networks and Internet Protocol (TCP/IP).
+The check marks indicate that the networking components are bound to
+the network adapter shown at the top of the dialog box.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-5.2"/>
+
+<h3 class="head2">Configuring TCP/IP</h3>
+
+<p><a name="INDEX-139"/><a name="INDEX-140"/>Now click Internet Protocol
+(TCP/IP) and then click Properties to open the Internet Protocol
+(TCP/IP) Properties dialog box, shown in <a href="ch03.html#samba2-CHP-3-FIG-50">Figure 3-50</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-50"/><img src="figs/sam2_0350.gif"/></div><h4 class="head4">Figure 3-50. The Internet Protocol (TCP/IP) Properties dialog</h4>
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-5.2.1"/>
+
+<h3 class="head3">IP address</h3>
+
+<p><a name="INDEX-141"/><a name="INDEX-142"/>If
+you are using DHCP on your network to assign IP addresses
+dynamically, select the &quot;Obtain IP address
+automatically&quot; radio button. Otherwise, select the
+&quot;Use the following address:&quot; radio
+button, and fill in the computer's IP address and
+netmask in the spaces provided. You or your network manager should
+have selected an address for the client on the same subnet (LAN) as
+the Samba server. For example, if the server's
+address is 172.16.1.1 and its network mask is 255.255.255.0, you
+might use the address 172.16.1.12 (if it is available) along with the
+same netmask. You can also fill in the IP address of the default
+gateway.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-5.2.2"/>
+
+<h3 class="head3">DNS server</h3>
+
+<p><a name="INDEX-143"/><a name="INDEX-144"/>In the lower part of the dialog box, click
+the &quot;Use the following DNS server
+addresses:&quot; radio button, and fill in the IP address
+of your DNS server.</p>
+
+<p>Now click the Advanced... button to bring up the Advanced TCP/IP
+Settings dialog box, and then click the WINS tab.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-5.2.3"/>
+
+<h3 class="head3">WINS server</h3>
+
+<p><a name="INDEX-145"/><a name="INDEX-146"/>Enter
+the address of your WINS server in the space labeled
+&quot;WINS addresses, in order of use:&quot;.
+If your Samba server is providing WINS service (in other words, you
+have the line <tt class="literal">wins</tt> <tt class="literal">support</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> in the
+<em class="emphasis">smb.conf</em> file of your Samba server), provide the
+Samba server's IP address here. Otherwise, provide
+the address of another WINS server on your network.</p>
+
+<p>Near the bottom of the dialog box, select the radio button labeled
+Enable NetBIOS over TCP/IP. <a href="ch03.html#samba2-CHP-3-FIG-51">Figure 3-51</a> shows what
+your Advanced TCP/IP Settings dialog box should look like at this
+point.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-51"/><img src="figs/sam2_0351.gif"/></div><h4 class="head4">Figure 3-51. The Advanced TCP/IP Settings dialog, showing the WINS tab</h4>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-3-SECT-5.2.4"/>
+
+<h3 class="head3">The LMHOSTS file</h3>
+
+<p>If you want to install an
+<em class="filename">LMHOSTS</em><a name="INDEX-147"/><a name="INDEX-148"/> file, it
+must be placed in the <em class="filename">\system32\drivers\etc</em>
+directory under your Windows installation directory (usually
+<em class="filename">C:\WINNT</em> ). The easy way to make sure it gets to
+the proper location is to use the Import LMHOSTS... button on the
+WINS Address tab. (But if you want to do it over the network, you
+will have to do that after file sharing is configured!) Remember to
+click the Enable LMHOSTS Lookup checkbox on the WINS Address tab to
+enable this functionality.</p>
+
+<p>When you are satisfied with your settings for IP Address, WINS
+Address, and DNS, click the OK buttons in each open dialog box (and
+the Close button in the Local Area Connection Properties dialog box)
+to complete the configuration. Windows might need to load some files
+from the Windows XP distribution CD-ROM, and you might need to reboot
+for your changes to take effect.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-5.3"/>
+
+<h3 class="head2">Computer and Workgroup Names</h3>
+
+<p><a name="INDEX-149"/><a name="INDEX-150"/><a name="INDEX-151"/><a name="INDEX-152"/>From the
+Control Panel, double-click the System icon to open the System
+Properties dialog box. Click the Computer Name tab, and your System
+Properties dialog box will look similar to <a href="ch03.html#samba2-CHP-3-FIG-52">Figure 3-52</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-52"/><img src="figs/sam2_0352.gif"/></div><h4 class="head4">Figure 3-52. The System Properties dialog, showing the Computer Name tab</h4>
+
+<p>To give your system computer a name and a workgroup, click the
+Change... button, which will bring up the Computer Name Changes
+dialog box, as in <a href="ch03.html#samba2-CHP-3-FIG-53">Figure 3-53</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-53"/><img src="figs/sam2_0353.gif"/></div><h4 class="head4">Figure 3-53. The Computer Name Changes dialog</h4>
+
+<p>You need to identify your computer with a name and change the
+workgroup to the one you specified in the
+<em class="emphasis">smb.conf</em> file of your Samba server.
+Don't worry that Windows forces the workgroup to be
+all capital letters; it's smart enough to figure out
+what you mean when it connects to the network.</p>
+
+<p>Click the More... button to bring up the DNS Suffix and NetBIOS
+Computer Name dialog box, shown in <a href="ch03.html#samba2-CHP-3-FIG-54">Figure 3-54</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-54"/><img src="figs/sam2_0354.gif"/></div><h4 class="head4">Figure 3-54. The DNS Suffix and NetBIOS Computer Name dialog</h4>
+
+<p>Enter the DNS domain name of this computer in the text field labeled
+Primary DNS Suffix for this computer:, and then click OK. You should
+now see the FQDN of this system underneath the label Full computer
+name: in the Computer Name Changes dialog box. Click the OK button
+and then reboot when requested to put your configuration changes into
+effect. Once again, log in using your administrative account.</p>
+<a name="samba2-CHP-3-NOTE-98"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>There have been reports of authentication problems with Samba when a
+username on a Windows XP system is the same as its computer name.</p>
+</blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-5.4"/>
+
+<h3 class="head2">Adding a Samba-Enabled User</h3>
+
+<p><a name="INDEX-153"/><a name="INDEX-154"/>So far,
+you have been logged into your Windows XP system as a user in the
+Administrators group. To access resources on the Samba server, you
+will need to have a username and password that the Samba server
+recognizes as valid. If your administrative account has such a
+username and password, you can use it, but you might want to access
+your system and the network from a nonadministrative user account
+instead.</p>
+
+<a name="samba2-CHP-3-NOTE-99"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>The directions in this section assume that your network is set up as
+a workgroup. If you have already set up your network as a domain, as
+we describe in <a href="ch04.html">Chapter 4</a>, you do not need to
+follow the instructions here for adding a local user on the Windows
+XP client system. Simply log on to the domain from the client using a
+username and password in Samba's
+<em class="filename">smbpasswd</em> account database, and continue with
+the next section, <a href="ch03.html#samba2-CHP-3-SECT-5.5">Section 3.5.5</a>.</p>
+</blockquote>
+
+<p>To add a new user, open the Control Panel, and double-click the Users
+Accounts icon to open the User Accounts window, shown in <a href="ch03.html#samba2-CHP-3-FIG-55">Figure 3-55</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-55"/><img src="figs/sam2_0355.gif"/></div><h4 class="head4">Figure 3-55. The User Accounts window</h4>
+
+<p>Click the Create a new account task, which will bring up the window
+shown in <a href="ch03.html#samba2-CHP-3-FIG-56">Figure 3-56</a>. Enter the username, then click
+the Next &gt; button.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-56"/><img src="figs/sam2_0356.gif"/></div><h4 class="head4">Figure 3-56. Entering the username</h4>
+
+<p>Click the radio button labeled
+&quot;Limited&quot;, as shown in <a href="ch03.html#samba2-CHP-3-FIG-57">Figure 3-57</a>.</p>
+
+<p>Click the Create Account button, and you will see the username you
+added next to a picture at the bottom of the User Accounts window. We
+still need to assign a password to the account. Click the account to
+bring up the &quot;What do you want to change about
+<em class="emphasis">username</em>'s
+account?&quot; window, and then click Create a password.
+Enter the password, and enter it again to confirm it.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-57"/><img src="figs/sam2_0357.gif"/></div><h4 class="head4">Figure 3-57. Setting the account type</h4>
+
+<p>This password must be the same as the user's
+password on the Samba host. If you are using encrypted passwords,
+make sure this username and password are the same as what you used
+when you ran the <em class="emphasis">smbpasswd</em> program. Click the
+Create Password button, and you're done adding the
+account.</p>
+
+<p>Now open the Start menu and click the Log Off button. In the Log Off
+Windows dialog box that pops up, again click the Log Off button. When
+Windows displays the login screen, click the user you just added, and
+type in the password to log in.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-3-SECT-5.5"/>
+
+<h3 class="head2">Connecting to the Samba Server</h3>
+
+<p><a name="INDEX-155"/><a name="INDEX-156"/>Now for
+the big moment. Your Samba server is running, and you have set up
+your Windows XP client to communicate with it. In the Start menu,
+select My Computer<a name="FNPTR-9"/><a href="#FOOTNOTE-9">[9]</a> to open the My Computer window. Click My
+Network Places, in the Other Places box in the left part of the
+window. You should see a folder icon for the
+<em class="filename">test</em> directory, as shown in <a href="ch03.html#samba2-CHP-3-FIG-58">Figure 3-58</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-58"/><img src="figs/sam2_0358.gif"/></div><h4 class="head4">Figure 3-58. The My Network Places window</h4>
+
+<p>Now click View workgroup computers in the Network Tasks box at the
+left of the window. You should see your Samba server listed as a
+member of the workgroup. Double-click its icon, and you will see a
+window that looks like <a href="ch03.html#samba2-CHP-3-FIG-59">Figure 3-59</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-59"/><img src="figs/sam2_0359.gif"/></div><h4 class="head4">Figure 3-59. Shares offered by the Toltec server</h4>
+
+<p>If you don't see the server listed in the workgroup,
+don't panic. Select Run... from the Start menu. A
+dialog box appears that allows you to type the name of your server
+and its share directory in Windows format. For example, you would
+enter <em class="filename">\\toltec\</em><tt class="literal">test</tt>, as shown
+in <a href="ch03.html#samba2-CHP-3-FIG-60">Figure 3-60</a>, and use your
+server's hostname instead of
+&quot;toltec&quot;.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-60"/><img src="figs/sam2_0360.gif"/></div><h4 class="head4">Figure 3-60. Opening a shared directory, using the server's NetBIOS name in the UNC</h4>
+
+<p>This will work even if browsing services are not set up right, which
+is a common problem. You can also work around a name-service problem
+by entering the server's IP Address (such as
+172.16.1.1 in our example) instead of the Samba
+server's hostname, as shown in <a href="ch03.html#samba2-CHP-3-FIG-61">Figure 3-61</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-3-FIG-61"/><img src="figs/sam2_0361.gif"/></div><h4 class="head4">Figure 3-61. Opening a shared directory, using the server's IP address in the UNC</h4>
+
+<p>If things still aren't right, go directly to <a href="ch12.html#samba2-CHP-12-SECT-2">Section 12.2</a> to troubleshoot what is wrong
+with the network.</p>
+
+<p>If it works, congratulations! Try copying files to and from the
+server by dragging their icons to and from the Samba
+server's <em class="filename">test</em> folder. You might
+be pleasantly surprised how seamlessly everything works. <a name="INDEX-157"/> <a name="INDEX-158"/></p>
+
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> We are
+intentionally omitting device drivers because they are
+hardware-specific, and we assume you are getting installation
+directions from the manufacturer.</p> <a name="FOOTNOTE-2"/>
+<p><a href="#FNPTR-2">[2]</a> Make sure to use the same netmask as all other systems on the
+network. You can find the netmask in use by checking with Unix or
+Windows systems that have already been configured.</p> <a name="FOOTNOTE-3"/> <p><a href="#FNPTR-3">[3]</a> Keep in mind that IP addresses ending
+in .0 are reserved for network addresses and that ones ending in .255
+are for broadcast addresses. These should never be assigned to any
+system on the network.</p> <a name="FOOTNOTE-4"/> <p><a href="#FNPTR-4">[4]</a> To be more explicit about
+this, the system will identify itself to the network as a b-node
+rather than an h-node.</p> <a name="FOOTNOTE-5"/> <p><a href="#FNPTR-5">[5]</a> We put the
+names of the <em class="filename">LMHOSTS</em> and
+<em class="filename">HOSTS</em> files in uppercase for additional
+clarity&mdash;to remind you that we are referring to the files on
+Windows rather than on Unix, and because that's the
+way we see them in other books on Windows. The case of the letters in
+the two names actually does not matter.</p> <a name="FOOTNOTE-6"/> <p><a href="#FNPTR-6">[6]</a> The address 127.0.0.1 is known as the
+<em class="emphasis">localhost</em> address and always refers to itself.
+For example, if you type <tt class="literal">ping</tt>
+<tt class="literal">127.0.0.1</tt> on a Unix server, you should always get
+a response, because you're pinging the host
+itself.</p> <a name="FOOTNOTE-7"/> <p><a href="#FNPTR-7">[7]</a> This update is supplied in
+various update packages issued by Microsoft.</p> <a name="FOOTNOTE-8"/> <p><a href="#FNPTR-8">[8]</a> Notice how in Windows NT,
+some clients are called &quot;services&quot;!
+In these directions, we will conform to Microsoft's
+terminology.</p> <a name="FOOTNOTE-9"/> <p><a href="#FNPTR-9">[9]</a> If there is a My Network Places
+item in the Start menu at this point, you can save yourself a little
+time and just click that. If you don't see it,
+don't worry; it will appear automatically
+later.</p> </blockquote>
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+</body></html>
diff --git a/docs/htmldocs/using_samba/ch04.html b/docs/htmldocs/using_samba/ch04.html
new file mode 100644
index 00000000000..02cc979284c
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch04.html
@@ -0,0 +1,2556 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 4. Windows NT Domains</h1>
+
+
+
+<p><a name="INDEX-1"/>In previous
+chapters, we've focused on workgroup networking to
+keep things simple and introduce you to networking with Samba in the
+most painless manner we could find. However, workgroup computing has
+its drawbacks, and for many computing environments, the greater
+security and single logon of the Windows NT domain make it worthwhile
+to spend the extra effort to implement a domain.</p>
+
+<p>In addition to the domain features of
+<a name="INDEX-2"/>that we discussed in <a href="ch01.html">Chapter 1</a>, having a domain makes it possible to use
+<em class="firstterm">logon scripts</em><a name="INDEX-3"/> and <em class="firstterm">roaming profiles
+</em><a name="INDEX-4"/>(also called<em class="firstterm"> roving
+profiles</em><a name="INDEX-5"/>). A logon
+script is a text file of commands that are run during startup, and a
+profile is a collection of information regarding the desktop
+environment, including the contents of the Start menu, icons that
+appear on the desktop, and other characteristics about the GUI
+environment that users are allowed to customize. A roaming profile
+can follow its owner from computer to computer, allowing her to have
+the same familiar interface appear wherever she logs on.</p>
+
+<p>A Windows NT domain offers centralized control over the network.
+<em class="firstterm">Policies</em><a name="INDEX-6"/> can be set up by an administrator to
+define aspects of the users' environment and limit
+the amount of control they have over the network and their computers.
+It is also possible for administrators to perform remote
+administration of the domain controllers from any Windows NT/2000/XP
+workstation.</p>
+
+<p>Samba 2.2 has the ability to act as a primary domain controller,
+supporting domain logons from Windows 95/98/Me/NT/2000/XP computers
+and allowing Windows NT/2000/XP<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> systems to join the domain as domain
+member servers. Samba can also join a domain as a member server,
+allowing the primary domain controller to be a Windows NT/2000 system
+or another Samba server.</p>
+
+<a name="samba2-CHP-4-NOTE-100"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Samba 2.2 does not support <a name="INDEX-7"/><a name="INDEX-8"/><a name="INDEX-9"/>LDAP and <a name="INDEX-10"/>Kerberos authentication of Active
+Directory, so it cannot act as a Windows 2000 Active Directory domain
+controller. However, Samba can be added to an Active Directory domain
+as a member server, with the Windows 2000 domain controllers running
+in either mixed or native mode. The Windows 2000 server (even if it
+is running in native mode) supports the Samba server by acting as a
+<a name="INDEX-11"/><a name="INDEX-12"/>PDC emulator, using the Windows NT
+style of authentication rather than the Kerberos style.</p>
+</blockquote>
+
+<p>If you're adding a Samba server to a network that
+has already been set up, you won't have to decide
+whether to use a workgroup or a domain; you will simply have to be
+compatible with what's already in place. If you do
+have a choice, we suggest you evaluate both workgroup and domain
+computing carefully before rolling out a big installation. You will
+have a lot of work to do if you later need to convert one to the
+other. One last thought on this matter is that Microsoft is
+developing Windows in the direction of increased use of domains and
+is intending that eventually Windows networks be composed solely of
+Active Directory domains. If you implement a Windows NT domain now,
+you'll be in a better position to transition to
+Active Directory later, after Samba has better support for it.</p>
+
+<p>In this chapter, we cover various topics directly related to using
+Samba in a Windows NT domain, including:</p>
+
+<ul><li>
+<p>Configuring and using Samba as the primary domain controller</p>
+</li><li>
+<p>Setting up Windows 95/98/Me systems to log on to the domain</p>
+</li><li>
+<p>Implementing user-level security on Windows 95/98/Me</p>
+</li><li>
+<p>Adding Windows NT/2000/XP systems to the domain</p>
+</li><li>
+<p>Configuring logon scripts, roaming profiles, and system policies</p>
+</li><li>
+<p>Adding a Samba server to a domain as a member server</p>
+</li></ul>
+
+
+
+
+<div class="sect1"><a name="samba2-CHP-4-SECT-1"/>
+
+<h2 class="head1">Samba as the Primary Domain Controller</h2>
+
+<p><a name="INDEX-13"/>Samba 2.2
+is able to handle the most desired functions of a primary domain
+controller in a Windows NT domain, handling domain logons and
+authentication for accessing shared resources, as well as supporting
+logon scripts, roaming profiles, and system policies.</p>
+
+<a name="samba2-CHP-4-NOTE-101"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>You will need to use at least Samba 2.2 to ensure that PDC
+functionality for Windows NT/2000/XP clients is present. Prior to
+Samba 2.2, only limited user authentication for NT clients was
+present.</p>
+</blockquote>
+
+<p>In this section, we will show you how to configure Samba as a PDC for
+use with Windows 95/98/Me and Windows NT/2000/XP clients. The two
+groups of Windows versions interact differently within domains, and
+in some cases are supported in slightly different ways. If you know
+you are going to be using only Windows 95/98/Me or Windows
+NT/2000/XP, you can set up Samba to support only that group. However,
+there isn't any harm in supporting both at the same
+time.</p>
+
+<a name="samba2-CHP-4-NOTE-102"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>If you would like more information on how to set up
+<a name="INDEX-14"/>domains, see the file
+<em class="filename">Samba-PDC-HOWTO.html</em><a name="INDEX-15"/>
+in the <em class="filename">docs/htmldocs</em> directory of the Samba
+source distribution.</p>
+</blockquote>
+
+<p>Samba must be the only domain controller for the domain. Make sure
+that a PDC isn't already active, and that there are
+no backup domain controllers. Samba 2.2 is not able to communicate
+with backup domain controllers, and having domain controllers in your
+domain with unsynchronized data would result in a very dysfunctional
+network.</p>
+
+<a name="samba2-CHP-4-NOTE-103"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Although Samba 2.2 cannot function as, or work with, a Windows NT
+<a name="INDEX-16"/><a name="INDEX-17"/>BDC, it is possible to set up
+another Samba server to act as a backup for a Samba PDC. For further
+information, see the file
+<em class="filename">Samba-BDC-HOWTO.html</em><a name="INDEX-18"/>
+in the <em class="filename">docs/htmldocs</em> directory of the Samba
+source distribution.</p>
+</blockquote>
+
+<p>Configuring Samba to be a PDC is a matter of modifying the
+<em class="filename">smb.conf</em> file, creating some directories, and
+restarting the server.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-1.1"/>
+
+<h3 class="head2">Modifying smb.conf</h3>
+
+<p>First you will need to start with an
+<em class="filename">smb.conf</em><a name="INDEX-19"/><a name="INDEX-20"/> file that correctly configures Samba for
+workgroup computing, such as the one we created in <a href="ch02.html">Chapter 2</a>, and insert the following lines into the
+<tt class="literal">[global]</tt> section:</p>
+
+<blockquote><pre class="code">[global]
+ ; use the name of your Samba server instead of toltec
+ ; and your own workgroup instead of METRAN
+ netbios name = toltec
+ workgroup = METRAN
+ encrypt passwords = yes
+
+ domain master = yes
+ local master = yes
+ preferred master = yes
+ os level = 65
+
+ security = user
+ domain logons = yes
+
+ ; logon path tells Samba where to put Windows NT/2000/XP roaming profiles
+ logon path = \\%L\profiles\%u\%m
+ logon script = logon.bat
+
+ logon drive = H:
+ ; logon home is used to specify home directory and
+ ; Windows 95/98/Me roaming profile location
+ logon home = \\%L\%u\.win_profile\%m
+
+ time server = yes
+
+ ; instead of jay, use the names of all users in the Windows NT/2000/XP
+ ; Administrators group who log on to the domain
+ domain admin group = root jay
+
+ ; the below works on Red Hat Linux - other OSs might need a different command
+ add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u</pre></blockquote>
+
+<p>And after the <tt class="literal">[global]</tt> section, add these three
+new shares:</p>
+
+<blockquote><pre class="code">[netlogon]
+ path = /usr/local/samba/lib/netlogon
+ writable = no
+ browsable = no
+
+[profiles]
+ ; you might wish to use a different directory for your
+ ; Windows NT/2000/XP roaming profiles
+ path = /home/samba-ntprof
+ browsable = no
+ writable = yes
+ create mask = 0600
+ directory mask = 0700
+
+[homes]
+ read only = no
+ browsable = no
+ guest ok = no
+ map archive = yes</pre></blockquote>
+
+<p>Now for the explanation. If you are comparing this example to the
+configuration file presented in <a href="ch02.html">Chapter 2</a>, you
+will notice that the first three parameter settings are similar. We
+start out in the <tt class="literal">[global]</tt> section by setting the
+NetBIOS name of the Samba server. We are using the default, which is
+the DNS hostname, but are being explicit because the NetBIOS name is
+used in UNCs that appear later in <em class="filename">smb.conf</em>. The
+next two lines, setting the workgroup name and choosing to use
+encrypted passwords, are identical to our
+<em class="filename">smb.conf</em> file from <a href="ch02.html">Chapter 2</a>.
+However, things are now a little different: even though it still
+reads &quot;workgroup&quot;, we are actually
+setting the name of the domain. For a workgroup, using encrypted
+passwords is optional; when using a domain, they are required.</p>
+
+<p>The next four lines set up our Samba PDC to handle browsing services.
+The line <tt class="literal">domain</tt> <tt class="literal">master</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> causes Samba to be the
+domain master browser, which handles browsing services for the domain
+across multiple subnets if necessary. Although it looks very similar,
+<tt class="literal">local</tt> <tt class="literal">master</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> does not cause Samba to
+be the master browser on the subnet, but merely tells it to
+participate in browser elections and allow itself to win. (These two
+lines are yet more default settings that we include to be clear.) The
+next two lines ensure that Samba wins the elections. Setting the
+<tt class="literal">preferred</tt> <tt class="literal">master</tt> parameter
+makes Samba force an election when it starts up. The
+<tt class="literal">os</tt> <tt class="literal">level</tt> parameter is set
+higher than that of any other system, which results in Samba winning
+that election. (At the time of this writing, an <tt class="literal">os</tt>
+level of 65 was sufficient to win over all versions of
+Windows&mdash;but make sure no other Samba server is set higher!) We
+make sure Samba is both the <a name="INDEX-21"/><a name="INDEX-22"/>domain and local master browser
+because Windows NT/2000 PDCs always reserve the domain master browser
+role for themselves and because Windows clients require things to be
+that way to find the primary domain controller. It is possible to
+allow another computer on the network to win the role of local master
+browser, but having the same server act as both domain and local
+masters is simpler and more efficient.</p>
+
+<p>The next two lines in the <tt class="literal">[global]</tt> section set up
+Samba to handle the actual domain logons. We set
+<tt class="literal">security</tt> <tt class="literal">=</tt>
+<tt class="literal">user</tt> so that Samba will require a username and
+password. This is actually the same as in the workgroup setup we
+covered in <a href="ch01.html">Chapter 1</a> and <a href="ch02.html">Chapter 2</a> because it is the default. The only
+reason we're including it explicitly is to avoid
+confusion: another valid setting is <tt class="literal">security</tt>
+<tt class="literal">=</tt> <tt class="literal">domain</tt>, but that is for
+having another (Windows or Samba) domain controller handle the logons
+and should never be found in the <em class="filename">smb.conf</em> of a
+Samba PDC. The next line, <tt class="literal">domain</tt>
+<tt class="literal">logons</tt> <tt class="literal">=</tt>
+<tt class="literal">yes</tt>, is what tells Samba we want this server to
+handle domain logons.</p>
+
+<p>Defining a logon path is necessary for supporting
+<a name="INDEX-23"/><a name="INDEX-24"/>roaming profiles for
+Windows NT/2000/XP clients. The UNC
+<tt class="literal">\\%L\profiles\%u</tt> refers to a share held on the
+Samba server where the profiles are kept. The variables
+<tt class="literal">%L</tt> and <tt class="literal">%u</tt> are replaced by Samba
+with the name of the server and the username of the logged on user,
+respectively. The section in <em class="filename">smb.conf</em> defining
+the <tt class="literal">[profiles]</tt> share contains the definition of
+exactly where the profiles are kept on the server.
+We'll get back to this topic a bit later in this
+chapter.</p>
+
+<p>The <tt class="literal">logon</tt> <tt class="literal">script</tt>
+<tt class="literal">=</tt> <tt class="literal">logon.bat</tt> line specifies the
+name of an MS-DOS batch file that will be executed when the client
+logs on to the domain. The path specified here is relative to the
+<tt class="literal">[netlogon]</tt> share that is defined later in the
+<em class="filename">smb.conf</em> file.</p>
+
+<p>The settings of <tt class="literal">logon</tt> <tt class="literal">drive</tt> and
+<tt class="literal">logon</tt> <tt class="literal">home</tt> have a couple of
+purposes. Setting <tt class="literal">logon</tt> <tt class="literal">drive</tt>
+<tt class="literal">=</tt> <tt class="literal">H</tt>: allows the home directory
+of the user to be connected to drive letter H on the client. The
+<tt class="literal">logon</tt> <tt class="literal">home</tt> parameter is set to
+the location of the home directory on the server, and again,
+<tt class="literal">%u</tt> is replaced at runtime by the logged on
+user's username. The home directory is used to store
+roaming profiles for Windows 95/98/Me clients. These parameters tie
+into the <tt class="literal">[homes]</tt> share that we are adding, as we
+will explain a bit later.</p>
+
+<p>Setting <tt class="literal">time</tt> <tt class="literal">server</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> causes Samba to advertise
+itself as a <a name="INDEX-25"/>time service for the network. This is
+optional.</p>
+
+<p>The <tt class="literal">domain</tt> <tt class="literal">admin</tt>
+<tt class="literal">group</tt> parameter exists as a short-term measure in
+Samba 2.2 to give Samba a list of users who have administrative
+privileges in the domain. The list should contain any Samba users who
+log on from Windows NT/2000/XP systems and are members of the
+Administrators or Domain Admins groups, if roaming profiles are to
+work correctly.</p>
+
+<p>The last parameter to add to the <tt class="literal">[global]</tt> section
+is <tt class="literal">add</tt> <tt class="literal">user</tt>
+<tt class="literal">script</tt>, and you will need it only if one or more
+of your clients is a Windows NT/2000/XP system. We will tell you more
+about this in <a href="ch04.html#samba2-CHP-4-SECT-2">Section 4.2</a> later in this chapter.</p>
+
+<p>The rest of the additions to <em class="filename">smb.conf</em> are the
+definitions for three <a name="INDEX-26"/><a name="INDEX-27"/>shares. The
+<tt class="literal">[netlogon]</tt><a name="INDEX-28"/> share is necessary for Samba to
+handle domain logons because Windows clients need to connect to it
+during the logon process and will fail if the share does not exist.
+Other than that, the only function of <tt class="literal">[netlogon]</tt>
+is to be a repository for logon scripts and system-policy files,
+which we shall cover in detail later in this chapter. The path to a
+directory on the Samba server is given, and because the clients only
+read logon scripts and system-policy files from the share, the
+<tt class="literal">writable</tt> <tt class="literal">=</tt>
+<tt class="literal">no</tt> definition is used to make the share read-only.
+Users do not need to see the share, so we set
+<tt class="literal">browsable</tt> <tt class="literal">=</tt>
+<tt class="literal">no</tt> to make the share invisible.</p>
+
+<p>The <tt class="literal">[profiles]</tt><a name="INDEX-29"/> share is needed for use with
+Windows NT/2000/XP roaming profiles. The path points to a directory
+on the Samba server where the profiles are kept, and in this case,
+the clients must be able to read and write the profile data. The
+<tt class="literal">create</tt> <tt class="literal">mask</tt> (read and write
+permitted for the owner only) and <tt class="literal">directory</tt>
+<tt class="literal">mask</tt> (read, write, and search permitted for the
+owner only) are set up such that a user's profile
+data can be read and written only by the user and not accessed or
+modified by anyone else.</p>
+
+<p>The <tt class="literal">[homes]</tt><a name="INDEX-30"/> share is necessary for our
+definitions of <tt class="literal">logon</tt> <tt class="literal">drive</tt> and
+<tt class="literal">logon</tt> <tt class="literal">home</tt> to work. Samba uses
+the <tt class="literal">[homes]</tt> share to add the home directory of the
+user (found in <em class="filename">/etc/passwd</em> ) as a share. Instead
+of appearing as &quot;homes&quot;, the share
+will be accessible on the client through a folder having the same
+name as the user's username. We will cover this
+topic in more detail in <a href="ch09.html">Chapter 9</a>.</p>
+
+<p>At this point, you might want to run
+<em class="filename">testparm</em><a name="INDEX-31"/> to check your
+<em class="filename">smb.conf</em> file. <a name="INDEX-32"/><a name="INDEX-33"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-1.2"/>
+
+<h3 class="head2">Creating Directories on the Samba Server</h3>
+
+<p><a name="INDEX-34"/><a name="INDEX-35"/>The
+<tt class="literal">[netlogon]</tt> and <tt class="literal">[profiles]</tt>
+shares defined in our new <em class="filename">smb.conf</em> file
+reference directories on the Samba server, and it is necessary to
+create those directories with the proper permissions:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /usr/local/samba/lib/netlogon</b></tt>
+# <tt class="userinput"><b>chmod 775 /usr/local/samba/lib/netlogon</b></tt>
+# <tt class="userinput"><b>mkdir /home/samba-ntprof</b></tt>
+# <tt class="userinput"><b>chmod 777 /home/samba-ntprof</b></tt></pre></blockquote>
+
+<p>The directory names we use are just examples. You are free to choose
+your own.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-1.3"/>
+
+<h3 class="head2">Restarting the Samba Server</h3>
+
+<p><a name="INDEX-36"/>At this
+point, the only thing left to do is restart the Samba server, and the
+changes will be put into effect:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>/etc/rc.d/init.d/smb restart</b></tt></pre></blockquote>
+
+<p>(or use whatever method works on your system, as discussed in <a href="ch02.html">Chapter 2</a>.) The server is now ready to accept domain
+logons. <a name="INDEX-37"/></p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-4-SECT-2"/>
+
+<h2 class="head1">Adding Computer Accounts</h2>
+
+<p>To interact in a domain, a Windows NT/2000/XP system must be a member
+of the domain. <a name="INDEX-38"/>Domain membership is implemented
+using <em class="firstterm">computer
+accounts,</em><a name="INDEX-39"/><a name="INDEX-40"/> which are similar to user
+accounts and allow a domain controller to keep information with which
+to authenticate computers on the network. That is, the domain
+controller must be able to tell if requests that arrive from a
+computer are coming from a computer that it
+&quot;knows&quot; as being part of the
+domain. Each Windows NT/2000/XP system in the domain has a computer
+account in the domain controllers' database, which
+on a Windows NT/2000 hosted domain is the <a name="INDEX-41"/>SAM
+database. Although Samba uses a different method (involving the
+<em class="filename">smbpasswd</em><a name="INDEX-42"/> file), it also treats computer accounts
+similarly to user accounts.</p>
+
+<p>To create a computer account, an administrator configures a Windows
+NT/2000/XP system to be part of the domain. For Samba 2.2, the
+&quot;<a name="INDEX-43"/><a name="INDEX-44"/>domain
+administrator&quot; is the <a name="INDEX-45"/><a name="INDEX-46"/>root account on the Samba
+server, and you will need to run the command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbpasswd -a root</b></tt></pre></blockquote>
+
+<p>to add the root user to Samba's password database.
+In this case, do not provide <em class="filename">smbpasswd</em> with the
+same password as the actual root account on the server. Create a
+different password to be used solely for creating computer accounts.
+This will reduce the possibility of compromising the root password.</p>
+
+<p>When the computer account is created, two things must happen on the
+Samba server. An entry is added to the <em class="filename">smbpasswd</em>
+file, with a &quot;username&quot; that is the
+NetBIOS name of the computer with a dollar sign
+(<tt class="literal">$</tt>) appended to it. This part is handled by the
+<em class="emphasis">smbpasswd</em> command, and you do not need to
+perform any additional action to implement it.</p>
+
+<p>With Samba 2.2, an entry is also required in the
+<em class="filename">/etc/passwd</em> file<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a> to give the computer account a
+user ID (UID) on the Samba server.</p>
+
+<p>This account will never be used to
+log in to the Unix system, so it should not be given a valid home
+directory or login shell. To make this part work, you must set the
+<tt class="literal">add</tt> <tt class="literal">user</tt>
+<tt class="literal">script</tt> parameter in your Samba configuration file,
+using a command that adds the entry in the proper manner. On our Red
+Hat Linux system, we set <tt class="literal">add</tt>
+<tt class="literal">user</tt> <tt class="literal">script</tt> to:</p>
+
+<blockquote><pre class="code">/usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u</pre></blockquote>
+
+<p>This command adds an entry in <em class="filename">/etc/passwd</em>
+similar to the following:</p>
+
+<blockquote><pre class="code">aztec$:x:505:100::/dev/null:/bin/false</pre></blockquote>
+
+<p>Again, notice that the username ends in a dollar sign. The user
+account shown has a &quot;home
+directory&quot; of <em class="filename">/dev/null</em>, a
+group ID (GID) of 100, and a &quot;login
+shell&quot; of <em class="filename">/bin/false</em>. The
+<em class="emphasis">-M</em> flag in our <em class="emphasis">useradd</em>
+command prevents it from creating the home directory. Samba replaces
+the <tt class="literal">%u</tt> variable in the
+<em class="emphasis">useradd</em> command with the NetBIOS name of the
+computer, including the trailing dollar sign. The basic idea here is
+to create an entry with a valid username and UID. These are the only
+parts that Samba uses. It is important that the UID be unique, not
+also used for other accounts&mdash;especially ones that are
+associated with Samba users.</p>
+
+<p>If you are using some other variety of Unix, you will need to replace
+our <em class="emphasis">useradd</em> command with a command that performs
+the same function on your system. If a command such as
+<em class="emphasis">useradd</em> does not come with your system, you can
+write a shell script yourself that performs the same function. In any
+case, the command should add a password hash that does not correspond
+to any valid password. For example, in the<em class="filename">
+/etc/shadow</em> file of our Linux server, we find the
+following two lines:</p>
+
+<blockquote><pre class="code">jay:%1%zQ7j7ok8$D/IubyRAY5ovM3bTrpUCn1:11566:0:99999:7:::
+zapotec$:!!:11625:0:99999:7:::</pre></blockquote>
+
+<p>The first line is for <tt class="literal">jay</tt>'s user
+account. The second field is the password hash&mdash;the long string
+between the first and second colons. The second line is for the
+computer account of <tt class="literal">zapotec</tt>, a domain member
+server. Its &quot;username&quot; ends with a
+dollar sign (<tt class="literal">$</tt>), and the second field in this case
+has been set to &quot;!!&quot;, which is an
+arbitrary string not produced from any password. Therefore, there is
+no valid password for this account on the Linux host. Just about any
+ASCII string can be used instead of
+&quot;!!&quot;. For example, you could use
+&quot;DISABLED&quot; instead.</p>
+
+<a name="samba2-CHP-4-NOTE-104"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>It is possible to <a name="INDEX-47"/><a name="INDEX-48"/><a name="INDEX-49"/><a name="INDEX-50"/>create the entries for
+<em class="filename">/etc/passwd</em> and <em class="filename">smbpasswd</em>
+manually; however, we suggest this method be used very carefully, and
+only for initial testing, or as a last resort. The reason for this is
+to maintain security. After the computer account has been created on
+the server, the next Windows NT/2000/XP system on the network with a
+matching NetBIOS name to log on to the domain will be associated with
+this account. This allows crackers a window of opportunity to take
+over computer accounts for their own purposes.</p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-4-SECT-3"/>
+
+<h2 class="head1">Configuring Windows Clients for Domain Logons</h2>
+
+<p><a name="INDEX-51"/>The client-side configuration for Windows
+clients is really simple. All you have to do is switch from workgroup
+to domain networking by enabling domain logons, and in the case of
+Windows NT/2000/XP, also provide the root password you gave
+<em class="filename">smbpasswd</em> for creating computer accounts. This
+results in the Windows NT/2000/XP system becoming a member of the
+domain.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-3.1"/>
+
+<h3 class="head2">Windows 95/98/Me</h3>
+
+<p><a name="INDEX-52"/><a name="INDEX-53"/>To
+enable domain logons with Windows 95/98/Me, open the Control Panel
+and double-click the Network icon. Then click Client for Microsoft
+Networks, and click the Properties button. At this point, you should
+see a dialog box similar to <a href="ch04.html#samba2-CHP-4-FIG-1">Figure 4-1</a>. Select the
+Logon to Windows Domain checkbox at the top of the dialog box, and
+enter the name of the domain as you have defined it with the
+<tt class="literal">workgroup</tt> parameter in the Samba configuration
+file. Then click OK, and reboot the machine when asked.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-1"/><img src="figs/sam2_0401.gif"/></div><h4 class="head4">Figure 4-1. Configuring a Windows 95/98 client for domain logons</h4>
+<a name="samba2-CHP-4-NOTE-105"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>If <a name="INDEX-54"/>Windows complains that you are already
+logged into the domain, you probably have an active connection to a
+share in the workgroup (such as a mapped network drive). Simply
+disconnect the resource temporarily by right-clicking its icon and
+choosing the Disconnect pop-up menu item.</p>
+</blockquote>
+
+<p>When Windows reboots, you should see the standard logon dialog with
+an addition: a field for a domain. The domain name should already be
+filled in, so simply enter your password and click the OK button. At
+this point, Windows should consult the primary domain controller
+(Samba) to see if the password is correct. (You can check the log
+files if you want to see this in action.) If it worked,
+congratulations! You have properly configured Samba to act as a
+domain controller for Windows 95/98/Me machines, and your client is
+successfully connected.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-3.2"/>
+
+<h3 class="head2">User-Level Security for Windows 95/98/Me</h3>
+
+<p><a name="INDEX-55"/><a name="INDEX-56"/><a name="INDEX-57"/>Now that you have a primary domain
+controller to authenticate users, you can implement much better
+security for shares that reside on Windows 95/98/Me
+systems.<a name="FNPTR-3"/><a href="#FOOTNOTE-3">[3]</a> To enable this functionality, open the
+Control Panel, double-click the Network icon, and click the Access
+Control tab in the dialog box. The window should now look like <a href="ch04.html#samba2-CHP-4-FIG-2">Figure 4-2</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-2"/><img src="figs/sam2_0402.gif"/></div><h4 class="head4">Figure 4-2. Setting user-level access control</h4>
+
+<p>Click the User-level access control radio button, and type in the
+name of your domain in the text area. Click the OK button. If you get
+the dialog box shown in <a href="ch04.html#samba2-CHP-4-FIG-3">Figure 4-3</a>, it means that
+shares are already on the system.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-3"/><img src="figs/sam2_0403.gif"/></div><h4 class="head4">Figure 4-3. Error dialog while changing to user-level access control</h4>
+
+<p>In that case, you might want to cancel the operation and make a
+record of each of the computer's shares, making it
+easier to re-create them, and then redo this part. (To get a list of
+shares, open an MS-DOS prompt window and run the
+<tt class="literal">net</tt> <tt class="literal">view</tt>
+<tt class="literal">\\</tt><em class="replaceable">computer_name</em>
+command.) Otherwise, you will get a message asking you to reboot to
+put the change in configuration into effect.</p>
+
+<p>After rebooting, you can create shares with user-level access
+control. To do this, right-click the folder you wish to share, and
+select Sharing.... This will bring up the Shared Properties dialog
+box, shown in <a href="ch04.html#samba2-CHP-4-FIG-4">Figure 4-4</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-4"/><img src="figs/sam2_0404.gif"/></div><h4 class="head4">Figure 4-4. The Shared Properties dialog</h4>
+
+<p>Click the Shared As: radio button, and give the share a name and
+comment. Then click the Add... button, and you will see the Add Users
+dialog box, shown in <a href="ch04.html#samba2-CHP-4-FIG-5">Figure 4-5</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-5"/><img src="figs/sam2_0405.gif"/></div><h4 class="head4">Figure 4-5. The Add Users dialog</h4>
+
+<p>What has happened is that Windows has contacted the primary domain
+controller (in this case, Samba) and requested a list of domain users
+and groups. You can now select a user or group and add it to one or
+more of the three lists on the righthand side of the window&mdash;for
+Read Only, Full Access, or Custom Control&mdash;by clicking the
+buttons in the middle of the window. When you are done, click the OK
+button. If you added any users or groups to the Custom Control list,
+you will be presented with the Change Access Rights dialog box, shown
+in <a href="ch04.html#samba2-CHP-4-FIG-6">Figure 4-6</a>, in which you can specify the rights
+you wish to allow. Then click the OK button to close the dialog box.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-6"/><img src="figs/sam2_0406.gif"/></div><h4 class="head4">Figure 4-6. The Change Access Rights dialog</h4>
+
+<p>You are now returned to the Shared Properties dialog box, where you
+will see the Name: and Access Rights: columns filled in with the
+permissions that you just created. Click the OK button to finalize
+the process. Remember, you will have to perform these actions on any
+folders that you had previously shared using share-level security.
+<a name="INDEX-58"/><a name="INDEX-59"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-3.3"/>
+
+<h3 class="head2">Windows NT 4.0</h3>
+
+<p><a name="INDEX-60"/><a name="INDEX-61"/>To
+configure Windows NT for domain logons, log in to the computer as
+Administrator or another user in the Administrators group, open the
+Control Panel, and double-click the Network icon. If it
+isn't already selected, click on the Network
+Identification tab.</p>
+
+<p>Click the Change... button, and you should see the dialog box shown
+in <a href="ch04.html#samba2-CHP-4-FIG-7">Figure 4-7</a>. In this dialog box, you can choose
+to have the Windows NT client become a member of the domain by
+clicking the checkbox marked Domain: in the Member of box. Then type
+in the name of the domain to which you wish the client to log on; it
+should be the same as the one you specified using the
+<tt class="literal">workgroup</tt> parameter in the Samba configuration
+file. Click the checkbox marked Create a Computer Account in the
+Domain, and fill in &quot;root&quot; for the
+text area labeled User Name:. In the Password: text area, fill in the
+root password you gave <em class="emphasis">smbpasswd</em> for creating
+computer accounts.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-7"/><img src="figs/sam2_0407.gif"/></div><h4 class="head4">Figure 4-7. Configuring a Windows NT client for domain logons</h4>
+<a name="samba2-CHP-4-NOTE-106"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>If Windows complains that you are already logged in, you probably
+have an active connection to a share in the workgroup (such as a
+mapped network drive). Disconnect the resource temporarily by
+right-clicking its icon and choosing the Disconnect pop-up menu item.</p>
+</blockquote>
+
+<p>After you press the OK button, Windows should present you with a
+small dialog box welcoming you to the domain. Click the Close button
+in the Network dialog box, and reboot the computer as requested. When
+the system comes up again, the machine will automatically present you
+with a logon screen similar to the one for Windows 95/98/Me clients,
+except that the domain text area has a drop-down menu so that you can
+opt to log on to either the local system or the domain. Make sure
+your domain is selected, and log on to the domain using any
+Samba-enabled user account on the Samba server.</p>
+<a name="samba2-CHP-4-NOTE-107"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>Be sure to select the correct domain in the Windows NT logon dialog
+box. Once it is selected, it might take a moment for Windows NT to
+build the list of available domains.</p>
+</blockquote>
+
+<p>After you enter the password, Windows NT should consult the primary
+domain controller (Samba) to see if the password is correct. Again,
+you can check the log files if you want to see this in action. If it
+worked, you have successfully configured Samba to act as a domain
+controller for Windows NT machines. <a name="INDEX-62"/><a name="INDEX-63"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-3.4"/>
+
+<h3 class="head2">Windows 2000</h3>
+
+<p><a name="INDEX-64"/><a name="INDEX-65"/>To
+configure Windows 2000 for domain logons, log in to the computer as
+Administrator or another user in the Administrators group, open the
+Control Panel, and double-click the System icon to open the System
+Properties dialog box. Click the Network Identification tab, and then
+click the Properties button. You should now see the Identification
+Changes dialog box shown in <a href="ch04.html#samba2-CHP-4-FIG-8">Figure 4-8</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-8"/><img src="figs/sam2_0408.gif"/></div><h4 class="head4">Figure 4-8. The Identification Changes dialog</h4>
+
+<p>Click the radio button labeled
+&quot;Domain:&quot; and fill in the name of
+your domain in the text-entry area. Then click the OK button. This
+will bring up the Domain Username and Password dialog box. Enter
+&quot;root&quot; for the username. For the
+password, use the password that you gave to
+<em class="emphasis">smbpasswd</em> for the root account.</p>
+<a name="samba2-CHP-4-NOTE-108"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>If Windows complains that you are already logged in, you probably
+have an active connection to a share in the workgroup (such as a
+mapped network drive). Disconnect the resource temporarily by
+right-clicking its icon and choosing the Disconnect pop-up menu item.</p>
+</blockquote>
+
+<p>After you press the OK button, Windows should present you with a
+small dialog box welcoming you to the domain. When you click the OK
+button in this dialog box, you will be told that you need to reboot
+the computer. Click the OK button in the System Properties dialog
+box, and reboot the computer as requested. When the system comes up
+again, the machine will automatically present you with a Log On to
+Windows dialog box similar to the one shown in <a href="ch04.html#samba2-CHP-4-FIG-9">Figure 4-9</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-9"/><img src="figs/sam2_0409.gif"/></div><h4 class="head4">Figure 4-9. The Windows 2000 logon window</h4>
+
+<p>If you do not see the Log on to: drop-down menu, click the Options
+&lt;&lt; button and it will appear. Select your domain, rather than
+the local computer, from the menu.</p>
+<a name="samba2-CHP-4-NOTE-109"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>Be sure to select the correct domain in the logon dialog box. Once it
+is selected, it might take a moment for Windows to build the list of
+available domains.</p>
+</blockquote>
+
+<p>Enter the username and password of any Samba-enabled user in the User
+name: and Password: fields, and either press the Enter key or click
+the OK button. If it worked, your Windows session will start up with
+no error dialogs. <a name="INDEX-66"/><a name="INDEX-67"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-3.5"/>
+
+<h3 class="head2">Windows XP Home</h3>
+
+<p><a name="INDEX-68"/>You have our
+condolences if you are trying to use the Home edition of Windows XP
+in a domain environment! Microsoft has omitted support for Windows NT
+domains from Windows XP Home, resulting in a product that is
+ill-suited for use in a domain-based network.</p>
+
+<p>On the client side, Windows XP Home users cannot log on to a Windows
+NT domain. Although it is still possible to access domain resources,
+a username and password must be supplied each time the user connects
+to a resource, rather than the &quot;single
+signon&quot; of a domain logon. Domain features such as
+logon scripts and roaming profiles are not supported.</p>
+
+<p>As a server, Windows XP Home cannot join a Windows NT domain as a
+domain member server. It can serve files and printers, but only using
+share-mode (&quot;workgroup&quot;) security.
+It can't even use user-mode security, as Windows
+95/98/Me can.</p>
+
+<p>Considering these limitations, we do not recommend Windows XP Home
+for any kind of local area network computing.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-3.6"/>
+
+<h3 class="head2">Windows XP Professional</h3>
+
+<p><a name="INDEX-69"/><a name="INDEX-70"/>To configure Windows XP
+Professional for domain logons, log in to the computer as
+Administrator or another user in the Administrators group, open the
+Control Panel in Classic View, and double-click the System icon to
+open the System Properties dialog box. Click the Computer Name tab
+and then click the Change... button. You should now see the Computer
+Name Changes dialog box shown in <a href="ch04.html#samba2-CHP-4-FIG-10">Figure 4-10</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-10"/><img src="figs/sam2_0410.gif"/></div><h4 class="head4">Figure 4-10. The Computer Name Changes dialog</h4>
+
+<p>Click the radio button labeled
+&quot;Domain:&quot;, and fill in the name of
+your domain in the text-entry area. Then click the OK button. This
+will bring up the Domain Username and Password dialog box. Enter
+&quot;root&quot; for the username. For the
+password, use the password that you gave to
+<em class="emphasis">smbpasswd</em> for the root account.</p>
+<a name="samba2-CHP-4-NOTE-110"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>If Windows complains that you are already logged in, you probably
+have an active connection to a share in the workgroup (such as a
+mapped network drive). Disconnect the resource temporarily by
+right-clicking its icon and choosing the Disconnect pop-up menu item.</p>
+</blockquote>
+
+<p>After you press the OK button, Windows should present you with a
+small dialog box welcoming you to the domain. When you click the OK
+button in this dialog box, you will be told that you need to reboot
+the computer to put the changes into effect. Click the OK buttons in
+the dialog boxes to close them, and reboot the computer as requested.
+When the system comes up again, the machine will automatically
+present you with a Log On to Windows dialog box similar to the one
+shown in <a href="ch04.html#samba2-CHP-4-FIG-11">Figure 4-11</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-11"/><img src="figs/sam2_0411.gif"/></div><h4 class="head4">Figure 4-11. The Windows XP logon window</h4>
+
+<p>If you get a dialog box at this point that tells you the domain
+controller cannot be found, the solution is to change a registry
+setting as follows.</p>
+
+<p>Open the Start Menu and click the Run... menu item. In the text area
+in the dialog box that opens, type in
+&quot;regedit&quot; and click the OK button
+to start the Registry Editor. You will be editing the registry, so
+follow the rest of the directions very carefully. Click the
+&quot;<tt class="literal">+</tt>&quot; button next
+to the HKEY_LOCAL_MACHINE folder, and in the contents that open up,
+click the &quot;<tt class="literal">+</tt>&quot;
+button next to the SYSTEM folder. Continue in the same manner to open
+CurrentControlSet, then Services, then Netlogon. (You will have to
+scroll down many times to find Netlogon in the list of services.)
+Then click the Parameters folder, and you will see items appear in
+the right side of the window. Double-click
+&quot;requiresignorseal&quot;, and a dialog
+box will open. In the Value data: text area, change the
+&quot;1&quot; to a
+&quot;0&quot; (zero), and click the OK
+button, which modifies the registry both in memory and on disk. Now
+close the Registry Editor and log off and back on again.</p>
+
+<p>If you do not see the Log on to: drop-down menu, click the Options
+&lt;&lt; button and it will appear. Select your domain from the menu,
+rather than the local computer.</p>
+<a name="samba2-CHP-4-NOTE-111"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>Be sure to select the correct domain in the logon dialog box. Once it
+is selected, it might take a moment for Windows to build the list of
+available domains.</p>
+</blockquote>
+
+<p>Enter the username and password of any Samba-enabled user in the User
+name: and Password: fields, and either press the Enter key or click
+the OK button. If it worked, your Windows session will start up with
+no error dialogs. <a name="INDEX-71"/> <a name="INDEX-72"/><a name="INDEX-73"/></p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-4-SECT-4"/>
+
+<h2 class="head1">Logon Scripts</h2>
+
+<p><a name="INDEX-74"/>After a Windows client connects with a
+domain controller (either to authenticate a user, in the case of
+Windows 95/98/Me, or to log on to the domain, in the case of Windows
+NT/2000/XP), the client downloads an MS-DOS batch file to run. The
+domain controller supplies the file assuming one has been made
+available for it. This batch file is the logon script and is useful
+in setting up an initial environment for the user.</p>
+
+<p>In a Unix environment, the ability to run such a script might lead to
+a very complex initialization and deep customization. However, the
+Windows environment is mainly oriented to the GUI, and the
+command-line functions are more limited. Most commonly, the logon
+script is used to run a <em class="emphasis">net</em> command, such as
+<em class="emphasis">net use</em><a name="INDEX-75"/>, to connect a network drive letter,
+like this:</p>
+
+<blockquote><pre class="code">net use T: \\toltec\test</pre></blockquote>
+
+<p>This command will make our <tt class="literal">[test]</tt> share (from
+<a href="ch02.html">Chapter 2</a>) show up as the T: drive in My Computer.
+This will happen automatically, and T: will be available to the user
+at the beginning of her session, instead of requiring her to run the
+<em class="emphasis">net use</em> command or connect the T: drive using
+the Map Network Drive function of Windows Explorer.</p>
+
+<p>Another useful command is:</p>
+
+<blockquote><pre class="code">net use H: /home</pre></blockquote>
+
+<p>which <a name="INDEX-76"/><a name="INDEX-77"/>connects the
+user's home directory to a drive letter (which can
+be H:, as shown here, or some other letter, as defined by
+<tt class="literal">logon</tt> <tt class="literal">drive</tt>). For this to work,
+you must have a <tt class="literal">[homes]</tt> share defined in your
+<em class="filename">smb.conf</em> file.</p>
+
+<p>If you are using <a name="INDEX-78"/><a name="INDEX-79"/>roaming profiles, you should definitely
+have:</p>
+
+<a name="INDEX-80"/><blockquote><pre class="code">net time \\<em class="replaceable">toltec</em> /set /yes</pre></blockquote>
+
+<p>in your logon script. (As usual, replace
+&quot;toltec&quot; with the name of your
+Samba PDC.) This will make sure the clocks of the Windows clients are
+synchronized with the PDC, which is important for roaming profiles to
+work correctly.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-4.1"/>
+
+<h3 class="head2">Creating a Logon Script</h3>
+
+<p><a name="INDEX-81"/>In our
+<em class="filename">smb.conf</em> file, we have the line:</p>
+
+<a name="INDEX-82"/><blockquote><pre class="code">logon script = logon.bat</pre></blockquote>
+
+<p>This defines the location and name of the logon script batch file on
+the Samba server. The path is relative to the
+<tt class="literal">[netlogon]</tt><a name="INDEX-83"/> share, defined later in the
+file like this:</p>
+
+<blockquote><pre class="code">[netlogon]
+ path = /usr/local/samba/lib/netlogon
+ writable = no
+ browsable = no</pre></blockquote>
+
+<p>With this example, the logon script is
+<em class="filename">/user/local/samba/lib/netlogon/logon.bat</em>. We
+include the directives <tt class="literal">writable</tt>
+<tt class="literal">=</tt> <tt class="literal">no</tt>, to make sure network
+clients cannot change anything in the <tt class="literal">[netlogon]</tt>
+share, and also <tt class="literal">browsable</tt> <tt class="literal">=</tt>
+<tt class="literal">no</tt>, which keeps them from even seeing the share
+when they browse the contents of the server. Nothing in
+<tt class="literal">[netlogon]</tt> should ever be modified by
+nonadministrative users. Also, the permissions on the directory for
+<tt class="literal">[netlogon]</tt> should be set appropriately (no write
+permissions for &quot;other&quot; users), as
+we showed you earlier in this chapter.</p>
+
+<p>Notice also that the extension of our logon script is
+<em class="filename">.bat</em><a name="INDEX-84"/>. Be careful about this&mdash;an extension
+of <em class="filename">.cmd</em><a name="INDEX-85"/> will work for Windows NT/2000/XP clients,
+but will result in errors for Windows 95/98/Me clients, which do not
+recognize <em class="filename">.cmd</em> as an extension for batch files.</p>
+
+<p>Because the logon script will be executed on a Windows system, it
+must be in MS-DOS text-file format, with the end of line composed of
+a carriage return followed by a linefeed. The Unix convention is a
+newline, which is simply a linefeed character, so if you use a Unix
+text editor to create your logon script, you must somehow make it use
+the appropriate characters. With
+<em class="emphasis">vim</em><a name="INDEX-86"/><a name="INDEX-87"/> (a clone of the <em class="emphasis">vi</em>
+editor that is distributed with Red Hat Linux), the method is to
+create a new file and use the command:</p>
+
+<blockquote><pre class="code">:se ff=dos</pre></blockquote>
+
+<p>to set the file format to MS-DOS style before typing in any text.
+With <em class="emphasis">emacs</em><a name="INDEX-88"/>, the same can be done using the command:</p>
+
+<blockquote><pre class="code">^X <em class="replaceable">Enter</em> f dos <em class="replaceable">Enter</em></pre></blockquote>
+
+<p>where <tt class="literal">^X</tt> is a Control-X character and
+<tt class="literal">Enter</tt> is a press of the Enter key. Another method
+is to create a Unix-format file in any text editor and then convert
+it to MS-DOS format using the
+<em class="emphasis">unix2dos</em><a name="INDEX-89"/> program:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>unix2dos unix_file &gt;logon.bat</b></tt></pre></blockquote>
+
+<p>If your system does not have <em class="emphasis">unix2dos</em>,
+don't worry. You can implement it yourself with the
+following two-line Perl script:</p>
+
+<blockquote><pre class="code">#!/usr/bin/perl
+open FILE, $ARGV[0];
+while (&lt;FILE&gt;) { s/$/\r/; print }</pre></blockquote>
+
+<p>Or, you can use Notepad on a Windows system to write your script and
+then drag the logon script over to a folder on the Samba server. In
+any case, you can <a name="INDEX-90"/>check the format of your script using
+the <em class="emphasis">od</em><a name="INDEX-91"/> command, like this:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>od -c logon.bat</b></tt></pre></blockquote>
+
+<p>You should see output resembling this:</p>
+
+<blockquote><pre class="code">0000000 n e t u s e T : \ \ t o l
+0000020 t e c \ t e s t \r \n
+0000032</pre></blockquote>
+
+<p>The important detail here is that at the end of each line is a
+<tt class="literal">\r</tt> <tt class="literal">\n</tt>, which is a carriage
+return followed by a linefeed.</p>
+
+<p>Our example logon script, containing a single <em class="emphasis">net
+use</em> command, was created and set up in a way that allows
+it to be run successfully on any Windows client, regardless of which
+Windows version is installed on the client and which user is
+authenticating or logging on to the domain. But what if we need to
+have different users, computers, or Windows versions running
+different logon scripts?</p>
+
+<p>One method is to use variables inside the <a name="INDEX-92"/>logon script that cause commands to be
+conditionally executed. For details on how to do this, you can
+consult a reference on batch-file programming for MS-DOS and Windows
+NT command language. One such reference is <em class="citetitle">Windows NT
+System Administration</em>, published by
+O'Reilly.</p>
+
+<p>Windows batch-command language is very limited in functionality.
+Fortunately, Samba also supports a means by which customization can
+be handled. The
+<em class="filename">smb.conf</em><a name="INDEX-93"/><a name="INDEX-94"/> file contains variables that can be
+used to insert (at runtime) the name of the server
+(<tt class="literal">%L</tt><a name="INDEX-95"/>), the username of the person who is
+accessing the server's resources
+(<tt class="literal">%u</tt><a name="INDEX-96"/>), or the computer name of the client
+system (<tt class="literal">%m</tt><a name="INDEX-97"/>). To give an example, if we set up the
+path to the logon script as:</p>
+
+<blockquote><pre class="code">logon script = %u/logon.bat</pre></blockquote>
+
+<p>we would then put a directory for each user in the
+<tt class="literal">[netlogon]</tt> share, with each directory named the
+same as the user's username, and in each directory
+we would put a customized <em class="filename">logon.bat</em> file. Then
+each user would have his own custom logon script. We will give you a
+better example of how to do this kind of thing in the next section,
+<a href="ch04.html#samba2-CHP-4-SECT-5">Section 4.5</a>.</p>
+
+<a name="samba2-CHP-4-NOTE-112"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>For more information on Samba configuration file variables, such as
+the <tt class="literal">%L</tt>, <tt class="literal">%u</tt>, and
+<tt class="literal">%m</tt> variables we just used, see <a href="ch06.html">Chapter 6</a> and <a href="appb.html">Appendix B</a>.</p>
+</blockquote>
+
+<p>When modifying and testing your logon script, don't
+just log off of your Windows session and log back on to make your
+script run. Instead, restart (reboot) your system before logging back
+on. Because Windows often keeps the <tt class="literal">[netlogon]</tt>
+share open across logon sessions, the reboot ensures that Windows and
+Samba have completely released and reconnected the
+<tt class="literal">[netlogon]</tt> share, and the new version of the logon
+script is being run while logging on.</p>
+
+<p>More information regarding <a name="INDEX-98"/>logon scripts can be found in the
+O'Reilly book, <em class="emphasis">Managing Windows NT
+Logons</em>. <a name="INDEX-99"/> <a name="INDEX-100"/><a name="INDEX-101"/></p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-4-SECT-5"/>
+
+<h2 class="head1">Roaming Profiles</h2>
+
+<p><a name="INDEX-102"/>One benefit of the centralized
+authentication of Windows NT domains is that a user
+<a name="INDEX-103"/>can log on from more than just one
+computer. To help users feel more &quot;at
+home&quot; when logged on at a computer other than their
+usual one, Microsoft has added the ability for
+users' personal settings to
+&quot;roam&quot; from one computer to
+another.</p>
+
+<p>All Windows versions can be configured individually for each user of
+the computer. Windows NT/2000/XP supports the ability to handle
+multiple user accounts, and Windows 95/98/Me can be configured for
+use by multiple users, keeping the configuration settings for each
+user separate. Each user can configure the
+computer's settings to her liking, and the system
+saves these settings as the user's
+<em class="firstterm">profile</em>, such that upon logging on to the
+system, the user is presented with her familiar desktop.</p>
+
+<p>Some of the settings, such as folder options or the image used for
+the desktop background, are held in the registry. Others, including
+the documents and folders appearing on the desktop and the contents
+of the Start menu, are stored as folders and files in the filesystem.</p>
+
+<p>When the profile is stored on the local system, it is called a
+<em class="firstterm">local profile</em><a name="INDEX-104"/>. On Windows NT, local profiles are
+stored in <em class="filename">C:\winnt\profiles</em>. On Windows 2000/XP,
+they can be found in <em class="filename">C:\Documents and Settings.
+</em>On Windows 95/98/Me, when configured for a single user
+(the default case), the local profile is scattered in places such as
+the registry and directories such as
+<em class="filename">C:\Windows\Desktop</em> and
+<em class="filename">C:\Windows\Start Menu</em>. When Windows 95/98/Me is
+configured for multiple users, the local profile of the preexisting
+user is moved to a folder in <em class="filename">C:\Windows\Profiles</em>
+that has the same name as the user, and any users that are
+subsequently added to the computer have their local profiles created
+in that directory as well. You can browse through the local profiles
+to see their structure&mdash;each has a <a name="INDEX-105"/><a name="INDEX-106"/><a name="INDEX-107"/><a name="INDEX-108"/><a name="INDEX-109"/>registry file
+(<em class="filename">USER.DAT</em><a name="INDEX-110"/><a name="INDEX-111"/> for Windows 95/98/Me and
+<em class="filename">NTUSER.DAT</em><a name="INDEX-112"/><a name="INDEX-113"/> for Windows NT/2000/XP) and some folders
+that contain shortcuts and documents.</p>
+
+<p>A roaming profile is a user profile that is stored on a server and
+&quot;follows&quot; its owner around the
+network so that when the user logs on to the domain from another
+computer, his profile is downloaded from the server and his familiar
+desktop appears on that computer as well.</p>
+<a name="samba2-CHP-4-NOTE-113"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p><a name="INDEX-114"/>Samba can
+support roaming profiles, and it is a fairly simple matter to
+configure it for them. However, this is one feature that we recommend
+you <em class="emphasis">do not</em> use, at least until you are sure you
+understand roaming profiles well and are very confident that you can
+implement them with no harm incurred. If you want to (or are required
+to) implement roaming profiles for your Windows clients, we suggest
+you first set up a small domain with a Samba server and a few Windows
+clients exclusively for the purposes of research and testing.
+<em class="emphasis">Under no circumstances should you attempt to implement
+roaming profiles in a careless or frivolous manner</em>.</p>
+</blockquote>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-5.1"/>
+
+<h3 class="head2">How Roaming Profiles work</h3>
+
+<p><a name="INDEX-115"/>We will start out by explaining to you
+how roaming profiles work when set up correctly. You will need a
+clear understanding of them to tell the difference between when they
+are working as they are designed and when they are not. In addition,
+roaming profiles can be a source of confusion for your users in many
+ways, and you should know how to detect when a problem with a client
+is related to roaming profile function or dysfunction.</p>
+
+<a name="samba2-CHP-4-NOTE-114"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p><a name="INDEX-116"/>A definitive source of
+documentation on Windows NT roaming profiles is the Microsoft white
+paper <em class="citetitle">Implementing Policies and Profiles for Windows NT
+4.0</em><a name="INDEX-117"/>, which can be found at
+<a href="http://www.microsoft.com/ntserver/techresources/management/prof_policies.asp">http://www.microsoft.com/ntserver/techresources/management/prof_policies.asp</a>.</p>
+</blockquote>
+
+<p>During the domain logon process, the roaming profile is copied from
+the domain controller and used as a local profile during the
+user's logon session. When the user logs off the
+domain, the local profile is copied back to the domain controller and
+stored as the new roaming profile. When the local profile is changed,
+the server does not receive an update until the user logs off the
+domain or shuts down or reboots the client. The client does not send
+an update to the server during the logon session, and a client does
+not receive an update of a setting changed on another client during a
+logon session. When the user does log off, changes in the
+configuration settings in the local profile are sent to the server,
+and the updates of the roaming profile are available for the next
+logon session.</p>
+
+<p>This simple behavior can lead to unexpected results when users are
+<a name="INDEX-118"/>logged on to the domain
+on more than one client at a time. If a user makes a change to the
+configuration settings on one client and then logs off, the settings
+can result in the roaming profile being modified accordingly. But the
+next client that logs off might cause those changes to be
+overwritten, and if so, the settings from the first client will be
+lost. The behavior of different Windows versions varies with regard
+to this, and we've seen a wide variety of
+behaviors&mdash;not always in alignment with
+Microsoft's documentation or even working the same
+way on separate occasions. Sometimes Windows will refuse to overwrite
+a profile, perhaps giving an &quot;access
+denied&quot; error, and at other times it will seem to
+work while producing odd side effects. A common source of confusion
+is what happens if a file is added to or deleted from the desktop,
+which is by default configured to be part of the profile. A deleted
+file might later reappear, and it is even possible for a file to
+irrecoverably disappear without warning (on Windows 95/98). Or maybe
+a file that is added to the desktop on one client never gets added to
+the roaming profile and fails to propagate to other clients. This
+behavior is somewhat improved on Windows 2000/XP, which attempts to
+merge items into the profile that are added on concurrently logged-on
+clients.</p>
+
+<p>One factor that comes into play is that Windows compares the
+<a name="INDEX-119"/>timestamps of the local and roaming
+profiles and can refuse to overwrite a roaming profile if it is newer
+than the local profile on the client, or vice versa. For this reason,
+it is important to keep the clocks of the Windows clients and the
+Samba PDC synchronized. We have already shown you how to do this,
+using the <em class="emphasis">net time
+\\</em><em class="replaceable">server</em>
+<em class="emphasis">/set</em> <em class="emphasis">/yes</em> command in the
+logon script.</p>
+
+<p><a name="INDEX-120"/>Even when the server and clients are
+correctly configured, a number of things that can happen make things
+seem &quot;broken.&quot; The most common
+occurrence is that some shortcuts on clients other than the one that
+created the roaming profile will not work. These shortcuts can exist
+on the desktop or as items in the Start menu. This behavior is a
+result of applications or files that exist on one computer but not
+others. Windows will display these shortcuts, but if they appear on
+the desktop, they will have a generic icon and will bring up an error
+message if a user double-clicks them.</p>
+
+<a name="samba2-CHP-4-NOTE-115"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Because profiles can and usually do include the contents of the
+desktop and other folders, it is possible for the roaming profile to
+grow to a huge size due to actions of a user, such as creating new
+files on the desktop or copying files there. By default, Internet
+Explorer keeps its disk cache in the <em class="filename">Temporary Internet
+Files</em><a name="INDEX-121"/><a name="INDEX-122"/> folder in the profile and has been
+known to populate this directory with thousands of files. This can
+result in a huge roaming profile that causes network congestion and
+very large delays while users are logging on to the domain. (A fix
+for this can be found in article Q185255 in the Microsoft Knowledge
+Base.)</p>
+</blockquote>
+
+<p>One behavior we've seen a few times is that if, for
+some reason (e.g., a network error or misconfiguration), the roaming
+profile is not available during the logon process, Windows will use
+the local profile on the client instead. When this happens, the user
+might receive an unfamiliar profile, and all the benefits of roaming
+profiles are lost for that logon session.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-5.2"/>
+
+<h3 class="head2">Configuring Samba for Roaming Profiles</h3>
+
+<p><a name="INDEX-123"/><a name="INDEX-124"/>In an ideal world, different Windows
+versions would share the same roaming profile, allowing users to log
+on to the domain from any Windows client system, ranging from Windows
+95 to Windows XP, and enjoy their familiar settings. It would even be
+possible to be logged on concurrently from multiple clients, and a
+change made to the profile on any of them would quickly propagate to
+all the others. Settings in a roaming profile made on a client that
+didn't apply to another would be handled sanely.</p>
+
+<p>Unfortunately, this scenario does not work in reality, and it is
+important to maintain separate roaming profiles to prevent different
+Windows versions from using or modifying a roaming profile created
+by, and/or in use by, another version.</p>
+
+<p>We do this by using configuration file variables to point to
+different profile directories. If you look at <a href="appb.html#samba2-APP-B-TABLE-1">Table B-1</a> in <a href="appb.html#samba2-APP-B#samba2-APP-B">Appendix B</a>, which shows
+the variables that can be used, you might be tempted to use the
+<a name="INDEX-125"/><tt class="literal">%a</tt> variable, which
+is replaced by the name of the operating system the client is
+running. However, this does not work because all of Windows 95/98/Me
+will be seen as the same operating system, and likewise for Windows
+2000/XP. So, we use <a name="INDEX-126"/><tt class="literal">%m</tt> to get the
+NetBIOS name of the client, and combine that with a symbolic link to
+point to the directory containing the profile for the Windows version
+that particular client is running.</p>
+
+<p>Our additions to <em class="filename">smb.conf</em> that appeared earlier
+in this chapter included the two lines:</p>
+
+<blockquote><pre class="code">logon path = \\%L\profiles\%u\%m
+logon home = \\%L\%u\.win_profile\%m</pre></blockquote>
+
+<p>The first line specifies where the roaming profiles for Windows
+NT/2000/XP clients are kept, and the second line performs the same
+function for Windows 95/98/Me clients. In both cases, the location is
+specified as a UNC, but
+<tt class="literal">logon</tt><a name="INDEX-127"/> <tt class="literal">path</tt> (for Windows
+NT/2000/XP) is specified relative to the
+<tt class="literal">[profiles]</tt> share, while
+<tt class="literal">logon</tt><a name="INDEX-128"/> <tt class="literal">home</tt> (for Windows
+95/98/Me) is specified relative to the user's home
+directory. This is done to comply with Samba's
+emulation of Windows NT/2000 PDC behavior.</p>
+
+<p>The <tt class="literal">logon</tt> <tt class="literal">home</tt> UNC must begin
+by specifying the user's home directory, which in
+our previous example would be <tt class="literal">\\%L\%u</tt>. The
+variable <tt class="literal">%L</tt><a name="INDEX-129"/> expands to the NetBIOS name of the
+server (in this case, toltec), and
+<tt class="literal">%u</tt><a name="INDEX-130"/> expands to the name of the user. This
+must be done to allow the command:</p>
+
+<a name="INDEX-131"/><blockquote><pre class="code">C:\&gt;<tt class="userinput"><b>net use h: /home</b></tt></pre></blockquote>
+
+<p>to function correctly to connect the user's home
+directory to drive letter H: on all Windows clients. (The drive
+letter used for this purpose is defined by <tt class="literal">logon</tt>
+<tt class="literal">drive</tt>.) We add the directory
+<em class="filename">.win_profile</em><a name="INDEX-132"/> to the UNC to put the Windows
+95/98/Me roaming profile in a subdirectory of the
+user's home directory.</p>
+<a name="samba2-CHP-4-NOTE-116"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>Note that in both <tt class="literal">logon path</tt> and <tt class="literal">logon
+home</tt>, we absolutely avoid making the profile directory the
+same as the user's home directory, and the directory
+that contains the profile is not used for any other purpose. This is
+because when the roaming profile is updated, all directories and
+files in the roaming-profile directory that are not part of the
+roaming profile are deleted.</p>
+</blockquote>
+
+<p>In the <tt class="literal">logon</tt> <tt class="literal">path</tt> line in
+<em class="filename">smb.conf</em>, we use <tt class="literal">%u</tt> to put
+the profiles directory in a subdirectory in the
+<tt class="literal">[profiles]</tt> share, such that each user gets her own
+directory that holds her roaming profiles.</p>
+
+<p>We define the <tt class="literal">[profiles]</tt> share like this:</p>
+
+<blockquote><pre class="code">[profiles]
+ writable = yes
+ create mask = 0600
+ directory mask = 0700
+ browsable = no
+ path = /home/samba-ntprof</pre></blockquote>
+
+<p>The first four parameters in the previous share definition specify to
+allow roaming profiles to be written with the users'
+permissions, to create files with read and write permissions for the
+owner, and to create directories with read, write, and search
+permissions for the owner and no access allowed for other users. As
+with the <tt class="literal">[netlogon]</tt> share, we set
+<tt class="literal">browsable</tt> <tt class="literal">=</tt>
+<tt class="literal">no</tt> so that the share will not show up on the
+clients in Windows Explorer.</p>
+
+<p>We've decided to put our Windows NT/2000/XP profiles
+in <em class="filename">/home</em>, the default location of the home
+directories on Linux. This will make it simple to include the roaming
+profiles in backups of the home directories. You can use another
+directory if you like.</p>
+
+<p>Notice that in both <tt class="literal">logon</tt> <tt class="literal">path</tt>
+and <tt class="literal">logon</tt> <tt class="literal">home</tt>, the directory
+we specify ends in <tt class="literal">%m</tt>, which Samba replaces with
+the NetBIOS name of the client. We are using the
+client's computer name to identify indirectly which
+version of Windows it is running.</p>
+
+<p>Initially, the directories you specify to hold the roaming profiles
+will be empty and will become populated as clients log off for the
+first time. (Samba will even create the directories if they do not
+already exist.) At first, the directories will simply contain
+profiles that are identical to the clients' local
+profiles, and we highly recommend that you make a backup at this
+point before things get complicated. A listing of the roaming profile
+directory for user <tt class="literal">iman</tt>, after she has logged off
+from Windows 98 clients <tt class="literal">mixtec</tt> and
+<tt class="literal">pueblo</tt> and Windows Me clients
+<tt class="literal">huastec</tt> and <tt class="literal">navajo</tt>, might look
+something like the following:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ls -l /home/iman/.win_profile</b></tt>
+total 4
+drwx------ 6 iman iman 4096 Dec 8 18:09 huastec
+drwx------ 9 iman iman 4096 Dec 7 03:47 mixtec
+drwx------ 11 iman iman 4096 Dec 7 03:05 navajo
+drwx------ 11 iman iman 4096 Dec 7 03:05 pueblo</pre></blockquote>
+
+<p>If things were left like this, the clients would not share their
+roaming profiles, so next we change from using separate directories
+to having symbolic links point to common directories:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mv mixtec Win98</b></tt>
+# <tt class="userinput"><b>mv navajo WinMe</b></tt>
+# <tt class="userinput"><b>rm huastec pueblo</b></tt>
+# <tt class="userinput"><b>ln -s Win98 pueblo</b></tt>
+# <tt class="userinput"><b>ln -s WinMe huastec</b></tt>
+# <tt class="userinput"><b>chown iman:iman *</b></tt>
+# <tt class="userinput"><b>ls -l /home/iman/.win_profile</b></tt>
+total 6
+lrwxrwxrwx 1 iman iman 5 Nov 16 01:40 huastec -&gt; WinMe
+lrwxrwxrwx 1 iman iman 5 Nov 16 01:40 mixtec -&gt; Win98
+lrwxrwxrwx 1 iman iman 5 Nov 21 17:24 navajo -&gt; WinMe
+lrwxrwxrwx 1 iman iman 5 Nov 23 01:16 pueblo -&gt; Win98
+drwx------ 9 iman iman 4096 Dec 7 03:47 Win98
+drwx------ 11 iman iman 4096 Dec 7 03:05 WinMe</pre></blockquote>
+
+<p>Now when <tt class="literal">iman</tt> logs on to the domain from either
+Windows 98 system, the client from which she is logging on will get
+the profile stored in the <em class="filename">Win98</em> directory (that
+started out as her local profile on <tt class="literal">mixtec</tt>). This
+works likewise for the Windows Me clients.</p>
+
+<p>To show a more complete example, here is a listing of a fully
+operational Windows 95/98/Me profiles directory:</p>
+
+<a name="INDEX-133"/><blockquote><pre class="code">$ <tt class="userinput"><b>ls -l /home/jay/.win_profile</b></tt>
+total 12
+lrwxrwxrwx 1 jay jay 9 Nov 16 22:14 aztec -&gt; /home/jay
+lrwxrwxrwx 1 jay jay 5 Nov 16 01:40 hopi -&gt; Win95
+lrwxrwxrwx 1 jay jay 5 Nov 16 01:40 huastec -&gt; WinMe
+lrwxrwxrwx 1 jay jay 5 Nov 16 01:38 maya -&gt; Win98
+lrwxrwxrwx 1 jay jay 5 Nov 16 01:40 mixtec -&gt; Win98
+lrwxrwxrwx 1 jay jay 5 Nov 21 17:24 navajo -&gt; WinMe
+lrwxrwxrwx 1 jay jay 5 Nov 23 01:16 pueblo -&gt; Win98
+lrwxrwxrwx 1 jay jay 5 Nov 22 02:06 ute -&gt; Win95
+drwx------ 6 jay jay 4096 Dec 8 18:09 Win95
+drwx------ 9 jay jay 4096 Dec 7 03:47 Win98
+drwx------ 11 jay jay 4096 Dec 7 03:05 WinMe
+lrwxrwxrwx 1 jay jay 5 Nov 21 22:48 yaqui -&gt; Win98
+lrwxrwxrwx 1 jay jay 9 Nov 16 22:14 zuni -&gt; /home/jay</pre></blockquote>
+
+<p>Again, the computer name of each client exists in this directory as a
+symbolic link that points to the directory containing the actual
+roaming profile. For example, <tt class="literal">maya</tt>, a client that
+runs Windows 98, has a symbolic link named <em class="filename">maya</em>
+to the <em class="filename">Win98</em> directory. A listing of
+<em class="filename">Win98</em> shows:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ls -l Win98</b></tt>
+total 148
+drwxr-xr-x 3 jay jay 4096 Nov 23 01:30 Application Data
+drwxr-xr-x 2 jay jay 4096 Nov 23 01:30 Cookies
+drwxr-xr-x 3 jay jay 4096 Dec 7 03:47 Desktop
+drwxr-xr-x 3 jay jay 4096 Nov 23 01:30 History
+drwxr-xr-x 2 jay jay 4096 Nov 23 01:30 NetHood
+drwxr-xr-x 2 jay jay 4096 Dec 7 03:47 Recent
+drwxr-xr-x 3 jay jay 4096 Nov 23 01:30 Start Menu
+-rw-r--r-- 1 jay jay 114720 Dec 7 03:46 USER.DAT</pre></blockquote>
+
+<p>The contents of the <em class="filename">Win95</em> and
+<em class="filename">WinMe</em> directories appear similar and contain
+roaming profiles that work exactly as they should on their respective
+operating systems.</p>
+
+<p>Notice in the previous listing that <em class="filename">aztec</em> and
+<em class="filename">zuni</em> are symbolic links to
+<em class="filename">/home/jay</em>. We've cautioned you
+never to configure a roaming profile directory to be a
+user's home directory, but this is to handle
+something different. The clients <tt class="literal">aztec</tt> and
+<tt class="literal">zuni</tt> are Windows XP systems, which handle
+<tt class="literal">logon</tt> <tt class="literal">home</tt> differently than
+other versions of Windows. We have set <tt class="literal">logon</tt>
+<tt class="literal">home</tt> <tt class="literal">=</tt>
+<tt class="literal">\\%L\%u\</tt>.<tt class="literal">win</tt>
+<tt class="literal">profile</tt>, and all versions of Windows except for
+Windows XP strip off everything after <tt class="literal">\\%L\%u</tt> and
+correctly locate the home directory&mdash;in this case,
+<em class="filename">/home/jay</em>. Windows XP uses the full UNC, so we
+simply add a symbolic link to redirect it to the correct directory to
+get the <em class="emphasis">net use H: /home</em> command to work as it
+should. The roaming profiles for Windows XP systems are not affected
+by this and are kept with the other roaming profiles in the Windows
+NT/2000/XP family, as shown in this listing:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ls -l /home/samba-ntprof/jay</b></tt>
+total 16
+lrwxrwxrwx 1 jay jay 5 Nov 20 03:45 apache -&gt; Win2K
+lrwxrwxrwx 1 jay jay 5 Nov 13 12:35 aztec -&gt; WinXP
+lrwxrwxrwx 1 jay jay 5 Nov 13 12:34 dine -&gt; WinNT
+lrwxrwxrwx 1 jay jay 5 Nov 24 03:44 inca -&gt; Win2K
+lrwxrwxrwx 1 jay jay 5 Nov 13 12:34 pima -&gt; Win2K
+drwx------ 13 jay jay 4096 Dec 3 15:24 qero
+drwx------ 13 jay jay 4096 Dec 1 20:31 Win2K
+drwx------ 12 jay jay 4096 Nov 30 17:04 WinNT
+drwx------ 13 jay jay 4096 Nov 20 01:23 WinXP
+lrwxrwxrwx 1 jay jay 5 Nov 20 06:09 yavapai -&gt; WinXP
+lrwxrwxrwx 1 jay jay 5 Nov 13 12:34 zapotec -&gt; Win2K
+lrwxrwxrwx 1 jay jay 5 Nov 13 12:35 zuni -&gt; WinXP</pre></blockquote>
+
+<p>As you can see, we are using a similar method for the Windows
+NT/2000/XP roaming profiles. In the listing,
+<em class="filename">qero</em> is not a symbolic link, but rather a
+directory that holds the roaming profile for <tt class="literal">qero</tt>,
+a Windows 2000 client that has recently been added. We had not
+created a symbolic link called <em class="filename">qero</em> before
+installing Windows 2000, so when jay logged off for the first time,
+Samba created a directory named <em class="filename">qero</em> and copied
+the roaming profile received from the client to the new directory.
+Because this is a separate directory from <em class="filename">Win2K</em>,
+which all other Windows 2000 clients are using to share their roaming
+profiles, the roaming profile for <tt class="literal">qero</tt> works like
+a local profile, except that it is stored on the primary domain
+controller.</p>
+
+<p>This might seem like an odd thing to do, but it has some purpose.
+Sometimes you might wish to isolate a client in this manner,
+especially while the operating system is being installed and
+initially configured. Remember, if that client, with its default
+local profile, is logged off the domain, the local profile will be
+written to the roaming profile directory. If the client were using
+the shared roaming profile directory, the effect could be
+undesirable, to say the least. Using our method, the
+<em class="filename">qero</em> directory can later be renamed to make it
+into an archival backup, or it can just be deleted. Then a new
+symlink named <em class="filename">qero</em> can be created to point to
+the <em class="filename">Win2K</em> directory, and <tt class="literal">qero</tt>
+will share the roaming profile in <em class="filename">Win2K</em> with the
+other Windows 2000 clients.</p>
+
+<p>An alternative method is simply to create the
+<a name="INDEX-134"/>symbolic
+links before the clients are added to the network. After you become
+more comfortable with the way roaming profiles work, you might find
+this method to be simpler and quicker.</p>
+
+<p>Again, we urge you to be careful about letting different versions of
+Windows share the same roaming profile. The method of configuring
+roaming profiles we've shown you here allows you to
+test a configuration for a few clients at a time without affecting
+your whole network of clients. For example, we could install a small
+number of Windows 2000 and Windows XP systems in the domain for
+testing purposes and then create symlinks for them that point to a
+directory called <em class="filename">Win2KXP</em> to find out if sharing
+roaming profiles between our Windows 2000 and Windows XP systems
+meets our expectations. The <em class="filename">Win2KXP</em> directory
+could be created as an empty directory, in which case it would have a
+roaming profile written to it by the first of the clients to log off.
+Or, <em class="filename">Win2KXP</em> could simply be a renamed roaming
+profile directory that was created by one of the clients when it was
+added to the domain. <a name="INDEX-135"/><a name="INDEX-136"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-5.3"/>
+
+<h3 class="head2">Configuring Windows 95/98/Me for Roaming Profiles</h3>
+
+<p><a name="INDEX-137"/><a name="INDEX-138"/>For roaming profiles to work on
+Windows 95/98/Me clients, all you need to do is change one setting to
+allow each user to have a separate local profile. This has the side
+effect of enabling roaming profiles as well.</p>
+
+<p>Open the Control Panel and double-click the Passwords icon to open
+the Passwords Properties dialog box. Click the User Profiles tab, and
+the dialog box will appear as shown in <a href="ch04.html#samba2-CHP-4-FIG-12">Figure 4-12</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-12"/><img src="figs/sam2_0412.gif"/></div><h4 class="head4">Figure 4-12. The Windows 98 Passwords Properties dialog</h4>
+
+<p>Click the button labeled &quot;Users can customize their
+preferences and desktop settings.&quot; In the User
+profile settings box, you can check the options you prefer. When
+done, click the OK button and reboot as requested. During this first
+reboot, Windows will copy the local profile data to
+<em class="filename">C:\windows\profiles</em> but will not attempt to copy
+the roaming profile from the server. The next time the system is shut
+down, the local profile will be copied to the server, and when
+Windows reboots, it will copy the roaming profile from the server.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-5.4"/>
+
+<h3 class="head2">Configuring Windows NT/2000/XP for Roaming Profiles</h3>
+
+<p><a name="INDEX-139"/><a name="INDEX-140"/><a name="INDEX-141"/><a name="INDEX-142"/>Roaming profiles are enabled by
+default on Windows NT/2000/XP. In case you would like to check or
+modify your settings, follow these directions.</p>
+
+<p>Make sure you are logged in to the local system as Administrator or
+another user in the Administrators group. Open the Control Panel and
+double-click the System icon. On Windows NT/2000, click the User
+Profiles tab, or on Windows XP, click the Advanced tab and then the
+Settings button in the User Profiles box. You should see the dialog
+box in <a href="ch04.html#samba2-CHP-4-FIG-13">Figure 4-13</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-13"/><img src="figs/sam2_0413.gif"/></div><h4 class="head4">Figure 4-13. The Windows 2000 System Properties, User Profiles tab</h4>
+
+<p>Notice in the figure that there are two entries for the username
+<tt class="literal">jay</tt>. The entry ZAPOTEC\jay refers to the account
+on the local system, and METRAN\jay refers to the domain account.
+Recall that when a user logs on, a drop-down menu in the dialog box
+allows him to log on to a domain or log in to the local system. When
+<tt class="literal">jay</tt> logs in to the local machine, only the local
+profile is used. When logged on to the domain, the configuration
+shown will use the roaming profile. To switch a
+user's profile type for a domain logon account,
+click the account name to select it, then click the Change Type...
+button near the bottom of the dialog box. The Change Profile Type
+dialog box will appear. Click the radio button for either roaming or
+local profile, and then click the OK buttons for each dialog box.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-5.5"/>
+
+<h3 class="head2">Mandatory Profiles</h3>
+
+<p><a name="INDEX-143"/>With a simple
+modification, a <a name="INDEX-144"/>roaming profile can be made into a
+<a name="INDEX-145"/>mandatory
+profile, which has the quality of being unmodifiable by its owner.
+Mandatory profiles are used in some computing environments to
+simplify administration. The theory is that if users cannot modify
+their profiles, less can go wrong, and it is also possible to use the
+same standardized profile for all users.</p>
+
+<p>In practice, some issues come up. Because the users can still modify
+the configuration settings in their local profile during their logon
+session, confusion can result the next time they log on to the domain
+and discover their changes have been
+&quot;lost.&quot; If the user of a client
+reinstalls an application in a different place, the shortcuts to the
+program on the desktop, in the Start menu, or in a Quick Launch bar
+cannot be permanently deleted. They will reappear every time the user
+logs back on to the domain. Essentially, a mandatory profile is a
+roaming profile that always fails to update to the server upon
+logging off!</p>
+
+<p>Another complication is that different versions of Windows behave
+differently with mandatory profiles. If a user who has a mandatory
+profile creates a new file on her desktop, the file might be missing
+the next time the user logs off and on again or reboots. Some Windows
+versions preserve desktop files in the local profile (even if the
+file does not exist in the mandatory profile), whereas others do not.</p>
+
+<p>To change a <a name="INDEX-146"/><a name="INDEX-147"/>roaming profile to a mandatory
+profile, all you have to do is rename the
+<em class="filename">.dat</em><a name="INDEX-148"/><a name="INDEX-149"/> file in the roaming profile directory
+on the server to have a <em class="filename">.man</em> extension instead.
+For a Windows 95/98/Me roaming profile, you would rename
+<em class="filename">USER.DAT</em> to <em class="filename">USER.MAN</em>, and
+for a Windows NT/2000/XP roaming profile, you would rename
+<em class="filename">NTUSER.DAT</em> to <em class="filename">NTUSER.MAN</em>.
+Also, you might want to make the roaming-profile directory and its
+contents read-only, to make sure that a user can't
+change it by logging into his Unix user account on the Samba host
+system.</p>
+
+<p>If you want to have all your users share a mandatory profile, you can
+change the definitions of <tt class="literal">logon</tt>
+<tt class="literal">path</tt> and <tt class="literal">logon</tt>
+<tt class="literal">home</tt> in your <em class="filename">smb.conf</em> file to
+point to a shared mandatory profile on the server and adjust your
+directory structure and symbolic links accordingly. For example,
+<tt class="literal">logon</tt> <tt class="literal">path</tt> and
+<tt class="literal">logon</tt> <tt class="literal">home</tt> might be defined
+like this:</p>
+
+<blockquote><pre class="code">logon path = \\%L\profiles\%m
+logon home = \\%L\%u\.win_profile\%m</pre></blockquote>
+
+<p>Notice that we've removed the <tt class="literal">%u</tt>
+part of the path for <tt class="literal">logon</tt>
+<tt class="literal">path</tt>, and we would also change the directory
+structure on the server to do away with the separation of the
+profiles by username and have just one profile for each Windows
+NT/2000/XP version.</p>
+
+<p>We cannot use the same treatment for <tt class="literal">logon</tt>
+<tt class="literal">home</tt> because it is also used to specify the home
+directory. In this case, we would change the symbolic links in each
+user's <em class="filename">.win_profile</em> directory
+to point to a common mandatory profile directory containing the
+mandatory profiles for each of Windows 95/98/Me. Again, check the
+ownership and permissions on the files in the directory, and modify
+them if necessary to make sure a user can't modify
+any files by logging into her Unix account on the Samba host system.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-5.6"/>
+
+<h3 class="head2">Logon Script and Roaming-Profile Options</h3>
+
+<p><a href="ch04.html#samba2-CHP-4-TABLE-1">Table 4-1</a> summarizes the options commonly used in
+association with Windows NT domain <a name="INDEX-150"/><a name="INDEX-151"/>logon
+scripts and roaming profiles.</p>
+
+<a name="samba2-CHP-4-TABLE-1"/><h4 class="head4">Table 4-1. Logon-script options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">logon</tt> <tt class="literal">script</tt></p>
+</td>
+<td>
+<p>string (MS-DOS path)</p>
+</td>
+<td>
+<p>Name of logon script batch file</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">logon</tt> <tt class="literal">path</tt></p>
+</td>
+<td>
+<p>string (UNC server and share name)</p>
+</td>
+<td>
+<p>Location of roaming profile</p>
+</td>
+<td>
+<p><tt class="literal">\\%N\%U\profile</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">logon</tt> <tt class="literal">drive</tt></p>
+</td>
+<td>
+<p>string (drive letter)</p>
+</td>
+<td>
+<p>Specifies the logon drive for a home directory</p>
+</td>
+<td>
+<p><tt class="literal">Z</tt>:</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">logon</tt> <tt class="literal">home</tt></p>
+</td>
+<td>
+<p>string (UNC server and share name)</p>
+</td>
+<td>
+<p>Specifies a location for home directories for clients logging on to
+the domain</p>
+</td>
+<td>
+<p><tt class="literal">\\%N\%U</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-4-SECT-5.6.1"/>
+
+<a name="INDEX-152"/><h3 class="head3">logon script</h3>
+
+<p>This option specifies a Windows batch file that will be executed on
+the client after a user has logged on to the domain. Each logon
+script should be stored in the root directory of the
+<tt class="literal">[netlogon]</tt> share or a subdirectory. This option
+frequently uses the <tt class="literal">%U</tt> or <tt class="literal">%m</tt>
+variables (user or NetBIOS name) to point to an individual script.
+For example:</p>
+
+<blockquote><pre class="code">[global]
+ logon script = %U.bat</pre></blockquote>
+
+<p>will execute a script based on the username. If the user who is
+connecting is <tt class="literal">fred</tt> and the path of the
+<tt class="literal">[netlogon]</tt> share maps to the directory
+<em class="filename">/export/samba/netlogon</em>, the script should be
+<em class="filename">/export/samba/netlogon/fred.bat</em>. Because these
+scripts are downloaded to the client and executed on the Windows
+side, they must have MS-DOS-style newline characters rather than Unix
+newlines.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-4-SECT-5.6.2"/>
+
+<a name="INDEX-153"/><h3 class="head3">logon path</h3>
+
+<p>This option specifies the location where roaming profiles are kept.
+When the user logs on, a roaming profile will be downloaded from the
+server to the client and used as the local profile during the logon
+session. When the user logs off, the contents of the local profile
+will be uploaded back to the server until the next time the user
+connects.</p>
+
+<p>It is often more secure to create a separate share exclusively for
+storing user profiles:</p>
+
+<blockquote><pre class="code">[global]
+ logon path = \\hydra\profile\%U</pre></blockquote>
+
+<p>For more information on this option, see <a href="ch04.html#samba2-CHP-4-SECT-5">Section 4.5</a> earlier in this chapter.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-4-SECT-5.6.3"/>
+
+<a name="INDEX-154"/><h3 class="head3">logon drive</h3>
+
+<p>This option specifies the drive letter on a Windows NT/2000/XP client
+to which the home directory specified with the
+<tt class="literal">logon</tt> <tt class="literal">home</tt> option will be
+mapped. Note that this option will work with Windows NT/2000/XP
+clients only. For example:</p>
+
+<blockquote><pre class="code">[global]
+ logon drive = I:</pre></blockquote>
+
+<p>You should always use drive letters that will not conflict with fixed
+drives on the client machine. The default is Z:, which is a good
+choice because it is as far away from A:, C:, and D: as possible.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-4-SECT-5.6.4"/>
+
+<a name="INDEX-155"/><h3 class="head3">logon home</h3>
+
+<p>This option specifies the location of a user's home
+directory for use by the MS-DOS <em class="emphasis">net</em> commands.
+For example, to specify a home directory as a share on a Samba
+server, use the following:</p>
+
+<blockquote><pre class="code">[global]
+ logon home = \\hydra\%U</pre></blockquote>
+
+<p>Note that this works nicely with the <tt class="literal">[homes]</tt>
+service, although you can specify any directory you wish. Home
+directories can be mapped with a logon script using the following
+command:</p>
+
+<a name="INDEX-156"/><blockquote><pre class="code">C:\&gt;<tt class="userinput"><b>net use i: /home </b></tt></pre></blockquote>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-4-SECT-6"/>
+
+<h2 class="head1">System Policies</h2>
+
+<p>A <a name="INDEX-157"/>system policy can be used in a Windows
+NT domain as a remote administration tool for implementing a similar
+computing environment on all clients and limiting the abilities of
+users to change configuration settings on their systems or allowing
+them to run only a limited set of programs. One application of system
+policies is to use them along with mandatory profiles to implement a
+collection of computers for public use, such as in a library, school,
+or Internet cafe.</p>
+
+<p>A system policy is a collection of registry settings that is stored
+in a file on the PDC and is automatically downloaded to the clients
+when users log on to the domain. The file containing the settings is
+created on a Windows system using the <a name="INDEX-158"/>System Policy Editor. Because the format
+of the registry is different between Windows 95/98/Me and Windows
+NT/2000/XP, it is necessary to make sure that the file that is
+created is in the proper format. This is a very simple matter because
+when the System Policy Editor runs on Windows 95/98/Me, it will
+create a file in the format for Windows 95/98/Me, and if it is run on
+Windows NT/2000/XP, it will use the format needed by those versions.
+After the policy file is created with the System Policy Editor, it is
+stored on the primary domain controller and is automatically
+downloaded by the clients during the logon process, and the policies
+are applied to the client system.</p>
+
+<p>On Windows NT 4.0 Server, you can run the System Policy Editor by
+logging in to the system as Administrator or another user in the
+Administrators group, opening the Start menu, and selecting Programs,
+then Administrative Tools, then System Policy Editor. On Windows 2000
+Advanced Server, open the Start menu and click Run . . . . In the
+dialog box that comes up, type in
+<tt class="literal">C:\winnt\poledit.exe</tt>, and click the OK button.</p>
+
+<p>If you are using a Windows version other than NT Server or Windows
+2000 Advanced Server, you must install the System Policy Editor, and
+getting a copy of it can be a little tricky. If you are running
+Windows NT 4.0 Workstation or Windows 2000 Professional and have a
+Windows NT 4.0 Server installation CD-ROM, you can run the file
+<em class="filename">\Clients\Svrtools\Winnt\Setup.bat</em> from that CD
+to install the Client-based Network Administration Tools, which
+includes <em class="emphasis">poledit.exe</em>. Then open the Start menu,
+click Run..., type <tt class="literal">C:\winnt\system32\poledit.exe</tt>
+into the text area, and click the OK button.</p>
+
+<p>If you are using Windows 95/98, insert a Windows 95 or Windows 98
+distribution CD-ROM<a name="FNPTR-4"/><a href="#FOOTNOTE-4">[4]</a> into your CD-ROM drive,
+then open the Control Panel and double-click the Add/Remove Programs
+button.</p>
+
+<p>Click the Windows Setup tab, and then click the Have Disk...
+button. In the new dialog box that appears, click the Browse...
+button, then select the CD-ROM drive from the Drives drop-down menu.
+Then:</p>
+
+<ul><li>
+<p>If you are using a Windows 95 installation CD-ROM, double-click the
+admin, then apptools, then poledit folder icons.</p>
+</li><li>
+<p>If you are using a Windows 98 installation CD-ROM, double-click the
+tools, then reskit, then netadmin, then poledit folder icons.</p>
+</li></ul>
+<p>You should see &quot;<a name="INDEX-159"/>grouppol.inf&quot; appear in
+the File name: text area on the left of the dialog box. Click the OK
+buttons in two dialog boxes, and you will be presented with a dialog
+box in which you should select both the Group Policies and System
+Policy Editor checkboxes. Then click the Install button. Close the
+remaining dialog box, and you can now run the System Policy Editor by
+opening the Start menu and selecting Programs, then Accessories, then
+System Tools, then System Policy Editor. Or click the Run... item in
+the Start Menu, and enter <tt class="literal">C:\Windows\Poledit</tt>.</p>
+
+<p>When the System Policy Editor starts up, select New Policy from the
+File menu, and you will see a window similar to that in <a href="ch04.html#samba2-CHP-4-FIG-14">Figure 4-14</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-14"/><img src="figs/sam2_0414.gif"/></div><h4 class="head4">Figure 4-14. The System Policy Editor window</h4>
+
+<p>The next step is to make a selection from the File menu to add
+policies for users, groups, and computers. For each item you add, you
+will be asked for the username, or name of the group or computer, and
+a new icon will appear in the window. Double-clicking one of the
+icons will bring up the Properties dialog box, such as the one shown
+in <a href="ch04.html#samba2-CHP-4-FIG-15">Figure 4-15</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-15"/><img src="figs/sam2_0415.gif"/></div><h4 class="head4">Figure 4-15. The Properties dialog of System Policy Editor</h4>
+
+<p>The upper window in the dialog shows the registry settings that can
+be modified as part of the system policy, and the lower window shows
+descriptive information or more settings pertaining to the one
+selected in the upper window. Notice in the figure that there are
+three checkboxes and that they are all in different states:</p>
+
+<dl>
+<dt><b>Checked</b></dt>
+<dd>
+<p>Meaning that the registry setting is enabled in the policy</p>
+</dd>
+
+
+
+<dt><b>White (unchecked)</b></dt>
+<dd>
+<p>Which clears the registry setting</p>
+</dd>
+
+
+
+<dt><b>Gray</b></dt>
+<dd>
+<p>Which causes the registry setting on the client to be unmodified</p>
+</dd>
+
+</dl>
+
+<p>Basically, if all the items are left gray (the default), the system
+policy will have no effect. The registry of the logged-on client will
+not be modified. However, if any of the items are either checked or
+unchecked (white), the registry on the client will be modified to
+enable the setting or clear it.</p>
+<a name="samba2-CHP-4-NOTE-117"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>In this section, we are giving you enough information on using the
+System Policy Editor to get you started&mdash;or, should we say,
+enough rope with which to hang yourself. Remember that a system
+policy, once put into action, will be modifying the registries of all
+clients who log on to the domain. The usual warnings about editing a
+Windows registry apply here with even greater importance. Consider
+how difficult (or even impossible) it will be for you to restore the
+registries on all those clients if anything happens to go wrong.
+<em class="emphasis">As with roaming profiles, casual or careless implementation
+of system policies can easily lead to domain-wide
+disaster</em>.</p>
+
+<p>Creating a good system policy file is a complex topic, which we
+cannot cover in detail here. It would take a whole book, and yes,
+there happens to be an O'Reilly book on the subject,
+<em class="citetitle">Windows System Policy Editor</em>. Another
+definitive source of documentation on Windows NT system policies and
+the System Policy Editor is the Microsoft white paper
+<em class="citetitle">Implementing Policies and Profiles for Windows NT
+4.0</em>, which can be found at <a href="http://www.microsoft.com/ntserver/techresources/management/prof_policies.asp">http://www.microsoft.com/ntserver/techresources/management/prof_policies.asp</a>.</p>
+</blockquote>
+
+<p>Once you have created a policy, click the OK button and use the Save
+As... item from the File menu to save it. Use the filename
+<em class="filename">config.pol</em><a name="INDEX-160"/> for a Windows 95/98 system policy and
+<em class="filename">ntconfig.pol</em><a name="INDEX-161"/> for a policy that will be used on Windows
+NT/2000/XP clients. Finally, copy the <em class="filename">.pol</em> file
+to the directory used for the <tt class="literal">[netlogon]</tt> share on
+the Samba PDC. The <em class="filename">config.pol</em> and
+<em class="filename">ntconfig.pol</em> files must go in this
+directory&mdash;unlike roaming profiles and logon scripts, there is
+no way to specify the location of the system policy files in
+<em class="filename">smb.conf</em>. If you want to have different system
+policies for different users or computers, you must perform that part
+of the configuration within the System Policy Editor.</p>
+
+<a name="samba2-CHP-4-NOTE-118"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>If you have, or will have, any <a name="INDEX-162"/><a name="INDEX-163"/>Windows Me clients on your network,
+be careful. Microsoft has stated that Windows Me does not support
+system policies. The odd thing about this is that it will download
+the policy from a <em class="filename">config.pol</em> file on the PDC,
+but there is no guarantee that the results will be what was intended.
+Check the effect of your system policy carefully on your Windows Me
+clients to make sure it is working how you want.</p>
+</blockquote>
+
+<p>When a user logs on to the domain, her Windows client will download
+the <em class="filename">.pol</em> file from the server, and the settings
+in it (that is, the items either checked or cleared in the System
+Policy Editor) will override the client's settings.</p>
+
+<p>If things &quot;should work&quot; but
+don't, try shutting down the Windows client and
+restarting, rather than just logging off and on again. Windows
+sometimes will hold the <tt class="literal">[netlogon]</tt> share open
+across logon sessions, and this can prevent the client from getting
+the updated <em class="filename">.pol</em> file from the server.
+<a name="INDEX-164"/>
+<a name="INDEX-165"/></p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-4-SECT-7"/>
+
+<h2 class="head1">Samba as a Domain Member Server</h2>
+
+<p><a name="INDEX-166"/>Up to now,
+we've focused on configuring and using Samba as the
+primary domain controller. If you already have a domain controller on
+your network, either a Windows NT/2000 Server system or a Samba PDC,
+you can add a Samba server to the domain as a domain member server.
+This involves setting up the Samba server to have a computer account
+with the primary domain controller, in a similar way that Windows
+NT/2000/XP clients can have computer accounts on a Samba PDC. When a
+client accesses shares on the Samba domain member server, Samba will
+pass off the authentication to the domain controller rather than
+performing the task on the local system. If the PDC is a Windows
+server, any number of Windows BDCs might exist that can handle the
+authentication instead of the PDC.</p>
+
+<p>The first step is to add the Samba server to the domain by creating a
+computer account for it on the primary domain controller. You can do
+this using the <em class="emphasis">smbpasswd</em> command, as follows:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbpasswd -j <em class="replaceable">DOMAIN</em> -r <em class="replaceable">PDCNAME</em> -U<em class="replaceable">admin_acct</em>%<em class="replaceable">password</em></b></tt></pre></blockquote>
+
+<p>In this command, <em class="replaceable">DOMAIN</em> is replaced by the
+name of the domain the Samba host is joining,
+<em class="replaceable">PDCNAME</em> is replaced by the computer name
+of the primary domain controller,
+<em class="replaceable">admin_acct</em> is replaced by the username of
+an administrative account on the domain controller (either
+Administrator&mdash;or another user in the Administrators
+group&mdash;on Windows NT/2000, and root on Samba), and
+<em class="replaceable">password</em> is replaced with the password of
+that user. To give a more concrete example, on our domain that has a
+Windows NT 4 Server primary domain controller or a Windows 2000
+Active Directory domain controller named <tt class="literal">SINAGUA</tt>,
+the command would be:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbpasswd -j METRAN -r SINAGUA -UAdministrator%hup8ter</b></tt></pre></blockquote>
+
+<p>and if the PDC is a Samba system, we would use the command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbpasswd -j METRAN -r toltec -Uroot%jwun83jb</b></tt></pre></blockquote>
+
+<p>where <tt class="literal">jwun83jb</tt> is the password for the root user
+that is contained in the<em class="filename"> smbpasswd</em> file, as we
+explained earlier in this chapter.</p>
+
+<p>If you did it right, <em class="emphasis">smbpasswd</em> will respond with
+a message saying the domain has been joined. The security
+identifier<a name="FNPTR-5"/><a href="#FOOTNOTE-5">[5]</a> returned to Samba from the PDC is kept in
+the file <em class="filename">/usr/local/samba/private/secrets.tdb</em>.
+The information in
+<em class="filename">secrets.tdb</em><a name="INDEX-167"/> is security-sensitive, so make sure to
+protect <em class="filename">secrets.tdb</em> in the same way you would
+treat Samba's password file.</p>
+
+<p>The next step is to modify the
+<em class="filename">smb.conf</em><a name="INDEX-168"/> file. Assuming you are starting with a
+valid <em class="filename">smb.conf</em> file that correctly configures
+Samba to function in a workgroup, such as the one we used in <a href="ch02.html">Chapter 2</a>, it is simply a matter of adding the following
+three lines to the <tt class="literal">[global]</tt> section:</p>
+
+<blockquote><pre class="code">workgroup = METRAN
+security = domain
+password server = *</pre></blockquote>
+
+<p>The first line establishes the name of the domain (even though it
+says &quot;workgroup&quot;). Instead of
+METRAN, use the name of the domain you are joining. Setting security
+to &quot;domain&quot; causes Samba to hand
+off authentication to a domain controller, and the
+<tt class="literal">password</tt> <tt class="literal">server</tt>
+<tt class="literal">=</tt> <tt class="literal">*</tt> line tells Samba to find
+the domain controller for authentication (which could be the primary
+domain controller or a backup domain controller) by querying the WINS
+server or using broadcast packets if a WINS server is not available.</p>
+
+<p>At this point, it would be prudent to run
+<em class="emphasis">testparm</em> to check that your
+<em class="filename">smb.conf</em> is free of errors. Then restart the
+Samba daemons.</p>
+
+<p>If the PDC is a Windows NT system, you can use Server Manager to
+check that the Samba server has been added successfully. Open the
+Start menu, then select Programs, then Administrative Tools (Common),
+and then Server Manager. Server Manager starts up with a window that
+looks like <a href="ch04.html#samba2-CHP-4-FIG-16">Figure 4-16</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-16"/><img src="figs/sam2_0416.gif"/></div><h4 class="head4">Figure 4-16. The Windows NT Server Manager window</h4>
+
+<p>As you can see, we've added both
+<tt class="literal">toltec</tt> and <tt class="literal">mixtec</tt> to a domain
+for which the Windows NT 4.0 Server system,
+<tt class="literal">sinagua</tt>, is the primary domain controller.</p>
+
+<p>You can check your setup on Windows 2000 Advanced Server by opening
+the Start menu and selecting Programs, then Administrative Tools,
+then Active Directory Users and Computers. The window that opens up
+will look like <a href="ch04.html#samba2-CHP-4-FIG-17">Figure 4-17</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-4-FIG-17"/><img src="figs/sam2_0417.gif"/></div><h4 class="head4">Figure 4-17. The Windows 2000 Active Directory Users and Computers window</h4>
+
+<p>Click Computers in the left side of the window with the Tree tab. You
+should see your Samba system listed in the right pane of the window.
+<a name="INDEX-169"/></p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-4-SECT-8"/>
+
+<h2 class="head1">Windows NT Domain Options</h2>
+
+<p><a href="ch04.html#samba2-CHP-4-TABLE-2">Table 4-2</a> shows the options that are commonly used
+in association with Samba on a Windows NT domain.</p>
+
+<a name="samba2-CHP-4-TABLE-2"/><h4 class="head4">Table 4-2. Windows NT domain options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">domain logons</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>Indicates whether Windows domain logons are to be used</p>
+</td>
+<td>
+<p><tt class="literal">No</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">domain master</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>For telling Samba to take the role of domain master browser</p>
+</td>
+<td>
+<p>Auto</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">add user script</tt></p>
+</td>
+<td>
+<p>string (command)</p>
+</td>
+<td>
+<p>Script to run to add a user or computer account</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">delete user</tt> <tt class="literal">script</tt></p>
+</td>
+<td>
+<p>string (command)</p>
+</td>
+<td>
+<p>Script to run to delete a user or computer account</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">domain admin group</tt></p>
+</td>
+<td>
+<p>string (list of users)</p>
+</td>
+<td>
+<p>Users that are in the Domain Admins group</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">domain guest group</tt></p>
+</td>
+<td>
+<p>string (list of users)</p>
+</td>
+<td>
+<p>Users that are in the Domain Guests group</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">password server</tt></p>
+</td>
+<td>
+<p>string (list of computers)</p>
+</td>
+<td>
+<p>List of domain controllers used for authentication when Samba is
+running as a domain member server</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">machine password timeout</tt></p>
+</td>
+<td>
+<p>numeric (seconds)</p>
+</td>
+<td>
+<p>Sets the renewal interval for NT domain machine passwords</p>
+</td>
+<td>
+<p><tt class="literal">604,800</tt> (1 week )</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+<p>Here are detailed explanations of each <a name="INDEX-170"/>Windows NT domain option listed
+in <a href="ch04.html#samba2-CHP-4-TABLE-2">Table 4-2</a>.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-4-SECT-8.1"/>
+
+<a name="INDEX-171"/><h3 class="head2">domain logons</h3>
+
+<p>This option configures Samba to accept domain logons as a primary
+domain controller. When a client successfully logs on to the domain,
+Samba will return a special token to the client that allows the
+client to access domain shares without consulting the PDC again for
+authentication. Note that the Samba machine must employ user-level
+security (<tt class="literal">security</tt> <tt class="literal">=</tt>
+<tt class="literal">user</tt>) and must be the PDC for this option to
+function. In addition, Windows machines will expect a
+<tt class="literal">[netlogon]</tt> share to exist on the Samba server.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-4-SECT-8.1.1"/>
+
+<a name="INDEX-172"/><h3 class="head3">domain master</h3>
+
+<p>In a Windows network, a local master browser handles browsing within
+a subnet. A Windows domain can be made up of a number of subnets,
+each of which has its own local master browser. The primary domain
+controller serves the function of domain master browser, collecting
+the browse lists from the local master browser of each subnet. Each
+local master browser queries the domain master browser and adds the
+information about other subnets to their own browse lists. When Samba
+is configured as a primary domain controller, it automatically sets
+<tt class="literal">domain</tt> <tt class="literal">master</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt>, making itself the domain
+master browser.</p>
+
+<p>Because Windows NT PDCs always claim the role of domain master
+browser, Samba should never be allowed to be domain master if there
+is a Windows PDC in the domain.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-4-SECT-8.1.2"/>
+
+<a name="INDEX-173"/><h3 class="head3">add user script</h3>
+
+<p>There are two ways in which <tt class="literal">add</tt>
+<tt class="literal">user</tt> <tt class="literal">script</tt> can be used. When
+the Samba server is set up as a primary domain controller, it can be
+assigned to a command that will run on the Samba server to add a
+Windows NT/2000/XP computer account to Samba's
+password database. When the user on the Windows system changes the
+computer's settings to join a domain, he is asked
+for the username and password of a user who has administrative rights
+on the domain controller. Samba authenticates this user and then runs
+the <tt class="literal">add</tt> <tt class="literal">user</tt>
+<tt class="literal">script</tt> with root permissions.</p>
+
+<p>When Samba is configured as a domain member server, the
+<tt class="literal">add</tt> <tt class="literal">user</tt>
+<tt class="literal">script</tt> can be assigned to a command to add a user
+to the system. This allows Windows clients to add users that can
+access shares on the Samba system without requiring an administrator
+to create the account manually on the Samba host.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-4-SECT-8.1.3"/>
+
+<a name="INDEX-174"/><h3 class="head3">delete user script</h3>
+
+<p>There are times when users are automatically deleted from the domain,
+and the <tt class="literal">delete</tt> <tt class="literal">user</tt>
+<tt class="literal">script</tt> can be assigned to a command that removes a
+user from the Samba host as a Windows server would do. However, you
+might not want this to happen, because the Unix user might need the
+account for reasons other than use with Samba. Therefore, we
+recommend that you be very careful about using this option.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-4-SECT-8.1.4"/>
+
+<a name="INDEX-175"/><h3 class="head3">domain admin group</h3>
+
+<p>In a domain of Windows systems, it is possible for a server to get a
+list of the members of the Domain Admins group from a domain
+controller. Samba 2.2 does not have the ability to handle this, and
+the <tt class="literal">domain</tt> <tt class="literal">admin</tt>
+<tt class="literal">group</tt> parameter exists as a manual means of
+informing Samba who is in the group. The list should contain root
+(necessary for adding computer accounts) and any users on Windows
+NT/2000/XP clients in the domain who are in the Domain Admins group.
+These users must be recognized by the primary controller in order for
+them to perform some administrative duties such as adding users to
+the domain.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-4-SECT-8.1.5"/>
+
+<a name="INDEX-176"/><h3 class="head3">password server</h3>
+
+<p>In a Windows domain in which the domain controllers are a Windows
+primary domain controller, along with any number of Windows backup
+domain controllers, clients and domain member servers authenticate
+users by querying either the PDC or any of the BDCs. When Samba is
+configured as a domain member server, the <tt class="literal">password</tt>
+<tt class="literal">server</tt> parameter allows some control over how
+Samba finds a domain controller. Earlier versions of Samba could not
+use the same method that Windows systems use, and it was necessary to
+specify a list of systems to try. When you set
+<tt class="literal">password</tt> <tt class="literal">server</tt>
+<tt class="literal">=</tt> <tt class="literal">*</tt>, Samba 2.2 is able to find
+the domain controller in the same manner that Windows does, which
+helps to spread the requests over several backup domain controllers,
+minimizing the possibility of them becoming overloaded with
+authentication requests. We recommend that you use this method.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-4-SECT-8.1.6"/>
+
+<a name="INDEX-177"/><h3 class="head3">machine password timeout</h3>
+
+<p>The <tt class="literal">machine</tt> <tt class="literal">password</tt>
+<tt class="literal">timeout</tt> global option sets a retention period for
+Windows NT domain machine passwords. The default is currently set to
+the same time period that Windows NT 4.0 uses: 604,800 seconds (one
+week). Samba will periodically attempt to change the
+<em class="firstterm">machine account password</em>, which is a password
+used specifically by another server to report changes to it. This
+option specifies the number of seconds that Samba should wait before
+attempting to change that password. The timeout period can be changed
+to a single day by specifying the following:</p>
+
+<blockquote><pre class="code">[global]
+ machine password timeout = 86400</pre></blockquote>
+
+<a name="samba2-CHP-4-NOTE-119"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>If you would like more information on how Windows NT uses domain
+usernames and groups, we recommend Eric <a name="INDEX-178"/>Pearce's
+<em class="citetitle">Windows NT in a Nutshell</em>, published by
+O'Reilly. <a name="INDEX-179"/></p>
+</blockquote>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> When we include
+Windows XP in discussions of Windows NT domains in this book, we are
+referring to Windows XP Professional and not to the Home edition. The
+reason for this is explained in the section on Windows XP later in
+this chapter.</p> <a name="FOOTNOTE-2"/> <p><a href="#FNPTR-2">[2]</a> The entry in
+<em class="filename">/etc/passwd</em> might not be required in future
+Samba versions.</p> <a name="FOOTNOTE-3"/> <p><a href="#FNPTR-3">[3]</a> If you want to follow our example in this
+section, and your network doesn't have any Windows
+systems offering shares, see <a href="ch05.html">Chapter 5</a> for
+directions on how to create one. Make sure you understand how to set
+up shares before continuing with the directions presented
+here!</p> <a name="FOOTNOTE-4"/> <p><a href="#FNPTR-4">[4]</a> The version of the System Policy
+Editor distributed with Windows 98 is an update of the version
+shipped with Windows 95. Use the version from the Windows 98
+distribution if you can.</p> <a name="FOOTNOTE-5"/> <p><a href="#FNPTR-5">[5]</a> This security identifier (SID) is part of
+an access token that allows the PDC to identify and authenticate the
+client.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html>
diff --git a/docs/htmldocs/using_samba/ch05.html b/docs/htmldocs/using_samba/ch05.html
new file mode 100644
index 00000000000..07a65cd08aa
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch05.html
@@ -0,0 +1,1779 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 5. Unix Clients</h1>
+
+<p><a name="INDEX-1"/>In <a href="ch03.html">Chapter 3</a> we showed you how to configure Windows systems
+to access shared resources on both Windows and Samba servers. This
+has probably opened up a whole new world of computing for
+you&mdash;one in which you have to run to a Windows system every time
+you want to copy a file between Unix and Windows! In this chapter, we
+will show you the &quot;other
+side&quot;&mdash;how to access SMB shares from your
+favorite Unix system.</p>
+
+<p>You can access SMB resources from Unix in three ways, depending on
+your version of Unix. A program included with the Samba distribution
+called <em class="emphasis">smbclient</em><a name="INDEX-2"/> can be used to connect with a share on
+the network in a manner similar to using <em class="emphasis">ftp</em>
+when transferring files to or from an FTP site.</p>
+
+<p>If your system is running Linux, you can use the
+<a name="INDEX-3"/>smbfs
+filesystem to mount SMB shares right onto your Linux filesystem, just
+as you would mount a disk partition or NFS filesystem. The SMB shares
+can then be accessed and manipulated by all programs running on the
+Linux system: command shells, desktop GUI interfaces, and application
+software.</p>
+
+<p>On some BSD-based systems, including Mac OS X, a pair of utilities
+named <em class="emphasis">smbutil</em> <a name="INDEX-4"/>and <em class="emphasis">mount_smbfs</em>
+<a name="INDEX-5"/>can be used to query SMB servers and
+mount shares.</p>
+
+<p>For other Unix variants,
+<em class="emphasis">smbsh</em><a name="INDEX-6"/> can be run to enable common shell
+commands such as <em class="emphasis">cd</em>, <em class="emphasis">ls</em>,
+<em class="emphasis">mv, wc</em>, and <em class="emphasis">grep</em> to access
+and manipulate files and directories on SMB shares. This effectively
+extends the reach of the Unix shell and utilities beyond the Unix
+filesystem and into the SMB network.</p>
+
+<p>All the Unix clients can access shares offered by either Windows
+systems or Samba servers. We have already shown you how to set up a
+share on a Samba server and could use that as an example to work
+with. But it's much more fun to use the Unix clients
+with shares served by Windows systems. So before we start covering
+the Unix clients in detail, we will take a quick detour and show you
+how to set up file shares on both Windows 95/98/Me and Windows
+NT/2000/XP systems.</p>
+
+
+<div class="sect1"><a name="samba2-CHP-5-SECT-1"/>
+
+<h2 class="head1">Sharing Files on Windows 95/98/Me</h2>
+
+<p>When <a name="INDEX-7"/><a name="INDEX-8"/>sharing files on Windows 95/98/Me, you
+can authenticate users in two different ways.
+<a name="INDEX-9"/><a name="INDEX-10"/>Share-level security is the default
+and is easy to use. However, it is not as secure and can require
+users to type in passwords when connecting to shares. User-level
+security offers a better security model and can be used if you have
+either a Samba or Windows NT/2000 server on your network performing
+user authentication.</p>
+
+<p>To configure the type of access control for your system, open the
+Control Panel, double-click the Network icon, then click the Access
+Control tab. You should see the dialog box shown in <a href="ch05.html#samba2-CHP-5-FIG-1">Figure 5-1</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-5-FIG-1"/><img src="figs/sam2_0501.gif"/></div><h4 class="head4">Figure 5-1. The Access Control tab of the Windows 98 Network Control Panel window</h4>
+
+<p>Click the &quot;Share-level access
+control&quot; or &quot;User-level access
+control&quot; radio button, depending on which you want
+to use. When using user-level access control, you will also need to
+fill in the name of your workgroup or Windows NT domain. Reboot as
+requested.</p>
+
+<p>To share a folder, right-click the folder's icon and
+select Sharing . . . . This will open the Sharing tab of the
+folder's Properties dialog box. Click the
+&quot;Shared As:&quot; radio button, and fill
+in a name for the share (which defaults to the
+folder's name) and a description, which will be
+visible to client users. If you don't want the share
+to be visible in the Network Neighborhood view of other Windows
+clients, pick a name for the share that ends in a dollar sign
+(<tt class="literal">$</tt>).</p>
+
+<p><a href="ch05.html#samba2-CHP-5-FIG-2">Figure 5-2</a> shows what the Sharing tab of the
+folder's Properties dialog box will look like when
+using share-level security. The security settings are very simple.
+You can select a radio button for read-only access or full
+(read/write) access, or have the user's permissions
+(either read-only or read/write) depend on which password they use.
+In accordance with which you select, you will be asked to assign
+either or both of the read-only and full-access passwords for the
+share.</p>
+
+<div class="figure"><a name="samba2-CHP-5-FIG-2"/><img src="figs/sam2_0502.gif"/></div><h4 class="head4">Figure 5-2. The Sharing tab of the folder's Properties dialog, with share-level security</h4>
+
+<p>If your system is configured with user-level security, the Sharing
+tab of the folder's Properties dialog box will look
+like <a href="ch05.html#samba2-CHP-5-FIG-3">Figure 5-3</a>. As you can see,
+we've created a share named
+&quot;DATA&quot;, and used the Add . . .
+button to create permissions that allow read-only access for all
+domain users and read/write (full access) for <tt class="literal">jay</tt>.</p>
+
+<div class="figure"><a name="samba2-CHP-5-FIG-3"/><img src="figs/sam2_0503.gif"/></div><h4 class="head4">Figure 5-3. The Sharing tab of the folder Properties dialog, with user-level security</h4>
+
+<p>When you are done specifying your settings for the share, click on
+the OK button, and the share will become available to users on
+network clients. Unless you chose a share name ending in a dollar
+sign, you can see it in the Network Neighborhood or My Network Places
+of Windows clients on the network. You can also now use the Unix
+clients described in this chapter to connect to the share.</p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-5-SECT-2"/>
+
+<h2 class="head1">Sharing Files on Windows NT/2000/XP</h2>
+
+<p>To create a file share on <a name="INDEX-11"/><a name="INDEX-12"/><a name="INDEX-13"/><a name="INDEX-14"/>Windows NT/2000/XP, you first must
+log in to the system as any member of the Administrators, Power
+Users, or Server Operators groups. Right-click the icon of a folder
+you wish to share, and click Sharing . . . in the pop-up menu. The
+Sharing tab of the folder's Properties dialog box
+will appear, as shown in <a href="ch05.html#samba2-CHP-5-FIG-4">Figure 5-4</a>. Click the
+&quot;Share this folder&quot; radio button.</p>
+
+<div class="figure"><a name="samba2-CHP-5-FIG-4"/><img src="figs/sam2_0504.gif"/></div><h4 class="head4">Figure 5-4. The Sharing tab of the folder's Properties dialog on Windows 2000</h4>
+
+<p>Share name: will default to the name of the folder, and you can
+change it if you want. One reason you might want to use a different
+name for the share is to make the share not appear in browse lists
+(as displayed by the Network Neighborhood, for example). This can be
+done by using a share name ending in a dollar sign
+(<tt class="literal">$</tt>). You can also add a description of the share
+in the Comment: text area. The description will appear to users of
+network clients and can help them understand the contents of the
+share.</p>
+
+<p><a name="INDEX-15"/><a name="INDEX-16"/><a name="INDEX-17"/><a name="INDEX-18"/><a name="INDEX-19"/>By clicking the Permissions button,
+you can set permissions for the share on a user-by-user basis. This
+is equivalent to the user-level security of Windows 95/98/Me file
+sharing. On Windows NT/2000/XP, Microsoft recommends that share
+permissions be set to allow full access by everyone, with the
+permissions controlled on a file-by-file basis using filesystem
+access control lists
+(<a name="INDEX-20"/>ACLs). The actual permissions given
+to network clients are a combination of the share permissions and
+file access permissions. To edit the ACL for the folder, click the
+Security tab. For more information on ACLs, see <a href="ch08.html#samba2-CHP-8-SECT-3">Section 8.3</a> in <a href="ch08.html">Chapter 8</a>.</p>
+
+<p>If you want, you can limit the number of users who can concurrently
+connect to the share using the &quot;User
+limit:&quot; radio button. The New Share button allows
+you to create multiple file shares for the same folder, each having
+its own name, comment, user limit, and other parameters.</p>
+
+<p>When you are done, click the OK button, and the folder will be
+accessible from clients on the network.</p>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-5-SECT-3"/>
+
+<h2 class="head1">smbclient</h2>
+
+<p>The Samba Team supplies <em class="emphasis">smbclient</em><a name="INDEX-21"/> as a basic part of the Samba suite. At
+first, it might seem to be a primitive interface to the SMB network,
+but <em class="emphasis">smbclient</em> is actually a versatile tool. It
+can be used for browsing shares on servers, testing configurations,
+debugging, accessing shared printers, backing up shared data, and
+automating administrative tasks in shell scripts. And unlike
+<tt class="literal">smbfs</tt><a name="INDEX-22"/><a name="INDEX-23"/><a name="INDEX-24"/> and <em class="emphasis">smbsh</em>,
+<em class="emphasis">smbclient</em> works on all Unix variants that
+support Samba.</p>
+
+<p>In this chapter we'll focus mostly on running
+<em class="emphasis">smbclient</em> as an interactive shell, using its
+<em class="emphasis">ftp</em>-like commands to access shared directories
+on the network. Using <em class="emphasis">smbclient</em> to access
+printers and perform backups will be covered in <a href="ch10.html">Chapter 10</a>.</p>
+
+<p>A complete reference to <em class="emphasis">smbclient</em> is found in
+<a href="appc.html">Appendix C</a>.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-3.1"/>
+
+<h3 class="head2">Listing Services</h3>
+
+<p><a name="INDEX-25"/>The <em class="emphasis">-L</em> option
+can be used with <em class="emphasis">smbclient</em> to list the resources
+on a single computer. Assuming the Samba server is configured to take
+the role of the master browser, we can obtain a list of the computers
+in the domain or workgroup like this:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L toltec</b></tt>
+added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0
+Password:
+Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.5]
+
+ Sharename Type Comment
+ --------- ---- -------
+ test Disk For testing only, please
+ IPC$ IPC IPC Service (Samba 2.2.5)
+ ADMIN$ Disk IPC Service (Samba 2.2.5)
+
+ Server Comment
+ --------- -------
+ MAYA Windows 98
+ MIXTEC Samba 2.2.5
+ TOLTEC Samba 2.2.5
+ ZAPOTEC
+
+ Workgroup Master
+ --------- -------
+ METRAN TOLTEC</pre></blockquote>
+
+<p>In the column labeled &quot;Server&quot;,
+<tt class="literal">maya</tt>, <tt class="literal">mixtec</tt>, and
+<tt class="literal">zapotec</tt> are shown along with toltec, the Samba
+server. The services on <tt class="literal">toltec</tt> are listed under
+&quot;Sharename&quot;. The IPC$ and ADMIN$
+shares are standard Windows services that are used for network
+communication and administrative purposes, and
+<em class="filename">test</em> is the directory we added as a share in
+<a href="ch02.html">Chapter 2</a>.</p>
+
+<p>Now that we know the names of computers in the domain, we can list
+services on any of those computers. For example, here is how we would
+list the services offered by <tt class="literal">maya</tt>, a Windows 98
+workstation:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L maya</b></tt>
+added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0
+Password:
+
+
+ Sharename Type Comment
+ --------- ---- -------
+ PRINTER$ Disk
+ HP Printer HP 932C on Maya
+ D Disk D: on Maya
+ E Disk E: on Maya
+
+ ADMIN$ Disk
+ IPC$ IPC Remote Inter Process Communication
+
+ Server Comment
+ --------- -------
+
+ Workgroup Master
+ --------- -------</pre></blockquote>
+
+<p>A shared printer is attached to <tt class="literal">maya</tt>, so we see
+the PRINTER$ administrative service, along with the HP share for the
+printer itself. Also on <tt class="literal">maya</tt> are the D and E
+shares, which allow access across the network to
+<tt class="literal">maya</tt>'s D: and E: drives. It is
+normal for the Server and Workgroup sections to be empty when listing
+services on a Windows client.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-3.2"/>
+
+<h3 class="head2">Authenticating with smbclient</h3>
+
+<p><a name="INDEX-26"/>As with any other SMB client,
+<em class="emphasis">smbclient</em> needs to supply a username and
+password if it is authenticating in a domain environment or if it is
+contacting a Samba server that is set up with user-level security. In
+a workgroup environment, it will at least need a password to use when
+connecting with a password-protected resource.</p>
+
+<p>By default, <em class="emphasis">smbclient</em> uses the username of the
+user who runs it and then prompts for a password. If you are using
+<em class="emphasis">smbclient</em> a lot, you might tire of entering your
+password every time.</p>
+
+<p><em class="emphasis">smbclient</em> supports some alternate methods of
+entering a username and password. The password can be entered on the
+command line, like this:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e jayspassword</b></tt></pre></blockquote>
+
+<p>Or both the username and password can be supplied by using the
+<em class="emphasis">-U</em> option, including the username and password
+separated by a percent (<tt class="literal">%</tt>) character:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -U kelly%kellyspassword</b></tt></pre></blockquote>
+
+<p>This method is useful if you are logged in to the system under an
+account that is not Samba-enabled or you are testing your
+configuration to see how it treats another user. With either method,
+you can avoid having to enter the username and/or password each time
+you run <em class="emphasis">smbclient</em> by creating an alias for the
+command or creating a shell function or shell script. For example,
+with the <em class="emphasis">bash</em> shell, it is possible to define a
+function like this:</p>
+
+<blockquote><pre class="code">smbcl( )
+{
+ smbclient $* -U jay%jayspassword
+}</pre></blockquote>
+
+<p>Adding the definition to the shell's startup script
+(which would be <em class="filename">~/.bash_profile</em> for
+<em class="emphasis">bash</em>) would result in the definition affecting
+all subsequent shell invocations.</p>
+
+<p>Another method that can be used to supply both the username and
+password is to set the USER and <a name="INDEX-27"/><a name="INDEX-28"/>PASSWD environment variables. Either
+set the USER environment variable using the
+<em class="replaceable">username</em>%<em class="replaceable">password</em>
+format, or set the USER environment variable to the username, and set
+PASSWD to the user's password.</p>
+
+<p>It is also possible to create a credentials file containing the
+username on the first line and the password on the second line, like
+this:</p>
+
+<blockquote><pre class="code">username = jay
+password = jayspassword</pre></blockquote>
+
+<p>Then, <em class="emphasis">smbclient</em> is run using the
+<em class="emphasis">-A</em> option to specify the name of the file:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -A ~/.smbpw</b></tt></pre></blockquote>
+
+<a name="samba2-CHP-5-NOTE-120"/><blockquote class="note"><h4 class="objtitle">NOTE</h4>
+<p>Of the methods we described in this section, the only one that is
+really secure is the default method of allowing
+<em class="emphasis">smbclient</em><a name="INDEX-29"/> to
+prompt for the password and typing in the password without echoing.</p>
+
+<p>If security is a concern, you definitely should avoid providing your
+password on the command line because it is very easy for
+&quot;shoulder surfers&quot; to obtain, as
+well as anyone who looks through your shell's
+command history.</p>
+
+<p>If you keep your Samba password in a credentials file, shell startup
+file, or shell script, make sure the file's
+permissions prohibit other users from reading or writing it. (Use an
+octal permissions mode of 0600.) Security experts never keep
+passwords in files owned by nonroot users or accessible by anyone
+other than the superuser. As part of their security policy, some
+organizations do not permit passwords to be stored in files, so you
+might want to check first before using this method.</p>
+
+<p>The authentication method that uses the USER and PASSWD environment
+variables isn't any more secure. Environment
+variables are usually set either on the command line or in one or
+more of the shell's startup files, so this method
+suffers from the same weaknesses we've just
+discussed. In addition, any program run by the user has access to the
+shell's environment variables, making a Trojan horse
+attack on the PASSWD variable really easy!</p>
+</blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-3.3"/>
+
+<h3 class="head2">An Interactive smbclient Session</h3>
+
+<p><a name="INDEX-30"/>A common use for
+<em class="emphasis">smbclient</em> is to use it as an
+<em class="emphasis">ftp</em>-like shell to access SMB resources on the
+network. To begin a session, <em class="emphasis">smbclient</em> must be
+provided with the UNC of a resource (which you can find using the
+<em class="emphasis">-L</em> option) on the command line, like this:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e</b></tt>
+added interface ip=172.16.1.3 bcast=172.16.1.255 nmask=255.255.255.0
+Password:
+smb: \&gt;</pre></blockquote>
+
+<p>Forward slashes are accepted by <em class="emphasis">smbclient</em> for
+the share's UNC, which makes entering the UNC on the
+command line easier. Backslashes can also be used, but they must be
+quoted or escaped, and it is somewhat more difficult to type
+'<tt class="literal">\\maya\e</tt>' or <tt class="literal">\\\\maya\\e</tt>.
+After connecting to the share, <em class="emphasis">smbclient</em>
+displays the <tt class="literal">smb: \&gt;</tt> prompt, waiting for a
+command to be entered. Commands are similar to those with which you
+might be familiar in <em class="emphasis">ftp</em> and are also somewhat
+similar to Unix shell commands. To get a list of
+<em class="emphasis">smbclient</em><a name="INDEX-31"/> commands, use the
+<em class="emphasis">help</em> command:</p>
+
+<blockquote><pre class="code">smb: \&gt; <tt class="userinput"><b>help</b></tt>
+ls dir du lcd cd
+pwd get mget put mput
+rename more mask del open
+rm mkdir md rmdir rd
+prompt recurse translate lowercase print
+printmode queue cancel quit q
+exit newer archive tar blocksize
+tarmode setmode help ? history
+!</pre></blockquote>
+
+<p>Some commands in the previous list are synonyms for other commands.
+For example, the <em class="emphasis">?</em> command is a synonym for
+<em class="emphasis">help</em>. You can give this command the name of
+another command as an argument to get a concise reminder of what the
+command does and how to use it:</p>
+
+<blockquote><pre class="code">smb: \&gt; <tt class="userinput"><b>? ls</b></tt>
+HELP ls:
+ &lt;mask&gt; list the contents of the current directory</pre></blockquote>
+
+<p>The term <tt class="literal">&lt;mask&gt;</tt> refers to a file-matching
+pattern as commonly found in Unix shells and utilities. For example:</p>
+
+<blockquote><pre class="code">smb: \&gt; <tt class="userinput"><b>ls *doc</b></tt>
+ ms-ProfPol-wp.doc A 131 Tue Dec 18 09:12:34 2002
+ smbclient.doc A 33969 Mon Dec 10 20:22:24 2002
+ smbmount.doc A 7759 Mon Dec 10 20:20:00 2002
+
+ 48590 blocks of size 524288. 40443 blocks available</pre></blockquote>
+
+<p>lists all files ending in &quot;doc&quot; in
+the current directory on the remote system. In the listing, the
+leftmost column shows the filename. Moving left to right, we see the
+file's MS-DOS attributes, then its size, and the
+time it was last modified.</p>
+
+<p>As with any other Unix utility, <em class="emphasis">smbclient</em> has a
+working directory on the local host. It also has another current
+directory on the remote SMB share. With
+<em class="citetitle">smbclient</em>, the <em class="emphasis">cd</em> command
+is used to move around on the remote system:</p>
+
+<blockquote><pre class="code">smb: \&gt; <tt class="userinput"><b>cd trans </b></tt>
+smb: \trans\&gt;</pre></blockquote>
+
+<p>Notice how the prompt changes to reflect the new current working
+directory. To change your current directory on the local system, use
+the <em class="emphasis">lcd</em> command:</p>
+
+<blockquote><pre class="code">smb: \trans\&gt; <tt class="userinput"><b>lcd /u/snd</b></tt>
+the local directory is now /u/snd</pre></blockquote>
+
+<p>Most of <em class="emphasis">smbclient</em>'s commands
+are for performing operations on remote files and directories. There
+is no command for listing the contents of the local directory.
+However, <em class="emphasis">smbclient</em> allows a shell escape. Any
+command preceded by an exclamation point (<tt class="literal">!</tt>) is
+interpreted as a shell command and is run in a subshell on the local
+system. For example:</p>
+
+<blockquote><pre class="code">smb: \trans\&gt; <tt class="userinput"><b>! ls -l</b></tt>
+total 16
+drwxrwxr-x 2 jay jay 4096 Jan 10 14:46 dr220-fet
+drwxrwxr-x 2 jay jay 4096 Sep 22 12:16 dr220-tube
+-rw-rw-r-- 1 jay jay 131 Jan 10 02:22 readme.txt
+drwxrwxr-x 7 jay jay 4096 Jan 10 02:19 xl1</pre></blockquote>
+
+<p>lists the contents of <em class="filename">/u/snd</em>. By using
+<em class="emphasis">smbclient</em>'s commands to operate
+on the remote system&mdash;and shell-escaped commands to operate on
+the local system&mdash;it is possible to manipulate data on both
+systems without having to exit <em class="emphasis">smbclient</em> or open
+another shell window.</p>
+
+<p><a name="INDEX-32"/><a name="INDEX-33"/>File transfer is performed using
+the <em class="emphasis">get</em> and
+<em class="emphasis">put</em><a name="INDEX-34"/><a name="INDEX-35"/> commands. The <em class="emphasis">get</em>
+command transfers a single file from the remote to the local system,
+and the <em class="emphasis">put</em> command copies a file from the local
+to the remote system. For example, the following command copies the
+file <em class="filename">readme.txt</em> to the SMB share:</p>
+
+<blockquote><pre class="code">smb: \trans\&gt; <tt class="userinput"><b>put readme.txt</b></tt>
+putting file readme.txt as \trans\readme.txt (127.9 kb/s) (average 10.7 kb/s)</pre></blockquote>
+
+<a name="samba2-CHP-5-NOTE-121"/><blockquote class="note"><h4 class="objtitle">NOTE</h4>
+<p>Unlike <em class="emphasis">ftp</em>, <em class="emphasis">smbclient</em> does
+not have <em class="emphasis">ascii</em> and <em class="emphasis">binary</em>
+commands to set the type of the file that is being transferred.
+Before transferring a text file from a Unix system to a Windows or
+Macintosh system, you might want to use the GNU
+<em class="emphasis">unix2dos</em><a name="INDEX-36"/> command to reformat newlines in the
+file to work with the carriage return linefeed (CRLF) standard:</p>
+
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>unix2dos text_file &gt;text_file.txt</b></tt></pre></blockquote>
+
+
+<p>and then transfer the CRLF-formatted version. After transferring a
+text file from a Windows or Macintosh system to Unix, you can use the
+GNU <em class="emphasis">dos2unix</em><a name="INDEX-37"/> command to perform the inverse
+operation:</p>
+
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>dos2unix text_file.txt &gt;text_file</b></tt></pre></blockquote>
+</blockquote>
+
+<p>To transfer more than one file with a single command, you can use the
+<em class="emphasis">mget</em><a name="INDEX-38"/><a name="INDEX-39"/> and <em class="emphasis">mput</em> commands,
+which accept a list of filenames in the command line. The list can be
+provided by typing in the filenames on the command line separated by
+spaces, or the group of files can be specified with a pattern as one
+would use in Unix shell commands. The command:</p>
+
+<blockquote><pre class="code">smb: \trans\&gt; <tt class="userinput"><b>mget plain/*</b></tt></pre></blockquote>
+
+<p>copies all the files in the directory <em class="filename">plain</em> on
+the SMB share to the current directory on the local system. By
+default, <em class="emphasis">smbclient</em> prompts for each file, asking
+if you want to copy it:</p>
+
+<blockquote><pre class="code">smb: \trans\&gt; <tt class="userinput"><b>mget plain/*</b></tt>
+Get file tomm.wav? n
+Get file toml.wav? n
+Get file tomh.wav? n
+Get file snare.wav? n
+Get file rim.wav? n
+Get file handclap.wav? n
+Get file bassdrum.wav? n</pre></blockquote>
+
+<p>If you are sure you want to copy all the files, you can turn off
+prompting with the <em class="emphasis">prompt</em> command, like this:</p>
+
+<blockquote><pre class="code">smb: \trans\&gt; <tt class="userinput"><b>prompt</b></tt>
+prompting is now off</pre></blockquote>
+
+<p>By default, if you specify the name of a directory,
+<em class="emphasis">smbclient</em> will not copy the contents of the
+directory. To transfer the entire contents of directories listed in
+the <em class="emphasis">mput</em> or <em class="emphasis">mget</em> command,
+you must first use the <em class="emphasis">recurse</em> command:</p>
+
+<blockquote><pre class="code">smb: \trans\&gt; <tt class="userinput"><b>recurse</b></tt>
+directory recursion is now on</pre></blockquote>
+
+<p>After setting things up with the
+<em class="emphasis">prompt</em><a name="INDEX-40"/><a name="INDEX-41"/> and <em class="emphasis">recurse</em>
+commands, we can copy a directory like this:</p>
+
+<blockquote><pre class="code">smb: \trans\&gt; <tt class="userinput"><b>mget acc</b></tt>
+getting file tomm.wav of size 55494 as tomm.wav (2580.6 kb/s) (average 2087.3 kb/s)
+getting file toml.wav of size 57220 as toml.wav (2660.9 kb/s) (average 2167.6 kb/s)
+getting file tomh.wav of size 55936 as tomh.wav (2601.2 kb/s) (average 2220.8 kb/s)
+getting file snare.wav of size 22132 as snare.wav (1200.7 kb/s) (average 2123.7 kb/s)
+getting file rim.wav of size 8314 as rim.wav (1623.8 kb/s) (average 2110.8 kb/s)
+getting file handclap.wav of size 14180 as handclap.wav (1978.2 kb/s) (average 2106.2
+kb/s)
+getting file bassdrum.wav of size 6950 as bassdrum.wav (2262.3 kb/s) (average 2108.5
+kb/s)</pre></blockquote>
+
+<p><a name="INDEX-42"/>Directory recursion applies to all
+commands, so if an <em class="emphasis">ls</em> command is used while
+directory recursion is on, all files in the directory tree are
+listed. To turn directory recursion off again, simply re-enter the
+command. At the same time, you might also wish to toggle prompting
+back to its initial state:</p>
+
+<blockquote><pre class="code">smb: \trans\&gt; <tt class="userinput"><b>recurse</b></tt>
+directory recursion is now off
+smb: \trans\&gt; <tt class="userinput"><b>prompt</b></tt>
+prompting is now on</pre></blockquote>
+
+<p>There are other <em class="emphasis">smbclient</em> commands that you
+might find useful. The <em class="emphasis">mkdir</em> command can be used
+to create a directory; <em class="emphasis">rmdir</em> removes a
+directory; <em class="emphasis">rm</em> deletes a file; and
+<em class="emphasis">rename</em> changes a file's name.
+These behave very similarly to their Unix shell counterparts. <a href="appc.html">Appendix C</a> contains a complete reference to
+<em class="emphasis">smbclient</em> and its command set.</p>
+
+<p>To exit <em class="emphasis">smbclient</em>, use the
+<em class="emphasis">exit</em> or <em class="emphasis">quit</em> command:</p>
+
+<a name="INDEX-43"/><blockquote><pre class="code">smb: \trans\&gt; <tt class="userinput"><b>quit </b></tt></pre></blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-3.4"/>
+
+<h3 class="head2">Programming with smbclient</h3>
+
+<p><a name="INDEX-44"/>The <em class="emphasis">-c</em> option
+<em class="emphasis">of smbclient</em> allows a list of commands to be
+passed on the command line. To copy the file
+<em class="filename">\\maya\e\trans\readme.txt</em> to
+<em class="filename">/u/snd/readme.txt</em>, we might use the command:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -c &quot;lcd /u/snd; cd trans; get readme.txt&quot; -A ~/.smbpw</b></tt></pre></blockquote>
+
+<p>Everything that <em class="emphasis">smbclient</em> needs to know to
+perform the operation has been specified in the command. There is no
+interactive session, so a command such as this can be placed inside a
+shell script or a program in some other programming language.</p>
+
+<p>By using <em class="emphasis">smbclient</em> in this manner, it is
+possible to create customized commands using shell functions, scripts
+or aliases. For example, suppose we wanted a command to print a short
+listing of files in a shared directory, showing just the names of the
+files. Using a <em class="emphasis">bash</em> function, we could define a
+command <em class="emphasis">smbls</em> as follows:</p>
+
+<blockquote><pre class="code">smbls( )
+{
+ share=`echo $1 | cut -d '/' -f '1-4'`
+ dir=`echo $1 | cut -d '/' -f '5-'`
+ smbclient $share -c &quot;cd $dir; ls&quot; -A ~/.smbpw | \
+ grep &quot;^ &quot; | cut -d ' ' -f 3 - | sort
+}</pre></blockquote>
+
+<p>After defining this function, we can use <em class="emphasis">smbls</em>
+like this:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbls //maya/e</b></tt>
+CD-images
+lectures
+ms-ProfPol-wp.doc
+profile-map
+readme.txt
+RECYCLED
+smbclient.doc
+smbmount.doc
+smbsh.txt
+trans
+$ <tt class="userinput"><b>smbls //maya/e/lectures</b></tt>
+.
+..
+lecture1.mp3
+lecture2.mp3
+lecture3.mp3
+lecture4.mp3
+lecture5.mp3
+lecture6.mp3
+lecture7.mp3
+lecture8.mp3
+lecture9.mp3</pre></blockquote>
+
+<p>Another use for <em class="emphasis">smbclient</em> in scripts is
+performing administrative tasks. Suppose a group of users on Windows
+clients are sharing a set of files as part of a project on which they
+are working. Instead of expecting them to coordinate making daily
+backups, we could write a script that copies the share to the Samba
+server and run the script nightly as a cron job. The directory on the
+Samba server could be shared as well, allowing any of the users to
+retrieve a backup file on their own, without having to bother an
+administrator.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-3.5"/>
+
+<h3 class="head2">Backups with smbclient</h3>
+
+<p>A major use of <em class="emphasis">smbclient</em><a name="INDEX-45"/><a name="INDEX-46"/> is to create and restore backups of
+SMB file shares. The backup files <em class="emphasis">smbclient</em>
+writes are in tar format, making them easy to work with and portable
+among all Unix versions. Using <em class="emphasis">smbclient</em> on a
+Unix server to run network backups can result in a more centralized
+and easily managed solution for providing data integrity because both
+SMB shares and NFS filesystems can be backed up on the same system.</p>
+
+<p>You can use <em class="emphasis">smbclient</em> to perform backups in two
+ways. When backing up an entire share, the simplest method is to use
+the <em class="emphasis">-Tc</em> option on the command line:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -Tc &gt;maya-e.tar</b></tt></pre></blockquote>
+
+<p>This will create a tar archive of the <em class="filename">\\maya\e</em>
+share in the file <em class="filename">maya-e.tar</em>. By using the
+<em class="emphasis">-D</em> option, it is possible to back up a directory
+in the share, rather than the whole share:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -D trans -Tc &gt;maya-e.tar</b></tt></pre></blockquote>
+
+<p>This causes <em class="emphasis">smbclient</em> to change its working
+directory to the <em class="filename">trans</em> directory of the
+<em class="filename">\\maya\e</em> share before starting the backup. It is
+also possible to use
+<em class="emphasis">smbclient</em>'s
+<em class="emphasis">tar</em> command in interactive mode, like this:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e </b></tt>
+added interface ip=172.16.1.3 bcast=172.16.1.255 nmask=255.255.255.0
+Password:
+smb: \&gt; <tt class="userinput"><b>cd trans</b></tt>
+smb: \trans\&gt; <tt class="userinput"><b>tarmode full hidden system quiet</b></tt>
+smb: \trans\&gt; <tt class="userinput"><b>tar c maya-e-trans.tar</b></tt></pre></blockquote>
+
+<p>With the previous code, only the <em class="emphasis">trans</em>
+subdirectory in the <em class="emphasis">\\maya\e</em> share will be
+backed up, using the settings specified in the
+<em class="emphasis">tarmode</em> command. To have this type of backup run
+automatically from a script, use the <em class="emphasis">-c</em> option:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -c &quot;cd trans; tarmode full hidden \</b></tt>
+<tt class="userinput"><b> system quiet; tar &gt;maya-e-trans.tar&quot;</b></tt></pre></blockquote>
+
+<p>Using either the <em class="emphasis">-T</em> command-line option or
+<em class="emphasis">smbclient</em>'s
+<em class="emphasis">tar</em> command, additional options can be supplied.
+It is necessary to specify either the <em class="emphasis">c</em> option
+to create a backup archive or the <em class="emphasis">x</em> option to
+extract (restore) one.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> </p>
+
+<p>The other options can be appended to the option string
+and are explained in the section on <em class="emphasis">smbclient</em> in
+<a href="appc.html">Appendix C</a>. They allow you to create incremental
+backups, specify which files to include or exclude from the backup,
+and specify a few other miscellaneous settings. For example, suppose
+we wish to create an incremental backup of a share and reset the
+archive bit on the files to set things up for the next incremental
+backup. Instead of using the interactive commands:</p>
+
+<blockquote><pre class="code">smb: \&gt; <tt class="userinput"><b>tarmode inc reset quiet</b></tt>
+smb: \&gt; <tt class="userinput"><b>tar c backup.tar</b></tt></pre></blockquote>
+
+<p>we could either use the interactive command:</p>
+
+<blockquote><pre class="code">smb: \&gt; <tt class="userinput"><b>tar cgaq backup.tar</b></tt></pre></blockquote>
+
+<p>or specify the <em class="emphasis">-Tcgaq</em> option on the
+<em class="emphasis">smbclient</em> command line.</p>
+
+<p>Your best strategy for using <em class="emphasis">smbclient</em> for
+network backups depends on your local configuration. If you have only
+a few Windows systems sharing a small amount of data, you might
+create a script containing <em class="emphasis">smbclient -Tc</em>
+commands to back up each share to a separate tar file, placing the
+files in a directory that is included with regular backups of the
+Unix system. If you have huge SMB shares on your network, you might
+prefer to write the backup directly to a tape drive. You can do this
+with <em class="emphasis">smbclient</em> just as you would with a Unix
+<em class="emphasis">tar</em> command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/d -A samba-domain-pw -Tc &gt;/dev/tape</b></tt></pre></blockquote>
+
+<p>After you have become more familiar with
+<em class="emphasis">smbclient</em> and have an automated backup system in
+place, you might find that using Samba has dramatically decreased
+your anxiety regarding the integrity of your
+network's data. The authors of this book are
+experienced Unix system administrators, and we highly recommend
+having a backup strategy that has been carefully planned,
+implemented, and most importantly, <em class="emphasis">tested and known to work
+as it is supposed to</em>.</p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-5-SECT-4"/>
+
+<h2 class="head1">smbfs</h2>
+
+<p>On Linux, the <a name="INDEX-47"/>smbfs filesystem can be used to mount
+SMB shares onto the Linux filesystem in a manner similar to mounting
+disk partitions on NFS filesystems. The result is so transparent that
+users on the Linux system might never be aware that they are
+accessing files through a Windows or Samba server. Files and
+directories appear as any other files or directories on the local
+Linux system, although there are a few differences in behavior
+relating to ownership and permissions.<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a></p>
+
+<p>Although smbfs is based on the Samba code, it is not itself part of
+the Samba distribution. Instead, it is included with Linux as a
+standard part of the Linux filesystem support.</p>
+
+<p>The <em class="emphasis">smbmount</em> and
+<em class="emphasis">smbmnt</em><a name="INDEX-48"/> programs are part of the Samba
+distribution and are needed on the client to mount smbfs filesystems.
+Samba must be compiled with the <tt class="literal">--with-smbmount</tt>
+configure option to make sure these programs are compiled. They refer
+to <em class="filename">smb.conf</em> for information they need regarding
+the local system and network configuration, so you will need a
+working <em class="filename">smb.conf</em><a name="INDEX-49"/><a name="INDEX-50"/>
+file on the system, even if it is not acting as a Samba server.
+ <a name="INDEX-51"/><a name="INDEX-52"/><a name="INDEX-53"/></p>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-4.1"/>
+
+<h3 class="head2">Mounting an smbfs Filesystem</h3>
+
+<p>The <em class="emphasis">smbmount</em><a name="INDEX-54"/> command is used to mount an smbfs
+filesystem into the Linux filesystem. The basic usage is:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbmount </b></tt><em class="replaceable">Share-UNC mount-point</em><tt class="userinput"><b> -o </b></tt><em class="replaceable">options</em></pre></blockquote>
+
+<p>Replace <em class="replaceable">Share-UNC</em> with the UNC for the SMB
+share, and <em class="replaceable">mount-point</em> with the full path
+to the directory in the Linux filesystem to use as the mount point.
+The <em class="replaceable">options</em> argument is used to set the
+exact manner in which the share is mounted. Let's
+look at an example of a <em class="emphasis">smbmount</em> command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbmount //maya/e /smb/e \</b></tt>
+<tt class="userinput"><b> -o &quot;credentials=/home/jay/.smbpw,uid=jay,gid=jay,fmask=664,dmask=775&quot;</b></tt></pre></blockquote>
+
+<p>Here we are mounting share <em class="filename">\\maya\e</em> from a
+Windows 98 system on the mount point <em class="filename">/smb/e</em> on
+the Linux system.</p>
+
+<a name="samba2-CHP-5-NOTE-122"/><blockquote class="note"><h4 class="objtitle">NOTE</h4>
+<p>If your Linux kernel doesn't include smbfs support,
+you will get the error message:</p>
+
+<blockquote><pre class="code">ERROR: smbfs filesystem not supported by the kernel</pre></blockquote>
+
+
+<p>In this case, you must configure and compile a new kernel to include
+support for smbfs. When smbfs is installed, and an SMB share is
+mounted, you can run the command:</p>
+
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>cat /proc/filesystems</b></tt></pre></blockquote>
+
+<p>and see a line that looks like:</p>
+
+<blockquote><pre class="code">nodev smbfs</pre></blockquote>
+
+
+<p>in the command's output.</p>
+</blockquote>
+
+<p>The mount point must exist before <em class="emphasis">smbmount</em> is
+run and can be created using the <em class="emphasis">mkdir</em> command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /smb/e</b></tt></pre></blockquote>
+
+<p>The argument to the <em class="emphasis">-o</em> option might look a
+little complex. It is a comma-separated list of
+<em class="replaceable">key</em><tt class="literal">=</tt><em class="replaceable">value</em>
+pairs. The <tt class="literal">credentials</tt> key is set to the name of
+the credentials file, which is used to give
+<em class="emphasis">smbmount</em> a valid username and password with
+which to authenticate while connecting to the share. The format is
+identical to that used by <em class="emphasis">smbclient</em> (as
+explained in the previous section), so you can use the same
+credentials file for both clients. If you want, you can use the
+<em class="replaceable">key</em>=<em class="replaceable">value</em> pair
+<tt class="literal">username</tt>=<em class="replaceable">name</em>%<em class="replaceable">password</em>
+to specify the username and password directly in the
+<em class="emphasis">smbmount</em> command, although this is considerably
+less secure.</p>
+
+<a name="samba2-CHP-5-NOTE-123"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>The <em class="emphasis">smbmount</em> command accepts the same
+authentication methods as <em class="emphasis">smbclient</em>. The
+comments in the section on <em class="emphasis">smbclient</em> regarding
+supplying passwords on the command line&mdash;and keeping passwords
+in files and environment variables&mdash;also apply here.</p>
+</blockquote>
+
+<p>The rest of the options tell <em class="emphasis">smbmount</em> how to
+translate between the SMB filesystem and the Unix filesystem, which
+differ in their handling of ownership and permissions. The
+<em class="emphasis">uid</em> and <em class="emphasis">gid</em> options specify
+the owner and group to be assigned to all directories and files in
+the mounted share.</p>
+
+<p>The <em class="emphasis">fmask</em><a name="INDEX-55"/> and
+<em class="emphasis">dmask</em><a name="INDEX-56"/> options specify
+<a name="INDEX-57"/>bitmasks for
+permissions of files and directories, respectively. These bitmasks
+are logically ANDed with whatever permissions are granted by the
+server to create the effective permissions on the client Unix system.
+On the server side, the permissions granted depend on the
+server's operating system. For a Windows 95/98/Me
+server using share-mode security, the MS-DOS read-only attribute can
+be set on individual files and directories and combined with the Full
+Access or Read Only permissions on the share as a whole. In
+user-level security mode, Windows 95/98/Me can have ACL-like
+permissions applied to the entire share, as discussed in <a href="ch04.html">Chapter 4</a>. Windows NT/2000/XP support ACLs on individual
+files and directories, with Full Control, Change, or Read permissions
+that can be applied to the entire share. If the server is a Samba
+server, the permissions are whatever is defined by the Samba share
+and the local Unix system for the individual files and directories.
+In every case, the permissions applied to the share act to further
+limit access, beyond what is specified for the individual files and
+directories.</p>
+
+<a name="samba2-CHP-5-NOTE-124"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>You might think that the <em class="emphasis">fmask</em> and
+<em class="emphasis">dmask</em> permission masks can be used only to
+reduce the effective permissions on files and directories, but this
+is not always the case. For example, suppose that a file is being
+shared by a Windows 95/98/Me server using share-mode security and
+that some number of users have been given the Full Access password
+for the share. If the share is mounted with
+<em class="emphasis">smbmount</em> using an <em class="emphasis">fmask</em> of
+666, read/write permissions are granted on the Unix system not only
+for the owner, but for everyone else on the Unix system as well!</p>
+</blockquote>
+
+<p>After mounting the <em class="filename">\\maya\d</em> share to
+<em class="filename">/smb/e</em>, here is what the contents of
+<em class="filename">/smb/e</em> look like:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>cd /smb/e ; ls -l</b></tt>
+total 47
+drwxrwxr-x 1 jay jay 512 Jan 8 20:21 CD-images
+drwxrwxr-x 1 jay jay 512 Jan 6 21:50 lectures
+-rw-rw-r-- 1 jay jay 131 Dec 18 09:12 ms-ProfPol-wp.doc
+-rw-rw-r-- 1 jay jay 59 Dec 18 09:12 profile-map
+-rw-rw-r-- 1 jay jay 131 Jan 15 05:01 readme.txt
+drwxrwxr-x 1 jay jay 512 Feb 4 2002 RECYCLED
+-rw-rw-r-- 1 jay jay 33969 Dec 10 20:22 smbclient.doc
+-rw-rw-r-- 1 jay jay 7759 Dec 10 20:20 smbmount.doc
+-rw-rw-r-- 1 jay jay 1914 Dec 10 20:17 smbsh.txt
+drwxrwxr-x 1 jay jay 512 Jan 10 03:54 trans</pre></blockquote>
+
+<p>For the most part, the files and directories contained in the mounted
+smbfs filesystem will work just like any others, except for
+limitations imposed by the nature of SMB networking. For example, not
+even the superuser can perform the operation:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>chown root lectures</b></tt>
+chown: changing ownership of 'lectures': Operation not permitted</pre></blockquote>
+
+<p>because SMB shares do not intrinsically support the idea of
+ownership. Some odd behaviors can result from this. For example, the
+command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>chmod 777 readme.txt</b></tt></pre></blockquote>
+
+<p>does not produce an error message, although nothing has been changed.
+The file <em class="filename">readme.txt</em> still has permissions set to
+664:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>ls -l readme.txt</b></tt>
+-rw-rw-r-- 1 jay jay 131 Jan 15 05:01 readme.txt</pre></blockquote>
+
+<p>Aside from little things such as these, the mounted smbfs filesystem
+can be used in conjunction with virtually any application, and you
+might be pleasantly surprised at how nicely it integrates with your
+Linux-based computing environment. You can even create symbolic links
+in the Unix filesystem, pointing to files and directories inside SMB
+shares. However, unless the server is a Samba server that supports
+Unix CIFS extensions, you will not be able to create a symbolic link
+inside the mounted smbfs filesystem.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-4.2"/>
+
+<h3 class="head2">Mounting smbfs Filesystems Automatically</h3>
+
+<p><a name="INDEX-58"/>As with other types of
+filesystems, an smbfs filesystem can be mounted automatically during
+system bootup by creating an entry for it in
+<em class="filename">/etc/fstab</em>. The format for the entry is as
+follows:</p>
+
+<blockquote><pre class="code"><em class="replaceable">Share-UNC mount-point</em> smbfs <em class="replaceable">options</em> 0 0</pre></blockquote>
+
+<p>Replace <em class="replaceable">Share-UNC</em> with the UNC of the
+share (using the forward slash format), and replace
+<em class="replaceable">mount-point</em> with the name of the directory
+in the Linux filesystem on which the share will be mounted. In place
+of <em class="replaceable">options</em>, simply use the string that you
+used with the <em class="emphasis">-o</em> flag in the
+<em class="emphasis">smbmount</em> command.</p>
+
+<p>Once you have found the arguments to use with the
+<em class="emphasis">smbmount</em> command to mount the share the way you
+like it, it is a very simple matter to create the entry for
+<em class="filename">/etc/fstab</em>. The <em class="emphasis">smbmount</em>
+command we used to mount the share <em class="filename">\\maya\e</em> on
+<em class="filename">/smb/e</em> would translate to this
+<em class="filename">/etc/fstab</em> entry:</p>
+
+<blockquote><pre class="code">//maya/e /smb/e smbfs
+credentials=/home/jay/.smbpw,uid=jay,gid=jay,fmask=664,dmask=775 0 0
+
+<i class="lineannotation">(Please note that this should all go on one line.)</i></pre></blockquote>
+<a name="samba2-CHP-5-NOTE-125"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>If you make a mistake in modifying
+<em class="filename">/etc/fstab</em><a name="INDEX-59"/><a name="INDEX-60"/>, your system might not
+reboot properly, and you might be forced to boot into single-user
+mode to fix the problem. Before you edit
+<em class="filename">/etc/fstab</em>, be sure to make a backup copy of it,
+and be prepared to recover your system if anything goes wrong.</p>
+</blockquote>
+
+<p>Once the entry has been added, the system will automatically mount
+the share when booting. Or, the system administrator can manually
+mount or unmount the share with commands such as these:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mount /smb/e</b></tt>
+# <tt class="userinput"><b>umount /smb/e</b></tt></pre></blockquote>
+
+<a name="samba2-CHP-5-NOTE-126"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>It is possible to use <em class="emphasis">mount</em> and
+<em class="emphasis">umount</em> by giving them the UNC for the share
+using forward slashes, as in our <em class="filename">/etc/fstab</em>
+entry. However, be careful about this. A share might be listed more
+than once in <em class="filename">/etc/fstab</em> so that it can be
+mounted at more than one place in the Linux filesystem. If you use
+the UNC to specify the share you wish to mount or unmount, you might
+cause it to be mounted or unmounted at another mount point from the
+one you intended.</p>
+</blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-4.3"/>
+
+<h3 class="head2">Common smbmount Options</h3>
+
+<p><a href="ch05.html#samba2-CHP-5-TABLE-1">Table 5-1</a> lists
+<em class="replaceable">key</em><tt class="literal">=</tt><em class="replaceable">value</em>
+pairs that can be used with the <em class="emphasis">-o</em> option of
+<em class="emphasis">smbmount</em> or in the options field of the
+<em class="filename">/etc/fstab</em> entry for the smbfs filesystem. See
+the <em class="emphasis">smbmount</em> manual page for a complete list of
+options.</p>
+
+<a name="samba2-CHP-5-TABLE-1"/><h4 class="head4">Table 5-1. smbmount options</h4><table border="1">
+
+
+
+
+<tr>
+<th>
+<p>Key</p>
+</th>
+<th>
+<p>Value</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">username</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>Provides the username, and optionally the password and workgroup, for
+authentication.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">password</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>Provides the share or domain password, if it hasn't
+been supplied by another means.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">credentials</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>Name of file containing the username and password.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">uid</tt></p>
+</td>
+<td>
+<p>string or numeric</p>
+</td>
+<td>
+<p>User ID to apply to all files and directories of the mounted share.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">gid</tt></p>
+</td>
+<td>
+<p>string or numeric</p>
+</td>
+<td>
+<p>Group ID to apply to all files and directories of the mounted share.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">fmask</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Permissions to apply to files. Default is based on current umask.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">dmask</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Permissions to apply to directories. Default is based on current
+umask.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">debug</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Debug level.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">workgroup</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>Name of workgroup of remote server.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">guest</tt></p>
+</td>
+<td>
+<p>(none)</p>
+</td>
+<td>
+<p>Suppresses password prompt.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">ro</tt></p>
+</td>
+<td>
+<p>(none)</p>
+</td>
+<td>
+<p>Mount read-only.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">rw</tt></p>
+</td>
+<td>
+<p>(none)</p>
+</td>
+<td>
+<p>Mount read/write. This is the default.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">ttl</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Amount of time to cache the contents of directories. Defaults to 1000
+ms <a name="INDEX-62"/>.</p>
+</td>
+</tr>
+
+</table>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-5-SECT-5"/>
+
+<h2 class="head1">smbsh</h2>
+
+<p>The <em class="emphasis">smbsh</em><a name="INDEX-63"/> program is part of the Samba suite and
+works on some, but not all, Unix variants.<a name="FNPTR-3"/><a href="#FOOTNOTE-3">[3]</a> Effectively, it adds a wrapper around the
+user's command shell, enabling it and common Unix
+utilities to work on files and directories in SMB shares, in addition
+to files and directories in the local Unix filesystem. From the
+user's perspective, the effect is that of a
+simulated mount of the SMB shares onto the Unix filesystem.</p>
+
+<p><em class="emphasis">smbsh</em> works by running the shell and programs
+run from it in an environment in which calls to the standard C
+library are redirected to the
+<em class="emphasis">smbwrapper</em><a name="INDEX-64"/> library, which has support for
+operating on SMB shares. This redirection can work only if the
+program being run is dynamically linked. Fortunately, modern Unix
+versions ship with most common utilities linked dynamically rather
+than statically.</p>
+
+<a name="samba2-CHP-5-NOTE-127"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>To determine whether a program is dynamically or statically linked,
+try using the <em class="emphasis">file</em> command.</p>
+</blockquote>
+
+<p>To use <em class="emphasis">smbsh</em>, your Samba installation must be
+configured using the configure option
+<tt class="literal">--with-smbwrapper</tt>.</p>
+
+<p>If you have a number of Unix systems with the same host operating
+system and architecture and don't want to bother
+with a full Samba installation, you can simply move the following
+files to the other systems:</p>
+
+<blockquote><pre class="code">/usr/local/samba/bin/smbsh
+/usr/local/samba/bin/smbwrapper.so
+/usr/local/samba/lib/smb.conf</pre></blockquote>
+
+<p>Make sure that <em class="filename">/usr/local/samba/bin</em> is in your
+shell's search path. The
+<em class="filename">smb.conf</em><a name="INDEX-65"/><a name="INDEX-66"/> file is
+needed only for <em class="emphasis">smbsh</em> to determine the workgroup
+or domain and does not need to be as elaborate as your Samba
+server's configuration file.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-5.1"/>
+
+<h3 class="head2">An Interactive Session with smbsh</h3>
+
+<p><a name="INDEX-67"/>To start <em class="emphasis">smbsh</em>,
+simply type in the <em class="emphasis">smbsh</em> command at the shell
+prompt. You will be prompted for a username and password with which
+to authenticate on the SMB network:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbsh</b></tt>
+Username: davecb
+Password:
+smbsh$</pre></blockquote>
+
+<p>While working within the <em class="emphasis">smbsh</em> shell, you have a
+virtual <em class="filename">/smb</em> directory. This does not actually
+exist in the Unix filesystem and is supported within
+<em class="emphasis">smbsh</em> only to help organize the SMB shares in a
+structure familiar to Unix users. You can list the contents of the
+<em class="filename">/smb</em> virtual directory and get a list of
+workgroups in the local network, which are also presented as virtual
+directories:</p>
+
+<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd /smb ; ls</b></tt>
+ZOOL PLANK BACIL</pre></blockquote>
+
+<p>You can change your working directory to one of the workgroup virtual
+directories, and listing one of them will show the computers in the
+workgroup:</p>
+
+<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd ZOOL ; ls</b></tt>
+ANTILLES DODO MILO SEAL
+ARGON HANGGLIDE OSTRICH SPARTA
+BALLET INFUSION PLAQUE THEBES
+CHABLIS JAZ PRAETORIAN TJ
+COBRA KIKO RAYOPCI TRANCE
+COUGUR MACHINE-HEADPCI RUMYA VIPERPCI
+CRUSTY MATHUMA SCOT</pre></blockquote>
+
+<p>Likewise, you can change your current directory to, and list the
+contents of, a computer virtual directory, and then you can see a
+listing of shares offered by that computer:</p>
+
+<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd scot ; ls</b></tt>
+ADMIN$ davecb nc np2s pl
+ace dhcp-mrk03 np nps xp
+cl ep np2 opcom</pre></blockquote>
+
+<p>This is the lowest level of
+<em class="emphasis">smbsh</em>'s virtual directory
+system. Once you <em class="emphasis">cd</em> into a share, you are within
+the SMB share on the remote computer:</p>
+
+<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd davecb ; ls</b></tt>
+Mail mkanalysis_dirs.idx
+SUNWexplo nfs.ps
+Sent nsmail
+allsun.html projects.txt
+bin sumtimex</pre></blockquote>
+
+<p>Once in a remote share, most of the Unix shell utilities will work,
+and you can operate on files and directories much as you would on any
+Unix system. You can even create symbolic links in the Unix
+filesystem pointing to files and directories in the SMB share.
+However, attempts to create symbolic links in the SMB share will fail
+unless the share is being served by Samba with support for Unix CIFS
+extensions.</p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-5-SECT-6"/>
+
+<h2 class="head1">smbutil and mount_smbfs</h2>
+
+<p>The <em class="emphasis">smbutil</em> and <em class="emphasis">mount_smbfs</em>
+programs provide SMB client functionality for FreeBSD, Darwin, and
+Mac OS X. Neither of the programs is part of the Samba distribution;
+however, we are including them to give you a little additional
+support in case you have BSD-related Unix systems on your network.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-6.1"/>
+
+<h3 class="head2">smbutil</h3>
+
+<p>The <em class="emphasis">smbutil</em><a name="INDEX-68"/> program provides functionality similar
+to some of the Samba suite's command-line utilities.
+It can be used to list the shares available on an SMB server or
+perform NetBIOS name lookups.</p>
+
+<p>The first argument given to <em class="emphasis">smbutil</em> is one of a
+number of subcommands and is usually followed by arguments specific
+to the subcommand. For example, to list the resources offered by a
+server, use the <em class="emphasis">view</em> subcommand, and enter your
+server password when prompted:</p>
+
+<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //vamana</b></tt>
+Password:
+Share Type Comment
+-------------------------------------------------------------
+public disk
+SS2500 printer Stylus Scan 2500
+IPC$ pipe IPC Service (Samba 2.2.5)
+ADMIN$ disk IPC Service (Samba 2.2.5)
+leonvs disk User Home Directories
+
+5 shares listed from 5 available</pre></blockquote>
+
+<p>If you wish to connect to the server with a username that differs
+from that on your client, you can specify it on the command line by
+preceding the name of the server with the username and using an at
+sign (<tt class="literal">@</tt>) as a separator:</p>
+
+<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //leonvs@vamana</b></tt></pre></blockquote>
+
+<p>You can also include the password after the username, using a colon
+(:) as a separator, to avoid being prompted for
+it:</p>
+
+<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //leonvs:leonspassword@vamana</b></tt></pre></blockquote>
+
+<p>Typing your password in the open like this is strongly discouraged.
+It's a little better if you use an encrypted
+password, which you can generate using
+<em class="emphasis">smbutil</em>'s
+<em class="emphasis">crypt</em> subcommand:</p>
+
+<blockquote><pre class="code">% <tt class="userinput"><b>smbutil crypt leonspassword</b></tt>
+$$1625a5723293f0710e5faffcfc6</pre></blockquote>
+
+<p>This can then be used in place of a clear-text password. However, the
+encryption is not particularly strong and will foil only the most
+casual inspection. As noted earlier, the only reasonably secure
+method of providing a password is to be prompted for it.</p>
+
+<p>While starting up, <em class="emphasis">smbutil</em> reads the file
+<em class="filename">.nsmbrc</em><a name="INDEX-69"/> in the user's home
+directory. Also, the file
+<em class="filename">/usr/local/etc/nsmb.conf</em><a name="INDEX-70"/><a name="INDEX-71"/> is read, and directives in that file
+override those in users'
+<em class="filename">~/.nsmbrc</em> files. This is to allow administrators
+to apply mandatory settings to all users. Directives can be placed in
+this file using the section and parameter format similar to that of
+the Samba configuration file. A list of common configuration
+parameters is given in <a href="ch05.html#samba2-CHP-5-TABLE-2">Table 5-2</a>.</p>
+
+<p>For example, to keep your password in your
+<em class="filename">~/.nsmbrc</em> file, you can create an entry in the
+file such as the following:</p>
+
+<blockquote><pre class="code">[VAMANA:LEONVS]
+ password=$$1625a5723293f0710e5faffcfc6</pre></blockquote>
+
+<p>The section heading in brackets specifies the SMB
+server's NetBIOS name and the username to which the
+subsequent parameter settings apply. (The hostname and username
+should be supplied in uppercase characters.) Section headings can
+also consist of just a hostname or can contain a share name as a
+third element for specifying parameters applicable to a single share.
+Finally, if a <tt class="literal">[default]</tt> section is present, the
+settings in it apply to all connections.</p>
+
+<p>The following example <em class="filename">.nsmbrc</em> shows some of the
+other parameters you might use:</p>
+
+<blockquote><pre class="code">[default]
+ username=leonvs
+ # NetBIOS name server
+ nbns=192.168.1.3
+
+[VAMANA]
+ # server IP address
+ addr=192.168.1.6
+ workgroup=TEST
+
+[VAMANA:LEONVS]
+ password=$$1625a5723293f0710e5faffcfc6</pre></blockquote>
+
+<p>Another thing you can do with <em class="emphasis">smbutil</em> is
+<a name="INDEX-72"/><a name="INDEX-73"/><a name="INDEX-74"/>translate between IP addresses or DNS
+names and
+<a name="INDEX-75"/>NetBIOS
+names. For example, the <em class="emphasis">status</em> subcommand takes
+an IP address or DNS hostname as an argument and returns the
+corresponding SMB server's NetBIOS name and
+workgroup:</p>
+
+<blockquote><pre class="code">% <tt class="userinput"><b>smbutil status 192.168.1.6</b></tt>
+Workgroup: TEST
+Server: VAMANA</pre></blockquote>
+
+<p>The <em class="emphasis">lookup</em> subcommand returns the IP address
+associated with a given NetBIOS hostname. A NetBIOS name server can
+be optionally specified with the <em class="emphasis">-w</em> argument:</p>
+
+<blockquote><pre class="code">% <tt class="userinput"><b>smbutil lookup -w 192.168.1.3 VAMANA</b></tt>
+Got response from 192.168.1.3
+IP address of VAMANA: 192.168.1.6</pre></blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-6.2"/>
+
+<h3 class="head2">mount_smbfs</h3>
+
+<p>The <em class="emphasis">mount_smbfs</em><a name="INDEX-76"/> program performs essentially the same
+function as <em class="emphasis">smbmount</em> on Linux. It mounts an SMB
+share on a directory in the local filesystem. The SMB share can then
+be accessed just like any other directory, subject to some behavioral
+differences noted earlier in <a href="ch05.html#samba2-CHP-5-SECT-4.1">Section 5.4.1</a>.</p>
+
+<p>The command synopsis for <em class="emphasis">mount_smbfs</em> is:</p>
+
+<blockquote><pre class="code">mount_smbfs <em class="replaceable">[options]</em> <em class="replaceable">Share-UNC</em> <em class="replaceable">mount-point</em></pre></blockquote>
+
+<p>where <em class="replaceable">Share-UNC</em> is of the form:</p>
+
+<blockquote><pre class="code">//[<em class="replaceable">workgroup</em>;][<em class="replaceable">username</em>[:<em class="replaceable">password</em>]@]<em class="replaceable">server</em>[/<em class="replaceable">share</em>]</pre></blockquote>
+
+<p>For example:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mount_smbfs '//TEST;leonvs:$$1625a5723293f0710e5faffcfc6@vamana/leonvs' /</b></tt>
+\<tt class="userinput"><b>Volumes/leonvs</b></tt></pre></blockquote>
+
+<p>The ownership and permissions of the mount point determine the
+default ownership and permissions for files and directories in the
+mounted share. These can be modified with command-line arguments,
+like this:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mount_smbfs -u leonvs -g admin -f 0750 -d 0755 //leonvs@vamana/leonvs </b></tt>
+\<tt class="userinput"><b>/Volumes/leonvs</b></tt></pre></blockquote>
+
+<p>In this example, the files and directories in the mounted share will
+be owned by the user leonvs and the group admin, with files and
+directories having permissions 750 and 755, respectively. (As usual,
+the permissions are specified in the octal format used by the Unix
+<em class="emphasis">chmod</em> command.)</p>
+
+<p>The <em class="emphasis">mount_smbfs</em><a name="INDEX-77"/><a name="INDEX-78"/> command
+also makes use of settings in
+<em class="filename">/usr/local/etc/nsmb.conf</em> and
+<em class="filename">~/.nsmbrc</em>, as described earlier. A list of
+common configuration parameters and command-line options is provided
+in <a href="ch05.html#samba2-CHP-5-TABLE-2">Table 5-2</a>.</p>
+
+<a name="samba2-CHP-5-TABLE-2"/><h4 class="head4">Table 5-2. Common smbutil and mount_smbfs options</h4><table border="1">
+
+
+
+
+<tr>
+<th>
+<p>Command-line option</p>
+</th>
+<th>
+<p>Configuration file parameter</p>
+</th>
+<th>
+<p>Description</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">-I</tt> <em class="replaceable">hostname</em></p>
+</td>
+<td>
+<p><tt class="literal">addr</tt></p>
+</td>
+<td>
+<p>Avoid NetBIOS name resolution and connect to the server using the
+specified DNS hostname or IP address.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>-N</p>
+</td>
+<td>
+<p><em class="emphasis">none</em></p>
+</td>
+<td>
+<p>Do not prompt for a password.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>-R <em class="replaceable">count</em></p>
+</td>
+<td>
+<p><tt class="literal">retry_count</tt></p>
+</td>
+<td>
+<p>Number of times to retry connection before giving up.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>-T <em class="replaceable">seconds</em></p>
+</td>
+<td>
+<p><tt class="literal">timeout</tt></p>
+</td>
+<td>
+<p>Timeout, in seconds, per connection request.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>-U <em class="replaceable">username</em></p>
+</td>
+<td>
+<p><tt class="literal">username</tt></p>
+</td>
+<td>
+<p>Username to use for authentication. Defaults to Unix username.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>-W <em class="replaceable">workgroup</em></p>
+</td>
+<td>
+<p><tt class="literal">workgroup</tt></p>
+</td>
+<td>
+<p>Name of workgroup of remote server.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>-d <em class="replaceable">mode</em></p>
+</td>
+<td>
+<p><em class="emphasis">none</em></p>
+</td>
+<td>
+<p>Permissions to apply to directories in the mounted share. Defaults to
+the same as the file permissions, plus an execute (search) bit
+whenever the read bit is set.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>-f <em class="replaceable">mode</em></p>
+</td>
+<td>
+<p><em class="filename">none</em></p>
+</td>
+<td>
+<p>Permissions to apply to files in the mounted share. Defaults to the
+same as the permissions set on the directory used as the mount point.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>-g <em class="replaceable">group</em></p>
+</td>
+<td>
+<p><em class="emphasis">none</em></p>
+</td>
+<td>
+<p>Name or numeric GID to apply to all files and directories in the
+mounted share. Defaults to the group of the directory used as the
+mount point.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>-n <em class="replaceable">long</em></p>
+</td>
+<td>
+<p><em class="emphasis">none</em></p>
+</td>
+<td>
+<p>Disable support for long filenames. Restrict filenames to 8.3 naming
+standard.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>-u <em class="replaceable">username</em></p>
+</td>
+<td>
+<p><em class="emphasis">none</em></p>
+</td>
+<td>
+<p>Username or numeric UID to apply as the owner of all files and
+directories in the mounted share. Defaults to the owner of the
+directory used as the mount point.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>-w <em class="replaceable">hostname</em></p>
+</td>
+<td>
+<p><tt class="literal">nbns</tt></p>
+</td>
+<td>
+<p>Hostname or IP address of the NetBIOS name server.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><em class="emphasis">none</em></p>
+</td>
+<td>
+<p><tt class="literal">password</tt></p>
+</td>
+<td>
+<p>Password to use for authentication.</p>
+</td>
+</tr>
+
+</table>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-5-SECT-6.3"/>
+
+<h3 class="head2">Mac OS X</h3>
+
+<p><a name="INDEX-79"/>In addition to
+<em class="emphasis">smbutil</em> and <em class="emphasis">mount_smbfs</em>, OS
+X includes a graphical interface to the functionality they provide.
+To use this interface, open the Go menu and select the Connect to
+Server . . . menu item. Instead of using a UNC, specify the share in
+the form of a Uniform Resource Identifier (URI) with a prefix of
+<tt class="literal">smb://</tt> entered in the Address field, as shown in
+<a href="ch05.html#samba2-CHP-5-FIG-5">Figure 5-5</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-5-FIG-5"/><img src="figs/sam2_0505.gif"/></div><h4 class="head4">Figure 5-5. OS X Connect to Server dialog</h4>
+
+<p>You can specify a server, share, workgroup, username, and password
+(optionally encrypted with <em class="emphasis">smbutil crypt</em>) in the
+URI, in the same format as the UNC argument to
+<em class="emphasis">mount_smbfs</em>. If you don't
+specify a share name in the URI, you will be shown a window that lets
+you choose from a list of shares available to mount. See <a href="ch05.html#samba2-CHP-5-FIG-6">Figure 5-6</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-5-FIG-6"/><img src="figs/sam2_0506.gif"/></div><h4 class="head4">Figure 5-6. Selecting a share to mount</h4>
+
+<p>Only guest-accessible shares will show up in the list until
+you've authenticated. After pressing the
+Authenticate button, you'll be prompted for a
+workgroup, username, and password, as shown in <a href="ch05.html#samba2-CHP-5-FIG-7">Figure 5-7</a>. You'll also see this dialog
+if you provide a share name in the URI, but not a username and
+password.<a name="FNPTR-4"/><a href="#FOOTNOTE-4">[4]</a></p>
+
+<div class="figure"><a name="samba2-CHP-5-FIG-7"/><img src="figs/sam2_0507.gif"/></div><h4 class="head4">Figure 5-7. Client authentication</h4>
+
+<p>As usual for Mac OS X, shares are mounted under
+<em class="filename">/Volumes</em>, but show up in the root of the Finder
+hierarchy.</p>
+
+<p>If you have a WINS server on your network, you can provide the
+server's IP address in the Directory Access
+application, or by using the <tt class="literal">wins</tt>
+<tt class="literal">server</tt> parameter in
+<em class="filename">/etc/smb.conf</em>.</p>
+
+<p>If you don't know the name of a server to which you
+wish to connect, you can look for it in the browse list, using the
+graphical frontend to the <em class="emphasis">nmblookup</em> command
+provided with Samba. Click the downward-pointing arrow in the Connect
+to Server . . . dialog box to show a hierarchical, column-based view
+of available workgroups and servers, similar to that shown in <a href="ch05.html#samba2-CHP-5-FIG-8">Figure 5-8</a>. If your client is also acting as an SMB file
+server, it won't show up in its own browse
+list.<a name="INDEX-80"/></p>
+
+<div class="figure"><a name="samba2-CHP-5-FIG-8"/><a name="INDEX-81"/><img src="figs/sam2_0508.gif"/></div><h4 class="head4">Figure 5-8. Browsing the network</h4>
+
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> An alternative to extracting
+the tar archive directly to the SMB share is to use the Unix
+system's <em class="emphasis">tar</em> command to extract
+it to a directory on the Unix server, then copy the desired file(s)
+to a shared directory. This allows a greater amount of control over
+the restoration process, as when correcting for an accidental file
+deletion or reverting a set of files to a previous condition.</p>
+<a name="FOOTNOTE-2"/> <p><a href="#FNPTR-2">[2]</a> Samba Versions
+2.2.4 and later have support for Unix CIFS extensions developed by
+Hewlett-Packard, which add full support for Unix ownership, group,
+and permissions in smbfs filesystems when shared between two Samba
+systems. You will also need a recent version of smbfs in your Linux
+kernel.</p> <a name="FOOTNOTE-3"/> <p><a href="#FNPTR-3">[3]</a> At the
+time of this writing, <em class="emphasis">smbsh</em> does not work on
+HP/UX or Linux. However, Linux support might return in the
+future.</p> <a name="FOOTNOTE-4"/> <p><a href="#FNPTR-4">[4]</a> If you've previously
+stored your authentication information in a Keychain, you will
+instead be prompted for your Keychain password.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html>
diff --git a/docs/htmldocs/using_samba/ch06.html b/docs/htmldocs/using_samba/ch06.html
new file mode 100644
index 00000000000..eb4e7262c08
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch06.html
@@ -0,0 +1,2727 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 6. The Samba Configuration File</h1>
+
+
+<p><a name="INDEX-1"/>In
+previous chapters, we showed you how to install Samba on a Unix
+server and set up Windows clients to use a simple disk share. This
+chapter will show you how Samba can assume more productive roles on
+your network.</p>
+
+<p>Samba's daemons, <em class="emphasis">smbd</em> and
+<em class="emphasis">nmbd</em>, are controlled through a single ASCII
+file, <em class="filename">smb.conf</em>, that can contain over 300 unique
+options (also called parameters). Some of these options you will use
+and change frequently; others you might never use, depending on how
+much functionality you want Samba to offer its clients.</p>
+
+<p>This chapter introduces the structure of the Samba configuration file
+and shows you how to use options to create and modify disk shares.
+Subsequent chapters will discuss browsing, how to configure users,
+security, printing, and other topics related to implementing Samba on
+your network.</p>
+
+
+
+<div class="sect1"><a name="samba2-CHP-6-SECT-1"/>
+
+<h2 class="head1">The Samba Configuration File</h2>
+
+<p>The Samba configuration file, called <em class="filename">smb.conf</em> by
+default, uses the same format as Windows
+<em class="filename">.ini</em><a name="INDEX-2"/><a name="INDEX-3"/> files. If you have ever worked with a
+<em class="filename">.ini</em> file, you will find
+<em class="filename">smb.conf</em> easy to create and modify. Even if you
+haven't, you will find the format to be simple and
+easy to learn. Here is an example of a Samba
+<a name="INDEX-4"/>configuration
+file:</p>
+
+<blockquote><pre class="code">[global]
+ workgroup = METRAN
+ encrypt passwords = yes
+ wins support = yes
+ log level = 1
+ max log size = 1000
+ read only = no
+[homes]
+ browsable = no
+ map archive = yes
+[printers]
+ path = /var/tmp
+ printable = yes
+ min print space = 2000
+[test]
+ browsable = yes
+ read only = yes
+ path = /usr/local/samba/tmp</pre></blockquote>
+
+<p>This configuration file is based on the one we created in <a href="ch02.html">Chapter 2</a> and sets up a workgroup in which Samba
+authenticates users using encrypted passwords and the default
+user-level security method. Samba is providing WINS name server
+support. We've configured very basic event logging
+to use a log file not to exceed 1MB in size. The
+<tt class="literal">[homes]</tt> share has been added to allow Samba to
+create a disk share for the home directory of each user who has a
+standard Unix account on the server. In addition, each printer
+registered on the server will be publicly available, as will a single
+read-only share that maps to the
+<em class="filename">/usr/local/samba/tmp</em> directory.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-1.1"/>
+
+<h3 class="head2">Configuration File Structure</h3>
+
+<p><a name="INDEX-5"/>Let's take another
+look at this configuration file, this time from a higher level:</p>
+
+<blockquote><pre class="code">[global]
+ ...
+[homes]
+ ...
+[printers]
+ ...
+[test]
+ ...</pre></blockquote>
+
+<p><a name="INDEX-6"/><a name="INDEX-7"/>The
+names inside the square brackets delineate unique
+<em class="firstterm">sections</em> of the <em class="filename">smb.conf</em>
+file; each section names the share (or service) to which the section
+refers. For example, the <tt class="literal">[test]</tt> and
+<tt class="literal">[homes]</tt> sections are unique disk shares; they
+contain options that map to specific directories on the Samba server.
+The <tt class="literal">[printers]</tt> share contains options that map to
+various printers on the server. All the sections defined in the
+<em class="filename">smb.conf</em> file, with the exception of the
+<tt class="literal">[global]</tt> section, will be available as a disk or
+printer share to clients connecting to the Samba server.</p>
+
+<p>The remaining lines are individual configuration options for that
+share. These options will continue until a new section is encountered
+or until the end of the file is reached. Each configuration option
+follows a simple format:</p>
+
+<blockquote><pre class="code"><em class="replaceable">option</em> = <em class="replaceable">value</em></pre></blockquote>
+
+<p><a name="INDEX-8"/>Options in
+the <em class="filename">smb.conf</em> file are set by assigning a value
+to them. We should warn you up front that some of the option names in
+Samba are poorly chosen. For example, <tt class="literal">read</tt>
+<tt class="literal">only</tt> is self-explanatory and is typical of many
+recent Samba options. The <tt class="literal">public</tt> option is an
+older option and is vague. It now has a less-confusing synonym
+<tt class="literal">guest</tt> <tt class="literal">ok</tt> (meaning it can be
+accessed by guests). <em class="emphasis">Appendix B</em> contains an
+alphabetical index of all the configuration options and their
+meanings.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-1.1.1"/>
+
+<h3 class="head3">Whitespace, quotes, and commas</h3>
+
+<p>An important item to remember about configuration options is that all
+whitespace within the <em class="replaceable">value</em> is
+significant. For example, consider the following option:</p>
+
+<blockquote><pre class="code">volume = The Big Bad Hard Drive Number 3543</pre></blockquote>
+
+<p>Samba strips away the spaces up to the first <tt class="literal">T</tt> in
+<tt class="literal">The</tt>. These whitespaces are insignificant. The rest
+of the whitespaces are significant and will be recognized and
+preserved by Samba when reading in the file. Space is not significant
+in option names (such as <tt class="literal">read</tt>
+<tt class="literal">only</tt>), but we recommend you follow convention and
+keep spaces between the words of options.</p>
+
+<p>If you feel safer including quotation marks at the beginning and end
+of a configuration option's value, you can do so.
+Samba will ignore these quotation marks when it encounters them.
+Never use quotation marks around an option name; Samba will treat
+this as an error.</p>
+
+<p>Usually, you can use whitespaces or commas to separate a series of
+values in a list. These two options are equivalent:</p>
+
+<blockquote><pre class="code">netbios aliases = sales, accounting, payroll
+netbios aliases = sales accounting payroll</pre></blockquote>
+
+<p>In some cases, you must use one form of separation&mdash;sometimes
+spaces are required, and sometimes commas.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-1.1.2"/>
+
+<h3 class="head3">Capitalization</h3>
+
+<p><a name="INDEX-9"/>Capitalization
+is not important in the Samba configuration file except in locations
+where it would confuse the underlying operating system. For example,
+let's assume that you included the following option
+in a share that pointed to <em class="filename">/export/samba/simple
+</em>:</p>
+
+<blockquote><pre class="code">PATH = /EXPORT/SAMBA/SIMPLE</pre></blockquote>
+
+<p>Samba would have no problem with the <tt class="literal">path</tt>
+configuration option appearing entirely in capital letters. However,
+when it tries to connect to the given directory, it would be
+unsuccessful because the Unix filesystem <em class="emphasis">is</em>
+case-sensitive. Consequently, the path listed would not be found, and
+clients could not connect to the share.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-1.1.3"/>
+
+<h3 class="head3">Line continuation</h3>
+
+<p><a name="INDEX-10"/>You can continue a line in the
+Samba configuration file using the backslash, like this:</p>
+
+<blockquote><pre class="code">comment = The first share that has the primary copies \
+ of the new Teamworks software product.</pre></blockquote>
+
+<p>Because of the backslash, these two lines will be treated as one line
+by Samba. The second line begins at the first nonwhitespace character
+that Samba encounters; in this case, the <tt class="literal">o</tt> in
+<tt class="literal">of</tt>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-1.1.4"/>
+
+<h3 class="head3">Comments</h3>
+
+<p><a name="INDEX-11"/>You can
+insert comments in the <em class="filename">smb.conf</em> configuration
+file by starting a line with either a hash (<tt class="literal">#</tt>) or
+a semicolon ( <tt class="literal">;</tt> ). For this purpose, both
+characters are equivalent. For example, the first three lines in the
+following example would be considered comments:</p>
+
+<blockquote><pre class="code"># This is the printers section. We have given a minimum print
+; space of 2000 to prevent some errors that we've seen when
+; the spooler runs out of space.
+
+[printers]
+ public = yes
+ min print space = 2000</pre></blockquote>
+
+<p>Samba will ignore all comment lines in its configuration file; there
+are no limitations to what can be placed on a comment line after the
+initial hash mark or semicolon. Note that the line continuation
+character (<tt class="literal">\</tt>) will <em class="emphasis">not</em> be
+honored on a commented line. Like the rest of the line, it is
+ignored.</p>
+<a name="samba2-CHP-6-NOTE-128"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>Samba does not allow mixing of comment lines and parameters. Be
+careful not to put comments on the same line as anything else, such
+as:</p>
+
+
+<blockquote><pre class="code">path = /d # server's data partition</pre></blockquote>
+
+
+<p>Errors such as this, where the parameter value is defined with a
+string, can be tricky to notice. The <em class="emphasis">testparm</em>
+program won't complain, and the only clues
+you'll receive are that
+<em class="emphasis">testparm</em> reports the <tt class="literal">path</tt>
+parameter set to <tt class="literal">/d # server's data partition</tt>, and
+the failures that result when clients attempt to access the share.</p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-1.1.5"/>
+
+<h3 class="head3">Changes at runtime</h3>
+
+<p><a name="INDEX-12"/>You can modify the
+<em class="filename">smb.conf</em> configuration file and any of its
+options at any time while the Samba daemons are running. By default,
+Samba checks the configuration file every 60 seconds. If it finds any
+changes, they are immediately put into effect.</p>
+
+<a name="samba2-CHP-6-NOTE-129"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Having Samba check the configuration file automatically can be
+convenient, but it also means that if you edit
+<em class="filename">smb.conf</em> directly, you might be immediately
+changing your network's <a name="INDEX-13"/>configuration every time you save the
+file. If you're making anything more than a minor
+change, it may be wiser to copy <em class="filename">smb.conf</em> to a
+temporary file, edit that, run <tt class="literal">testparm</tt>
+<em class="replaceable">filename</em> to check it, and then copy the
+temporary file back to <em class="filename">smb.conf</em>. That way, you
+can be sure to put all your changes into effect at once, and only
+after you are confident that you have created the exact configuration
+you wish to implement.</p>
+</blockquote>
+
+<p>If you don't want to wait for the configuration file
+to be reloaded automatically, you can force a reload either by
+sending a hangup signal to the <em class="emphasis">smbd</em> and
+<em class="emphasis">nmbd</em> processes or simply by restarting the
+daemons. Actually, it can be a good idea to restart the daemons
+because it forces the clients to disconnect and reconnect, ensuring
+that the new configuration is applied to all clients. We showed you
+how to restart the daemons in <a href="ch02.html">Chapter 2</a>, and
+sending them a hangup (HUP) signal is very similar. On Linux, it can
+be done with the command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>killall -HUP smbd nmbd</b></tt></pre></blockquote>
+
+<p>In this case, not all changes will be immediately recognized by
+clients. For example, changes to a share that is currently in use
+will not be registered until the client disconnects and reconnects to
+that share. In addition, server-specific parameters such as the
+workgroup or NetBIOS name of the server will not go into effect
+immediately either. (This behavior was implemented intentionally
+because it keeps active clients from being suddenly disconnected or
+encountering unexpected access problems while a session is open.)
+<a name="INDEX-14"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-1.2"/>
+
+<h3 class="head2">Variables</h3>
+
+<p><a name="INDEX-15"/>Because a
+new copy of the<em class="filename"> </em><em class="emphasis">smbd</em> daemon
+is created for each connecting client, it is possible for each client
+to have its own customized configuration file. Samba allows a
+limited, yet useful, form of variable substitution in the
+configuration file to allow information about the Samba server and
+the client to be included in the configuration at the time the client
+connects. Inside the configuration file, a variable begins with a
+percent sign (<tt class="literal">%</tt>), followed by a single upper- or
+lowercase letter, and can be used only on the right side of a
+configuration option (i.e., after the equal sign). An example is:</p>
+
+<blockquote><pre class="code">[pub]
+ path = /home/ftp/pub/%a</pre></blockquote>
+
+<p>The <tt class="literal">%a</tt><a name="INDEX-16"/> stands for the client
+system's architecture and will be replaced as shown
+in <a href="ch06.html#samba2-CHP-6-TABLE-1">Table 6-1</a>.</p>
+
+<a name="samba2-CHP-6-TABLE-1"/><h4 class="head4">Table 6-1. %a substitution</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Client operating system
+(&quot;architecture&quot;)</p>
+</th>
+<th>
+<p>Replacement string</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>Windows for Workgroups</p>
+</td>
+<td>
+<p><tt class="literal">WfWg</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows 95 and Windows 98</p>
+</td>
+<td>
+<p><tt class="literal">Win95</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows NT</p>
+</td>
+<td>
+<p><tt class="literal">WinNT</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows 2000 and Windows XP</p>
+</td>
+<td>
+<p><tt class="literal">Win2K</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Samba</p>
+</td>
+<td>
+<p><tt class="literal">Samba</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Any OS not listed earlier</p>
+</td>
+<td>
+<p><tt class="literal">UNKNOWN</tt></p>
+</td>
+</tr>
+
+</table>
+
+<p>In this example, Samba will assign a unique path for the
+<tt class="literal">[pub]</tt> share to client systems based on what
+operating system they are running. The paths that each client would
+see as its share differ according to the client's
+architecture:</p>
+
+<blockquote><pre class="code">/home/ftp/pub/WfwG
+/home/ftp/pub/Win95
+/home/ftp/pub/WinNT
+/home/ftp/pub/Win2K
+/home/ftp/pub/Samba
+/home/ftp/pub/UNKNOWN</pre></blockquote>
+
+<p>Using variables in this manner comes in handy if you wish to have
+different users run custom configurations based on their own unique
+characteristics or conditions.
+<a name="INDEX-17"/><a name="INDEX-18"/>Samba
+has 20 variables, as shown in <a href="ch06.html#samba2-CHP-6-TABLE-2">Table 6-2</a>.</p>
+
+<a name="samba2-CHP-6-TABLE-2"/><h4 class="head4">Table 6-2. Samba variables</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Variable</p>
+</th>
+<th>
+<p>Definition</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><b class="emphasis-bold">Client variables</b></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%a</tt><a name="INDEX-19"/></p>
+</td>
+<td>
+<p>Client's architecture (see <a href="ch06.html#samba2-CHP-6-TABLE-1">Table 6-1</a>)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%I</tt><a name="INDEX-20"/></p>
+</td>
+<td>
+<p>Client's IP address (e.g., 172.16.1.2)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%m</tt><a name="INDEX-21"/></p>
+</td>
+<td>
+<p>Client's NetBIOS name</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%M</tt><a name="INDEX-22"/></p>
+</td>
+<td>
+<p>Client's DNS name</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><b class="emphasis-bold">User variables</b></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%u</tt><a name="INDEX-23"/></p>
+</td>
+<td>
+<p>Current Unix username</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%U</tt><a name="INDEX-24"/></p>
+</td>
+<td>
+<p>Requested client username (not always used by Samba)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%H</tt><a name="INDEX-25"/></p>
+</td>
+<td>
+<p>Home directory of <tt class="literal">%u</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%g</tt><a name="INDEX-26"/></p>
+</td>
+<td>
+<p>Primary group of <tt class="literal">%u</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%G</tt><a name="INDEX-27"/></p>
+</td>
+<td>
+<p>Primary group of <tt class="literal">%U</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><b class="emphasis-bold">Share variables</b></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%S</tt><a name="INDEX-28"/></p>
+</td>
+<td>
+<p>Current share's name</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%P</tt><a name="INDEX-29"/></p>
+</td>
+<td>
+<p>Current share's root directory</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%p</tt><a name="INDEX-30"/></p>
+</td>
+<td>
+<p>Automounter's path to the share's
+root directory, if different from <tt class="literal">%P</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><b class="emphasis-bold">Server variables</b></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%d</tt><a name="INDEX-31"/></p>
+</td>
+<td>
+<p>Current server process ID</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%h</tt><a name="INDEX-32"/></p>
+</td>
+<td>
+<p>Samba server's DNS hostname</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%L</tt><a name="INDEX-33"/></p>
+</td>
+<td>
+<p>Samba server's NetBIOS name</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%N</tt><a name="INDEX-34"/></p>
+</td>
+<td>
+<p>Home directory server, from the automount map</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%v</tt><a name="INDEX-35"/></p>
+</td>
+<td>
+<p>Samba version</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><b class="emphasis-bold">Miscellaneous variables</b></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%R</tt><a name="INDEX-36"/></p>
+</td>
+<td>
+<p>The SMB protocol level that was negotiated</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%T</tt><a name="INDEX-37"/></p>
+</td>
+<td>
+<p>The current date and time</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><a name="INDEX-38"/>%$<em class="replaceable">var</em></p>
+</td>
+<td>
+<p>The value of environment variable <tt class="literal">var</tt></p>
+</td>
+</tr>
+
+</table>
+
+<p>Here's another example of using
+<a name="INDEX-39"/><a name="INDEX-40"/><a name="INDEX-41"/>variables: let's say there
+are five clients on your network, but one client,
+<tt class="literal">maya</tt>, requires a slightly different
+<tt class="literal">[homes]</tt> configuration. With Samba,
+it's simple to handle this:</p>
+
+<blockquote><pre class="code">[homes]
+ ...
+ include = /usr/local/samba/lib/smb.conf.%m
+ ...</pre></blockquote>
+
+<p>The <tt class="literal">include</tt> option here causes a separate
+configuration file for each particular NetBIOS machine
+(<tt class="literal">%m</tt>) to be read in addition to the current file.
+If the hostname of the client system is <tt class="literal">maya</tt>, and
+if a <em class="filename">smb.conf.maya</em> file exists in the
+<em class="filename">/usr/local/samba/lib</em> directory, Samba will
+insert that configuration file into the default one. If any
+configuration options are restated in
+<em class="filename">smb.conf.maya</em>, those values will override any
+options previously encountered in that share. Note that we say
+&quot;previously.&quot; If any options are
+restated in the main configuration file after the
+<tt class="literal">include</tt> option, Samba will honor those restated
+values for the share in which they are defined.</p>
+
+<p>If the file specified by the <tt class="literal">include</tt> parameter
+does not exist, Samba will not generate an error. In fact, it
+won't do anything at all. This allows you to create
+only one extra configuration file for <tt class="literal">maya</tt> when
+using this strategy, instead of one for each client that is on the
+network.</p>
+
+<p>Client-specific configuration files can be used to customize
+particular clients. They also can be used to make debugging Samba
+easier. For example, if we have one client with a problem, we can use
+this approach to give it a private log file with a more verbose
+logging level. This allows us to see what Samba is doing without
+slowing down all the other clients or overflowing the disk with
+useless logs.</p>
+
+<p>You can use the variables in <a href="ch06.html#samba2-CHP-6-TABLE-2">Table 6-2</a> to give
+custom values to a variety of Samba options. We will highlight
+several of these options as we move through the next few chapters.
+<a name="INDEX-42"/></p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-6-SECT-2"/>
+
+<h2 class="head1">Special Sections</h2>
+
+<p>Now that we've gotten our feet wet with variables,
+there are a few special sections of the Samba configuration file that
+we should talk about. Again, don't worry if you do
+not understand every configuration option listed here;
+we'll go over each of them in the upcoming chapters.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-2.1"/>
+
+<h3 class="head2">The [ global] Section</h3>
+
+<p>The <tt class="literal">[global]</tt><a name="INDEX-43"/><a name="INDEX-44"/> section appears in virtually
+every Samba configuration file, even though it is not mandatory.
+There are two purposes for the <tt class="literal">[global]</tt> section.
+Server-wide settings are defined here, and any options that apply to
+shares will be used as a default in all share definitions, unless
+overridden within the share definition.</p>
+
+<p>To illustrate this, let's again look at the example
+at the beginning of the chapter:</p>
+
+<blockquote><pre class="code">[global]
+ workgroup = METRAN
+ encrypt passwords = yes
+ wins support = yes
+ log level = 1
+ max log size = 1000
+ read only = no
+[homes]
+ browsable = no
+ map archive = yes
+[printers]
+ path = /var/tmp
+ printable = yes
+ min print space = 2000
+[test]
+ browsable = yes
+ read only = yes
+ path = /usr/local/samba/tmp</pre></blockquote>
+
+<p>When a client connects to the <tt class="literal">[test]</tt> share, Samba
+first reads the <tt class="literal">[global]</tt> section and sets the
+option <tt class="literal">read</tt> <tt class="literal">only</tt>
+<tt class="literal">=</tt> <tt class="literal">no</tt> as the global default for
+each share it encounters throughout the configuration file. This
+includes the <tt class="literal">[homes]</tt> and <tt class="literal">[test]</tt>
+shares. When it reads the definition of the <tt class="literal">[test]</tt>
+share, it then finds the configuration option <tt class="literal">read</tt>
+<tt class="literal">only</tt> <tt class="literal">=</tt> <tt class="literal">yes</tt>
+and overrides the default from the <tt class="literal">[global]</tt>
+section with the value <tt class="literal">yes</tt>.</p>
+
+<p>Any option that appears before the first marked section is assumed to
+be a global option. This means that the <tt class="literal">[global]</tt>
+section heading is not absolutely required; however, we suggest you
+always include it for clarity and to ensure future compatibility.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-2.2"/>
+
+<h3 class="head2">The [ homes] Section</h3>
+
+<p>If a client attempts to connect to a share that
+doesn't appear in the <em class="filename">smb.conf</em>
+file, Samba will search for a
+<tt class="literal">[homes]</tt><a name="INDEX-45"/><a name="INDEX-46"/> share in the
+configuration file. If a <tt class="literal">[homes]</tt> share exists, the
+unresolved share name is assumed to be a Unix username. If that
+username appears in the password database on the Samba server, Samba
+assumes the client is a Unix user trying to connect to her home
+directory on the server.</p>
+
+<p>For example, assume a client system is connecting to the Samba server
+<tt class="literal">toltec</tt> for the first time and tries to connect to
+a share named <tt class="literal">[alice]</tt>. There is no
+<tt class="literal">[alice]</tt> share defined in the
+<em class="filename">smb.conf</em> file, but there is a
+<tt class="literal">[homes]</tt>, so Samba searches the password database
+file and finds an <tt class="literal">alice</tt> user account is present on
+the system. Samba then checks the password provided by the client
+against user <tt class="literal">alice</tt>'s Unix
+password&mdash;either with the password database file if
+it's using nonencrypted passwords or with
+Samba's <em class="filename">smbpasswd</em> file if
+encrypted passwords are in use. If the passwords match, Samba knows
+it has guessed right: the user <tt class="literal">alice</tt> is trying to
+connect to her home directory. Samba will then create a share called
+<tt class="literal">[alice]</tt> for her, with the share's
+path set to <tt class="literal">alice</tt>'s home
+directory.</p>
+
+<p>The process of using the <tt class="literal">[homes]</tt> section to create
+users (and dealing with their passwords) is discussed in more detail
+in <a href="ch09.html">Chapter 9</a>.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-2.3"/>
+
+<h3 class="head2">The [printers] Section</h3>
+
+<p>The third special section is called
+<tt class="literal">[printers]</tt><a name="INDEX-47"/><a name="INDEX-48"/> and is similar to
+<tt class="literal">[homes]</tt>. If a client attempts to connect to a
+share that isn't in the
+<em class="filename">smb.conf</em> file and its name
+can't be found in the password file, Samba will
+check to see if it is a printer share. Samba does this by reading the
+printer capabilities file (usually
+<em class="filename">/etc/printcap</em>) to see if the share name appears
+there.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> If it does, Samba creates a share named after the
+printer.</p>
+
+<p>This means that as with <tt class="literal">[homes]</tt>, you
+don't have to maintain a share for each system
+printer in the <em class="filename">smb.conf</em> file. Instead, Samba
+honors the Unix printer registry if you ask it to, and it provides
+the registered printers to the client systems. However, there is a
+potential difficulty: if you have an account named
+<tt class="literal">fred</tt> and a printer named <tt class="literal">fred</tt>,
+Samba will always find the user account first, even if the client
+really needed to connect to the printer.</p>
+
+<p>The process of setting up the <tt class="literal">[printers]</tt> share is
+discussed in more detail in <a href="ch10.html">Chapter 10</a>.</p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-6-SECT-3"/>
+
+<h2 class="head1">Configuration Options</h2>
+
+<p><a name="INDEX-49"/>Options in
+the Samba configuration files fall into one of two categories:
+<em class="firstterm">global</em> options or <em class="firstterm">share</em>
+options. Each category dictates where an option can appear in the
+configuration file.</p>
+
+<dl>
+<dt><b>Global options</b></dt>
+<dd>
+<p>Global options must appear in the <tt class="literal">[global]</tt> section
+and nowhere else. These are options that typically apply to the
+behavior of the Samba server itself and not to any of its shares.</p>
+</dd>
+
+
+
+<dt><b>Share options</b></dt>
+<dd>
+<p>Share options can appear in share definitions, the
+<tt class="literal">[global]</tt> section, or both. If they appear in the
+<tt class="literal">[global]</tt> section, they will define a default
+behavior for all shares unless a share overrides the option with a
+value of its own.</p>
+</dd>
+
+</dl>
+
+<p>In addition, configuration options can take three kinds of values.
+They are as follows:</p>
+
+<dl>
+<dt><b>Boolean</b></dt>
+<dd>
+<p>These are simply yes or no values, but can be represented by any of
+the following: <tt class="literal">yes</tt>, <tt class="literal">no</tt>,
+<tt class="literal">true</tt>, <tt class="literal">false</tt>,
+<tt class="literal">1</tt>, or <tt class="literal">0</tt>. The values are
+case-insensitive: <tt class="literal">YES</tt> is the same as
+<tt class="literal">yes</tt>.</p>
+</dd>
+
+
+
+<dt><b>Numeric</b></dt>
+<dd>
+<p>This is a decimal, hexadecimal, or octal number. The standard
+<tt class="literal">0x</tt><em class="emphasis">nn</em> syntax is used for
+hexadecimal and <tt class="literal">0</tt><em class="emphasis">nnn</em> for
+octal.</p>
+</dd>
+
+
+
+<dt><b>String</b></dt>
+<dd>
+<p>This is a string of case-sensitive characters, such as a filename or
+a username.</p>
+</dd>
+
+</dl>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-3.1"/>
+
+<h3 class="head2">Configuration File Options</h3>
+
+<p>You can instruct Samba to include or replace configuration options as
+it is processing them. The options to do this are summarized in <a href="ch06.html#samba2-CHP-6-TABLE-3">Table 6-3</a>.</p>
+
+<a name="samba2-CHP-6-TABLE-3"/><h4 class="head4">Table 6-3. Configuration file options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">config</tt> <tt class="literal">file</tt></p>
+</td>
+<td>
+<p>string (name of file)</p>
+</td>
+<td>
+<p>Sets the location of a configuration file to use instead of the
+current one</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">include</tt></p>
+</td>
+<td>
+<p>string (name of file)</p>
+</td>
+<td>
+<p>Specifies an additional set of configuration options to be included
+in the configuration file</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">copy</tt></p>
+</td>
+<td>
+<p>string (name of share)</p>
+</td>
+<td>
+<p>Allows you to clone the configuration options of another share in the
+current share</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-3.1.1"/>
+
+<h3 class="head3">config file</h3>
+
+<p>The global <tt class="literal">config</tt><a name="INDEX-50"/> <tt class="literal">file</tt>
+option specifies a replacement configuration file that will be loaded
+when the option is encountered. If the target file exists, the
+remainder of the current configuration file, as well as the options
+encountered so far, will be discarded, and Samba will configure
+itself entirely with the options in the new file. Variables can be
+used with the <tt class="literal">config</tt> <tt class="literal">file</tt>
+option, which is useful in the event that you want to use a special
+configuration file based on the NetBIOS machine name or user of the
+client that is connecting.</p>
+
+<p>For example, the following line instructs Samba to use a
+configuration file specified by the NetBIOS name of the client
+connecting, if such a file exists. If it does, options specified in
+the original configuration file are ignored:</p>
+
+<blockquote><pre class="code">[global]
+ config file = /usr/local/samba/lib/smb.conf.%m</pre></blockquote>
+
+<p>If the configuration file specified does not exist, the option is
+ignored, and Samba will continue to configure itself based on the
+current file. This allows a default configuration file to serve most
+clients, while providing for exceptions with customized configuration
+files.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-3.1.2"/>
+
+<h3 class="head3">include</h3>
+
+<p>This <a name="INDEX-51"/>option, discussed in greater detail
+earlier, copies the target file into the current configuration file
+at the point specified, as shown in <a href="ch06.html#samba2-CHP-6-FIG-1">Figure 6-1</a>.
+This option also can be used with variables. You can use this option
+as follows:</p>
+
+<blockquote><pre class="code">[global]
+ include = /usr/local/samba/lib/smb.conf.%m</pre></blockquote>
+
+<p>If the configuration file specified does not exist, the option is
+ignored. Options in the include file override any option specified
+previously, but not options that are specified later. In <a href="ch06.html#samba2-CHP-6-FIG-1">Figure 6-1</a>, all three options will override their
+previous values.</p>
+
+<div class="figure"><a name="samba2-CHP-6-FIG-1"/><img src="figs/sam2_0601.gif"/></div><h4 class="head4">Figure 6-1. The include option in a Samba configuration file</h4>
+
+<p>The <tt class="literal">include</tt> option does not work with the
+variables <tt class="literal">%u</tt> (user), <tt class="literal">%P</tt>
+(current share's root directory), or
+<tt class="literal">%S</tt> (current share's name) because
+they are not set at the time the <tt class="literal">include</tt> parameter
+is processed.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-3.1.3"/>
+
+<h3 class="head3">copy</h3>
+
+<p>The <tt class="literal">copy</tt><a name="INDEX-52"/> configuration option allows you to clone
+the configuration options of the share name that you specify in the
+current share. The target share must appear earlier in the
+configuration file than the share that is performing the copy. For
+example:</p>
+
+<blockquote><pre class="code">[template]
+ writable = yes
+ browsable = yes
+ valid users = andy, dave, jay
+
+[data]
+ path = /usr/local/samba
+ copy = template</pre></blockquote>
+
+<p>Note that any options in the share that invoked the
+<tt class="literal">copy</tt> directive will override those in the cloned
+share; it does not matter whether they appear before or after the
+<tt class="literal">copy</tt> directive. <a name="INDEX-53"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-6-SECT-4"/>
+
+<h2 class="head1">Server Configuration</h2>
+
+<p><a name="INDEX-54"/>We will now start from
+scratch and build a configuration file for our Samba server. First we
+will introduce three basic configuration options that can appear in
+the <tt class="literal">[global]</tt> section of the
+<em class="filename">smb.conf</em> file:</p>
+
+<blockquote><pre class="code">[global]
+ # Server configuration parameters
+ netbios name = toltec
+ server string = Samba %v on %L
+ workgroup = METRAN
+ encrypt passwords = yes</pre></blockquote>
+
+<p>This configuration file is pretty simple; it advertises the Samba
+server under the NetBIOS name <tt class="literal">toltec</tt>. In addition,
+it places the system in the METRAN workgroup and displays a
+description to clients that includes the Samba version number, as
+well as the NetBIOS name of the Samba server.</p>
+
+<a name="samba2-CHP-6-NOTE-130"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>If you used the line <tt class="literal">encrypt passwords = yes</tt> in
+your earlier configuration file, you should do so here as well.</p>
+</blockquote>
+
+<p>If you like, you can go ahead and try this configuration file. Create
+a file named <em class="filename">smb.conf</em> under the
+<em class="filename">/usr/local/samba/lib</em> directory with the text
+listed earlier. Then restart the Samba server and use a Windows
+client to verify the results. Be sure that your Windows clients are
+in the METRAN workgroup as well. After double-clicking the Network
+Neighborhood on a Windows client, you should see a window similar to
+<a href="ch06.html#samba2-CHP-6-FIG-2">Figure 6-2</a>. (In this figure,
+<tt class="literal">Mixtec</tt> is another Samba server,
+<tt class="literal">a</tt>nd <tt class="literal">Zapotec</tt> is a Windows
+client.)</p>
+
+<div class="figure"><a name="samba2-CHP-6-FIG-2"/><img src="figs/sam2_0602.gif"/></div><h4 class="head4">Figure 6-2. Network Neighborhood showing Toltec, the Samba server</h4>
+
+<p>You can verify the <tt class="literal">server</tt>
+<tt class="literal">string</tt> by listing the details of the Network
+Neighborhood window (select Details in the View menu). You should see
+a window similar to <a href="ch06.html#samba2-CHP-6-FIG-3">Figure 6-3</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-6-FIG-3"/><img src="figs/sam2_0603.gif"/></div><h4 class="head4">Figure 6-3. Network Neighborhood details listing</h4>
+
+<p>If you were to click the <em class="filename">toltec</em> icon, a window
+should appear that shows the services that it provides. In this case,
+the window would be completely empty because there are no shares on
+the server yet.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-4.1"/>
+
+<h3 class="head2">Server Configuration Options</h3>
+
+<p><a href="ch06.htm#samba2-CHP-6-TABLE-4">Table 6-4</a> summarizes the server configuration
+options introduced previously. All three of these options are global
+in scope, so they must appear in the <tt class="literal">[global]</tt>
+section of the configuration file.<a name="INDEX-55"/></p>
+
+<a name="samba2-CHP-6-TABLE-4"/><h4 class="head4">Table 6-4. Server configuration options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">netbios</tt> <tt class="literal">name</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>NetBIOS name of the Samba server</p>
+</td>
+<td>
+<p>Server's unqualified DNS hostname</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">workgroup</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>NetBIOS group to which the server belongs</p>
+</td>
+<td>
+<p>Defined at compile time</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">server</tt> <tt class="literal">string</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>Descriptive string for the Samba server</p>
+</td>
+<td>
+<p><tt class="literal">Samba %v</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-4.1.1"/>
+
+<h3 class="head3">netbios name</h3>
+
+<p>The <tt class="literal">netbios</tt><a name="INDEX-56"/> <tt class="literal">name</tt> option
+allows you to set the NetBIOS name of the server. For example:</p>
+
+<blockquote><pre class="code">netbios name = YORKVM1</pre></blockquote>
+
+<p>The default value for this configuration option is the
+server's hostname&mdash;that is, the first part of
+its fully qualified domain name. For example, a system with the DNS
+name <tt class="literal">ruby.ora.com</tt> would be given the NetBIOS name
+<tt class="literal">RUBY</tt> by default. While you can use this option to
+restate the system's NetBIOS name in the
+configuration file (as we did previously), it is more commonly used
+to assign the Samba server a NetBIOS name other than its current DNS
+name. Remember that the name given must follow the rules for valid
+NetBIOS machine names as outlined in <a href="ch01.html">Chapter 1</a>.</p>
+
+<p>Changing the NetBIOS name of the server is not recommended unless you
+have a good reason. One such reason might be if the hostname of the
+system is not unique because the LAN is divided over two or more DNS
+domains. For example, YORKVM1 is a good NetBIOS candidate for
+<tt class="literal">vm1.york.example.com</tt> to differentiate it from
+<tt class="literal">vm1.falkirk.example.com</tt>, which has the same
+hostname but resides in a different DNS domain.</p>
+
+<p>Another use of this option is for relocating SMB services from a dead
+or retired system. For example, if <tt class="literal">SALES</tt> is the
+SMB server for the department and it suddenly dies, you could
+immediately reset <tt class="literal">netbios</tt> <tt class="literal">name</tt>
+<tt class="literal">=</tt> <tt class="literal">SALES</tt> on a backup Samba
+server that's taking over for it. Users
+won't have to change their drive mappings to a
+different server; new connections to <tt class="literal">SALES</tt> will
+simply go to the new server.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-4.1.2"/>
+
+<h3 class="head3">workgroup</h3>
+
+<p>The <tt class="literal">workgroup</tt><a name="INDEX-57"/> parameter sets the
+current workgroup (or domain) in which the Samba server will
+advertise itself. Clients that wish to access shares on the Samba
+server should be in the same NetBIOS group. Remember that workgroups
+are really just NetBIOS group names and must follow the standard
+NetBIOS naming conventions outlined in <a href="ch01.html">Chapter 1</a>.</p>
+
+<p>The default option for this parameter is set at compile time to
+<tt class="literal">WORKGROUP</tt>. Because this is the default workgroup
+name of every unconfigured Windows and Samba system, we recommend
+that you always set your workgroup name in the Samba configuration
+file. When choosing your workgroup name, try to avoid making it the
+same name as a server or user. This will avoid possible problems with
+WINS name resolution.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-4.1.3"/>
+
+<h3 class="head3">server string</h3>
+
+<p>The <tt class="literal">server</tt><a name="INDEX-58"/> <tt class="literal">string</tt>
+parameter defines a comment string that will appear next to the
+server name in both the Network Neighborhood (when shown with the
+Details view) and the comment entry of the Microsoft Windows printer
+manager.<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a> </p>
+
+<p>You can use variables to provide
+information in the description. For example, our entry earlier was:</p>
+
+<blockquote><pre class="code">[global]
+ server string = Samba %v on (%h)</pre></blockquote>
+
+<p>The default for this option simply presents the current version of
+Samba and is equivalent to:</p>
+
+<a name="INDEX-59"/><blockquote><pre class="code">server string = Samba %v</pre></blockquote>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-6-SECT-5"/>
+
+<h2 class="head1">Disk Share Configuration</h2>
+
+<p><a name="INDEX-60"/><a name="INDEX-61"/>We mentioned in the previous section that
+there were no disk shares on the <tt class="literal">toltec</tt> server.
+Let's continue building the configuration file and
+create an empty disk share called <tt class="literal">[data]</tt>. Here are
+the additions that will do it:</p>
+
+<blockquote><pre class="code">[data]
+ path = /export/samba/data
+ comment = Data Drive
+ volume = Sample-Data-Drive
+ writable = yes</pre></blockquote>
+
+<p>The <tt class="literal">[data]</tt> share is typical for a Samba disk
+share. The share maps to the directory <em class="filename">/export/samba/data
+</em>on the Samba server. We've also provided
+a comment that describes the share as a <tt class="literal">Data</tt>
+<tt class="literal">Drive</tt>, as well as a volume name for the share
+itself.</p>
+
+<p>Samba's default is to create a read-only share. As a
+result, the <tt class="literal">writable</tt> option needs to be explicitly
+set for each disk share you wish to make writable.</p>
+
+<p>We will also need to create the
+<em class="filename">/export/samba/data</em> directory on the Samba server
+with the following commands:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /export/samba/data</b></tt>
+# <tt class="userinput"><b>chmod 777 /export/samba/data</b></tt></pre></blockquote>
+
+<p>Now, if we connect to the <tt class="literal">toltec</tt> server again by
+double-clicking its icon in the Windows Network Neighborhood, we will
+see a single share entitled <tt class="literal">data</tt>, as shown in
+<a href="ch06.html#samba2-CHP-6-FIG-4">Figure 6-4</a>. This share has read/write access, so
+files can be copied to or from it.</p>
+
+<div class="figure"><a name="samba2-CHP-6-FIG-4"/><img src="figs/sam2_0604.gif"/></div><h4 class="head4">Figure 6-4. The initial data share on the Samba server</h4>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-5.1"/>
+
+<h3 class="head2">Disk Share Configuration Options</h3>
+
+<p>The basic Samba configuration options for disk shares previously
+introduced are listed in <a href="ch06.html#samba2-CHP-6-TABLE-5">Table 6-5</a>.</p>
+
+<a name="samba2-CHP-6-TABLE-5"/><h4 class="head4">Table 6-5. Basic share configuration options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">path</tt> <tt class="literal">(directory)</tt></p>
+</td>
+<td>
+<p>string (directory name)</p>
+</td>
+<td>
+<p>Sets the Unix directory that will be provided for a disk share or
+used for spooling by a printer share.</p>
+</td>
+<td>
+<p><tt class="literal">/tmp</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">comment</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>Sets the comment that appears with the share.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">volume</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>Sets the MS-DOS volume name for the share.</p>
+</td>
+<td>
+<p>Share name</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">read only</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, allows read-only access to a share.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">writable</tt> <tt class="literal">(write ok or writeable)</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">no</tt>, allows read-only access to a share. If
+<tt class="literal">yes</tt>, both reading and writing are allowed.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-5.1.1"/>
+
+<h3 class="head3">path</h3>
+
+<p>This <a name="INDEX-63"/>option, which has the synonym
+<tt class="literal">directory</tt>, indicates the pathname for the root of
+the shared directory or printer. You can choose any directory on the
+Samba server, so long as the owner of the Samba process that is
+connecting has read and write access to that directory. If the path
+is for a printing share, it should point to a temporary directory
+where files can be written on the server before being spooled to the
+target printer ( <em class="filename"> /tmp</em> and
+<em class="filename">/var/spool</em> are popular choices). If this path is
+for a disk share, the contents of the folder representing the share
+name on the client will match the contents of the directory on the
+Samba server.</p>
+
+<p>The directory specified as the value for <tt class="literal">path</tt> can
+be given as a relative path, in which case it will be relative to the
+directory specified by the <tt class="literal">root</tt>
+<tt class="literal">directory</tt> parameter. Because
+<tt class="literal">root</tt> <tt class="literal">directory</tt> defaults to root
+(<em class="filename">/</em> ), it is generally a good idea to use
+absolute paths for the <tt class="literal">path</tt> parameter, unless
+<tt class="literal">root</tt> <tt class="literal">directory</tt> has been set to
+something other than the default.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-5.1.2"/>
+
+<h3 class="head3">comment</h3>
+
+<p>The <tt class="literal">comment</tt><a name="INDEX-64"/> option allows you to enter a
+comment that will be sent to the client when it attempts to browse
+the share. The user can see the comment by using the Details view on
+the share folder or with the <em class="emphasis">net view</em> command at
+an MS-DOS prompt. For example, here is how you might insert a comment
+for a share:</p>
+
+<blockquote><pre class="code">[network]
+ comment = Network Drive
+ path = /export/samba/network</pre></blockquote>
+
+<p>Be sure not to confuse the <tt class="literal">comment</tt> option, which
+documents a Samba server's shares, with the
+<tt class="literal">server</tt> <tt class="literal">string</tt> option, which
+documents the server itself.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-5.1.3"/>
+
+<h3 class="head3">volume</h3>
+
+<p>This <a name="INDEX-65"/>option allows you to specify the volume
+name of the share, which would otherwise default to the name of the
+share given in the <em class="filename">smb.conf</em> file.</p>
+
+<p>Some software installation programs check the volume name of the
+distribution CD-ROM to make sure the correct CD-ROM is in the drive
+before attempting to install from it. If you copy the contents of the
+CD-ROM into a network share and wish to install from there, you can
+use this option to make sure the installation program sees the
+correct volume name:</p>
+
+<blockquote><pre class="code">[network]
+ comment = Network Drive
+ volume = ASVP-102-RTYUIKA
+ path = /home/samba/network</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-5.1.4"/>
+
+<h3 class="head3">read only, writable</h3>
+
+<p>The options <tt class="literal">read</tt><a name="INDEX-66"/> <tt class="literal">only</tt>
+and <tt class="literal">writable</tt><a name="INDEX-67"/> (also called
+<tt class="literal">writeable</tt><a name="INDEX-68"/> or
+<tt class="literal">write</tt><a name="INDEX-69"/> <tt class="literal">ok</tt> ) are really two
+ways of saying the same thing, but they are approached from opposite
+ends. For example, you can set either of the following options in the
+<tt class="literal">[global]</tt> section or in an individual share:</p>
+
+<blockquote><pre class="code">read only = yes
+writable = no</pre></blockquote>
+
+<p>If either option is set as shown, data can be read from a share, but
+cannot be written to it. You might think you would need this option
+only if you were creating a read-only share. However, note that this
+read-only behavior is the <em class="emphasis">default</em> action for
+shares; if you want to be able to write data to a share, you must
+explicitly specify one of the following options in the configuration
+file for each share:</p>
+
+<blockquote><pre class="code">read only = no
+writable = yes</pre></blockquote>
+
+<p>If you specify more than one occurrence of either option, Samba will
+adhere to the last value it encounters for the share. <a name="INDEX-70"/><a name="INDEX-71"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-6-SECT-6"/>
+
+<h2 class="head1">Networking Options with Samba</h2>
+
+<p><a name="INDEX-72"/><a name="INDEX-73"/>If
+you're running <a name="INDEX-74"/><a name="INDEX-75"/>Samba on a multihomed
+system (on multiple subnets), you will need to configure Samba to use
+all the network interfaces. Another use for the options presented in
+this section is to implement better security by allowing or
+disallowing connections on the specified interfaces.</p>
+
+<p>Let's assume that our Samba server can access both
+the subnets 192.168.220.* and 134.213.233.*. Here are our additions
+to the configuration file to add the networking configuration
+options:</p>
+
+<blockquote><pre class="code">[global]
+ # Networking configuration options
+ hosts allow = 192.168.220. 134.213.233.
+ hosts deny = 192.168.220.102
+ interfaces = 192.168.220.100/255.255.255.0 \
+ 134.213.233.110/255.255.255.0
+ bind interfaces only = yes</pre></blockquote>
+
+<p>Take a look at the <tt class="literal">hosts</tt><a name="INDEX-76"/> <tt class="literal">allow</tt>
+and <tt class="literal">hosts</tt><a name="INDEX-77"/> <tt class="literal">deny</tt> options. If these
+options sound familiar, you're probably thinking of
+the <em class="filename">hosts.allow</em> and
+<em class="filename">hosts.deny</em> files that are found in the
+<em class="filename">/etc</em> directories of many Unix systems. The
+purpose of these options is identical to those files; they provide a
+means of security by allowing or denying the connections of other
+hosts based on their IP addresses. We could use the
+<em class="filename">hosts.allow</em> and <em class="filename">hosts.deny</em>
+files, but we are using this method instead because there might be
+services on the server that we want others to access without also
+giving them access to Samba's disk or printer
+shares.</p>
+
+<p>With the <tt class="literal">hosts</tt> <tt class="literal">allow</tt> option,
+we've specified a 192.168.220 IP address, which is
+equivalent to saying: &quot;All hosts on the 192.168.220
+subnet.&quot; However, we've explicitly
+specified in a <tt class="literal">hosts</tt> <tt class="literal">deny</tt> line
+that 192.168.220.102 is not to be allowed access.</p>
+
+<p>You might be wondering why 192.168.220.102 will be denied even though
+it is still in the subnet matched by the <tt class="literal">hosts</tt>
+<tt class="literal">allow</tt> option. It is important to understand how
+Samba sorts out the rules specified by <tt class="literal">hosts</tt>
+<tt class="literal">allow</tt> and <tt class="literal">hosts</tt> <tt class="literal">deny</tt>
+:</p>
+
+<ol><li>
+<p>If no <tt class="literal">allow</tt> or <tt class="literal">deny</tt> options are
+defined anywhere in <em class="filename">smb.conf</em>, Samba will allow
+connections from any system.</p>
+</li><li>
+<p>If <tt class="literal">hosts</tt> <tt class="literal">allow</tt> or
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> options are defined
+in the <tt class="literal">[global]</tt> section of
+<em class="filename">smb.conf</em>, they will apply to all shares, even if
+either option is defined in one or more of the shares.</p>
+</li><li>
+<p>If only a <tt class="literal">hosts</tt> <tt class="literal">allow</tt> option is
+defined for a share, only the hosts listed will be allowed to use the
+share. All others will be denied.</p>
+</li><li>
+<p>If only a <tt class="literal">hosts</tt> <tt class="literal">deny</tt> option is
+defined for a share, any client which is not on the list will be able
+to use the share.</p>
+</li><li>
+<p>If both a <tt class="literal">hosts</tt> <tt class="literal">allow</tt> and
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> option are defined,
+a host must appear in the allow list and not appear in the deny list
+(in any form) to access the share. Otherwise, the host will not be
+allowed.</p>
+</li></ol><a name="samba2-CHP-6-NOTE-131"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>Take care that you don't explicitly allow a host to
+access a share, but then deny access to the entire subnet of which
+the host is part.</p>
+</blockquote>
+
+<p>Let's look at another example of that final item.
+Consider the following options:</p>
+
+<blockquote><pre class="code">hosts allow = 111.222.
+hosts deny = 111.222.333.</pre></blockquote>
+
+<p>In this case, only the hosts that belong to the subnet 111.222.*.*
+will be allowed access to the Samba shares. However, if a client
+belongs to the 111.222.333.* subnet, it will be denied access, even
+though it still matches the qualifications outlined by
+<tt class="literal">hosts</tt> <tt class="literal">allow</tt>. The client must
+appear on the <tt class="literal">hosts</tt> <tt class="literal">allow</tt> list
+and <em class="emphasis">must not</em> appear on the
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> list to gain access
+to a Samba share.</p>
+
+<p>The other two options that we've specified are
+<tt class="literal">interfaces</tt> and <tt class="literal">bind</tt>
+<tt class="literal">interface</tt> <tt class="literal">only</tt>.
+Let's look at the <tt class="literal">interfaces</tt>
+option first. Samba, by default, sends data only from the primary
+network interface, which in our example is the 192.168.220.100
+subnet. If we would like it to send data to more than that one
+interface, we need to specify the complete list with the
+<tt class="literal">interfaces</tt> option. In the previous example,
+we've bound Samba to interface with both subnets
+(192.168.220 and 134.213.233) on which the system is operating by
+specifying the other network interface address: 134.213.233.100. If
+you have more than one interface on your computer, you should always
+set this option, as there is no guarantee that the primary interface
+that Samba chooses will be the right one.</p>
+
+<p>Finally, the <tt class="literal">bind</tt> <tt class="literal">interfaces</tt>
+<tt class="literal">only</tt> option instructs the
+<em class="filename">nmbd</em> process not to accept any broadcast
+messages other than on the subnets specified with the
+<tt class="literal">interfaces</tt> option. This is different from the
+<tt class="literal">hosts</tt> <tt class="literal">allow</tt> and
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> options, which
+prevent clients from making connections to services, but not from
+receiving broadcast messages. Using the <tt class="literal">bind</tt>
+<tt class="literal">interfaces</tt> <tt class="literal">only</tt> option is a way
+to shut out all datagrams from foreign subnets. In addition, it
+instructs the <em class="emphasis">smbd</em> process to bind to only the
+interface list given by the <em class="emphasis">interfaces</em> option.
+This restricts the networks that Samba will serve.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-6.1"/>
+
+<h3 class="head2">Networking Options</h3>
+
+<p>The networking options we introduced earlier are summarized in <a href="ch06.html#samba2-CHP-6-TABLE-6">Table 6-6</a>.</p>
+
+<a name="samba2-CHP-6-TABLE-6"/><h4 class="head4">Table 6-6. Networking configuration options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">hosts allow (allow</tt> <tt class="literal">hosts)</tt></p>
+</td>
+<td>
+<p>string (list of hostnames)</p>
+</td>
+<td>
+<p>Client systems that can connect to Samba.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">hosts deny (deny</tt> <tt class="literal">hosts)</tt></p>
+</td>
+<td>
+<p>string (list of hostnames)</p>
+</td>
+<td>
+<p>Client systems that cannot connect to Samba.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">interfaces</tt></p>
+</td>
+<td>
+<p>string (list of IP/netmask combinations)</p>
+</td>
+<td>
+<p>Network interfaces Samba will respond to. Allows correcting defaults.</p>
+</td>
+<td>
+<p>System-dependent</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">bind</tt></p>
+
+<p><tt class="literal">interfaces only</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>If set to <tt class="literal">yes</tt>, Samba will bind only to those
+interfaces specified by the <tt class="literal">interfaces</tt> option.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-6.1.1"/>
+
+<h3 class="head3">hosts allow</h3>
+
+<p>The <tt class="literal">hosts</tt> <tt class="literal">allow</tt> option
+(sometimes written as <tt class="literal">allow</tt>
+<tt class="literal">hosts</tt>) specifies the clients that have permission
+to access shares on the Samba server, written as a comma- or
+space-separated list of hostnames of systems or their IP addresses.
+You can gain quite a bit of security by simply placing your
+LAN's subnet address in this option.</p>
+
+<p>You can specify any of the following formats for this option:</p>
+
+<ul><li>
+<p>Hostnames, such as <tt class="literal">ftp.example.com</tt> .</p>
+</li><li>
+<p>IP addresses, such as <tt class="literal">130.63.9.252</tt>.</p>
+</li><li>
+<p>Domain names, which can be differentiated from individual hostnames
+because they start with a dot. For example,
+<tt class="literal">.ora.com</tt> represents all systems within the
+<em class="emphasis">ora.com</em> domain.</p>
+</li><li>
+<p>Netgroups, which start with an at sign (<tt class="literal">@</tt>), such
+as <tt class="literal">@printerhosts</tt>. Netgroups are usually available
+only on systems running NIS or NIS+. If netgroups are supported on
+your system, there should be a <tt class="literal">netgroups</tt> manual
+page that describes them in more detail.</p>
+</li><li>
+<p>Subnets, which end with a dot. For example,
+<tt class="literal">130.63.9</tt>. means all the systems whose IP addresses
+begin with 130.63.9.</p>
+</li><li>
+<p>The keyword <tt class="literal">ALL</tt>, which allows any client access.</p>
+</li><li>
+<p>The keyword <tt class="literal">EXCEPT</tt> followed by one or more names,
+IP addresses, domain names, netgroups, or subnets. For example, you
+could specify that Samba allow all hosts except those on the
+192.168.110 subnet with <tt class="literal">hosts</tt>
+<tt class="literal">allow</tt> <tt class="literal">=</tt> <tt class="literal">ALL</tt>
+<tt class="literal">EXCEPT</tt> <tt class="literal">192.168.110</tt>. (remember
+to include the trailing dot).</p>
+</li></ul>
+<p>Using the <tt class="literal">ALL</tt> keyword by itself is almost always a
+bad idea because it means that crackers on any network can access
+your Samba server.</p>
+
+<p>The hostname <tt class="literal">localhost</tt>, for the loopback address
+127.0.0.1, is included in the <tt class="literal">hosts</tt>
+<tt class="literal">allow</tt> list by default and does not need to be
+listed explicitly unless you have specified the
+<tt class="literal">bind</tt> <tt class="literal">interfaces</tt>
+<tt class="literal">only</tt> parameter. This address is required for Samba
+to work properly.</p>
+
+<p>Other than that, there is no default value for the
+<tt class="literal">hosts</tt> <tt class="literal">allow</tt> configuration
+option. The default course of action in the event that neither the
+<tt class="literal">hosts</tt> <tt class="literal">allow</tt> or
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> option is specified
+in <em class="filename">smb.conf</em> is to allow access from all sources.</p>
+
+<a name="samba2-CHP-6-NOTE-132"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>If you specify <tt class="literal">hosts allow</tt> in the
+<tt class="literal">[global]</tt> section, that definition will override
+any <tt class="literal">hosts allow</tt> lines in the share definitions.
+This is the opposite of the usual behavior, which is for parameters
+set in share definitions to override default values set in the
+<tt class="literal">[global]</tt> section.<a name="INDEX-78"/></p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-6.1.2"/>
+
+<h3 class="head3">hosts deny</h3>
+
+<p>The <tt class="literal">hosts</tt> <tt class="literal">deny</tt> option
+(synonymous with <tt class="literal">deny</tt> <tt class="literal">hosts</tt>)
+specifies client systems that do not have permission to access a
+share, written as a comma- or space-separated list of hostnames or
+their IP addresses. Use the same format for specifying clients as the
+<tt class="literal">hosts</tt> <tt class="literal">allow</tt> option earlier. For
+example, to restrict access to the server from everywhere but
+<tt class="literal">example.com</tt>, you could write:</p>
+
+<blockquote><pre class="code">hosts deny = ALL EXCEPT .example.com</pre></blockquote>
+
+<p>There is no default value for the <tt class="literal">hosts</tt>
+<tt class="literal">deny</tt> configuration option, although the default
+course of action in the event that neither option is specified is to
+allow access from all sources. Also, if you specify this option in
+the <tt class="literal">[global]</tt> section of the configuration file, it
+will override any <tt class="literal">hosts</tt> <tt class="literal">deny</tt>
+options defined in shares. If you wish to deny access to specific
+shares, omit both the <tt class="literal">hosts</tt>
+<tt class="literal">allow</tt> and <tt class="literal">hosts</tt>
+<tt class="literal">deny</tt> options from the <tt class="literal">[global]</tt>
+section of the configuration file.</p>
+
+<a name="samba2-CHP-6-NOTE-133"/><blockquote class="note"><h4 class="objtitle">NOTE</h4>
+<p>Never include the loopback address (<tt class="literal">localhost</tt> at
+IP address 127.0.0.1) in the <tt class="literal">hosts deny</tt> list. The
+<em class="filename">smbpasswd</em> program needs to connect through the
+loopback address to the Samba server as a client to change a
+user's encrypted password. If the loopback address
+is disabled, the locally generated packets requesting the change of
+the encrypted password will be discarded by Samba.</p>
+
+
+<p>In addition, both local browsing propagation and some functions of
+SWAT require access to the Samba server through the loopback address
+and will not work correctly if this address is disabled.
+<a name="INDEX-79"/></p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-6.1.3"/>
+
+<h3 class="head3">interfaces</h3>
+
+<p>The <tt class="literal">interfaces</tt><a name="INDEX-80"/> option specifies the
+networks that you want the Samba server to recognize and respond to.
+This option is handy if you have a computer that resides on more than
+one network subnet. If this option is not set, Samba searches for the
+primary network interface of the server (typically the first Ethernet
+card) upon startup and configures itself to operate on only that
+subnet. If the server is configured for more than one subnet and you
+do not specify this option, Samba will only work on the first subnet
+it encounters. You must use this option to force Samba to serve the
+other subnets on your network.</p>
+
+<p>The value of this option is one or more sets of IP address/netmask
+pairs, as in the following:</p>
+
+<blockquote><pre class="code">interfaces = 192.168.220.100/255.255.255.0 192.168.210.30/255.255.255.0</pre></blockquote>
+
+<p>You can optionally specify a
+<a name="INDEX-81"/><a name="INDEX-82"/>CIDR format bitmask, like this:</p>
+
+<blockquote><pre class="code">interfaces = 192.168.220.100/24 192.168.210.30/24</pre></blockquote>
+
+<p>The number after the slash specifies the number of bits that will be
+set in the netmask. For example, the number 24 means that the first
+24 (of 32) bits will be set in the bitmask, which is the same as
+specifying 255.255.255.0 as the netmask. Likewise, 16 would be
+equivalent to a netmask of 255.255.0.0, and 8 would be the same as a
+netmask of 255.0.0.0.</p>
+<a name="samba2-CHP-6-NOTE-135"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>This option might not work correctly if you are using DHCP.</p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-6.1.4"/>
+
+<h3 class="head3">bind interfaces only</h3>
+
+<p>The <tt class="literal">bind</tt><a name="INDEX-83"/>
+<tt class="literal">interfaces</tt> <tt class="literal">only</tt> option can be
+used to force the <em class="emphasis">smbd</em> and
+<em class="emphasis">nmbd</em> processes to respond only to those
+addresses specified by the <tt class="literal">interfaces</tt> option. The
+<em class="emphasis">nmbd</em> process normally binds to the all-addresses
+interface (0.0.0.0.) on ports 137 and 138, allowing it to receive
+broadcasts from anywhere. However, you can override this behavior
+with the following:</p>
+
+<blockquote><pre class="code">bind interfaces only = yes</pre></blockquote>
+
+<p>This will cause Samba to ignore any packets (including broadcast
+packets) whose source address does not correspond to any of the
+network interfaces specified by the <tt class="literal">interfaces</tt>
+option. You should avoid using this option if you want to allow
+temporary network connections, such as those created through SLIP or
+PPP. It's very rare that this option is needed, and
+it should be used only by experts.</p>
+
+<a name="samba2-CHP-6-NOTE-136"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>If you set <tt class="literal">bind interfaces only</tt> to <tt class="literal">yes</tt>
+, add the <a name="INDEX-84"/><a name="INDEX-85"/><a name="INDEX-86"/>local host
+address (127.0.01) to the
+&quot;interfaces&quot; list. Otherwise,
+<em class="emphasis">smbpasswd</em> will be unable to connect to the
+server using its default mode in order to change a password, local
+browse list propagation will fail, and some functions of swat will
+not work properly. <a name="INDEX-87"/><a name="INDEX-88"/></p>
+</blockquote>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-6-SECT-7"/>
+
+<h2 class="head1">Virtual Servers</h2>
+
+<p><a name="INDEX-89"/>Virtual
+servers can be used to create the illusion of having multiple servers
+on the network, when in reality there is only one. The technique is
+simple to implement: a system simply registers more than one NetBIOS
+name in association with its IP address. There are tangible benefits
+to doing this.</p>
+
+<p>For example, the accounting department might have an
+<tt class="literal">accounting</tt> server, and clients of it would see
+just the accounting disks and printers. The marketing department
+could have its own server, <tt class="literal">marketing</tt>, with its own
+reports, and so on. However, all the services would be provided by
+one medium-size Unix server (and one relaxed administrator) instead
+of having one small server per department.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-7.1"/>
+
+<h3 class="head2">Virtual Server Configuration Options</h3>
+
+<p><a name="INDEX-90"/><a name="INDEX-91"/>Samba will allow a server to use more
+than one NetBIOS name with the <tt class="literal">netbios</tt>
+<tt class="literal">aliases</tt> option. See <a href="ch06.html#samba2-CHP-6-TABLE-7">Table 6-7</a>.</p>
+
+<a name="samba2-CHP-6-TABLE-7"/><h4 class="head4">Table 6-7. Virtual server configuration options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">netbios</tt> <tt class="literal">aliases</tt></p>
+</td>
+<td>
+<p>string (list of NetBIOS names)</p>
+</td>
+<td>
+<p>Additional NetBIOS names to respond to, for use with multiple
+&quot;virtual&quot; Samba servers</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-7.1.1"/>
+
+<h3 class="head3">netbios aliases</h3>
+
+<p>The <tt class="literal">netbios</tt><a name="INDEX-92"/>
+<tt class="literal">aliases</tt> option can be used to give the Samba
+server more than one NetBIOS name. Each NetBIOS name listed as a
+value will be displayed in the Network Neighborhood of Windows
+clients. When a connection is requested to any of the servers, it
+will connect to the same Samba server.</p>
+
+<p>This might come in handy, for example, if you're
+transferring three departments' data to a single
+Unix server with larger and faster disks and are retiring or
+reallocating the old Windows NT/2000 servers. If the three servers
+are called <tt class="literal">sales</tt>, <tt class="literal">accounting</tt>,
+and <tt class="literal">admin</tt>, you can have Samba represent all three
+servers with the following options:</p>
+
+<blockquote><pre class="code">[global]
+ netbios aliases = sales accounting admin
+ include = /usr/local/samba/lib/smb.conf.%L</pre></blockquote>
+
+<p>See <a href="ch06.html#samba2-CHP-6-FIG-5">Figure 6-5</a> for what the Network Neighborhood
+would display from a client. When a client attempts to connect to
+Samba, it will specify the name of the server to which
+it's trying to connect, which is made available in
+the configuration file through the <tt class="literal">%L</tt> variable. If
+the requested server is <tt class="literal">sales</tt>, Samba will include
+the file <em class="filename">/usr/local/samba/lib/smb.conf.sales</em>.
+This file might contain global and share declarations exclusively for
+the sales team, such as the following:</p>
+
+<blockquote><pre class="code">[global]
+ workgroup = SALES
+ hosts allow = 192.168.10.255
+
+[sales2003]
+ path = /usr/local/samba/sales/sales2003/
+...</pre></blockquote>
+
+<p>This particular example would set the workgroup to SALES as well and
+set the IP address to allow connections only from the SALES subnet
+(192.168.10). In addition, it would offer shares specific to the
+sales department.</p>
+
+<div class="figure"><a name="samba2-CHP-6-FIG-5"/><img src="figs/sam2_0605.gif"/></div><h4 class="head4">Figure 6-5. Using NetBIOS aliases for a Samba server</h4>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-6-SECT-8"/>
+
+<h2 class="head1">Logging Configuration Options</h2>
+
+<p><a name="INDEX-93"/><a name="INDEX-94"/>Occasionally,
+we need to find out what Samba is up to. This is especially true when
+Samba is performing an unexpected action or is not performing at all.
+To find out this information, we need to check
+Samba's log files to see exactly why it did what it
+did.</p>
+
+<p>Samba <a name="INDEX-95"/>log files
+can be as brief or verbose as you like. Here is an example of what a
+Samba log file looks like:</p>
+
+<blockquote><pre class="code">[2002/07/21 13:23:25, 3] smbd/service.c:close_cnum(514)
+ maya (172.16.1.6) closed connection to service IPC$
+[2002/07/21 13:23:25, 3] smbd/connection.c:yield_connection(40)
+ Yielding connection to IPC$
+[2002/07/21 13:23:25, 3] smbd/process.c:process_smb(615)
+ Transaction 923 of length 49
+[2002/07/21 13:23:25, 3] smbd/process.c:switch_message(448)
+ switch message SMBread (pid 467)
+[2002/07/21 13:23:25, 3] lib/doscalls.c:dos_ChDir(336)
+ dos_ChDir to /home/samba
+[2002/07/21 13:23:25, 3] smbd/reply.c:reply_read(2199)
+ read fnum=4207 num=2820 nread=2820
+[2002/07/21 13:23:25, 3] smbd/process.c:process_smb(615)
+ Transaction 924 of length 55
+[2002/07/21 13:23:25, 3] smbd/process.c:switch_message(448)
+ switch message SMBreadbraw (pid 467)
+[2002/07/21 13:23:25, 3] smbd/reply.c:reply_readbraw(2053)
+ readbraw fnum=4207 start=130820 max=1276 min=0 nread=1276
+[2002/07/21 13:23:25, 3] smbd/process.c:process_smb(615)
+ Transaction 925 of length 55
+[2002/07/21 13:23:25, 3] smbd/process.c:switch_message(448)
+ switch message SMBreadbraw (pid 467)</pre></blockquote>
+
+<p>Much of this information is of use only to Samba programmers.
+However, we will go over the meaning of some of these entries in more
+detail in <a href="ch12.html">Chapter 12</a>.</p>
+
+<p>Samba contains six options that allow users to describe how and where
+logging information should be written. Each of these are global
+options and cannot appear inside a share definition. Here is an
+example of some logging options that we are adding to our
+configuration file:</p>
+
+<blockquote><pre class="code">[global]
+ log level = 2
+ log file = /var/log/samba.log.%m
+ max log size = 50
+ debug timestamp = yes</pre></blockquote>
+
+<p>Here, we've added a custom log file that reports
+information up to debug level 2. This is a relatively light debugging
+level. The logging level ranges from 1 to 10, where level 1 provides
+only a small amount of information and level 10 provides a plethora
+of low-level information. Levels 2 or 3 will provide us with useful
+debugging information without wasting disk space on our server. In
+practice, you should avoid using log levels greater than 3 unless you
+are working on the Samba source code.</p>
+
+<p>The logging file is located in the <em class="filename">/var/log</em>
+directory thanks to the <tt class="literal">log</tt>
+<tt class="literal">file</tt> configuration option. However, we can use
+variable substitution to create log files specifically for individual
+users or clients, such as with the <tt class="literal">%m</tt> variable in
+the following line:</p>
+
+<blockquote><pre class="code">log file = /usr/local/logs/samba.log.%m</pre></blockquote>
+
+<p>Isolating the log messages can be invaluable in tracking down a
+network error if you know the problem is coming from a specific
+client system or user.</p>
+
+<p>We've added a precaution to the log files: no one
+log file can exceed 50 KB in size, as specified by the
+<tt class="literal">max</tt> <tt class="literal">log</tt> <tt class="literal">size</tt>
+option. If a log file exceeds this size, the contents are moved to a
+file with the same name but with the suffix <em class="emphasis">.old</em>
+appended. If the <em class="emphasis">.old</em> file already exists, it is
+overwritten and its contents are lost. The original file is cleared,
+waiting to receive new logging information. This prevents the hard
+drive from being overwhelmed with Samba log files during the life of
+the Samba daemons.</p>
+
+<p>We have decided to write the timestamps of the messages in the logs
+with the <tt class="literal">debug</tt> <tt class="literal">timestamp</tt>
+option, which is the default behavior. This will place a timestamp in
+each message written to the logging file. If we were not interested
+in this information, we could specify <tt class="literal">no</tt> for this
+option instead.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-8.1"/>
+
+<h3 class="head2">Using syslog</h3>
+
+<p>If you wish to use the system logger
+(<a name="INDEX-96"/>syslog<em class="filename">
+</em>) in addition to or in place of the standard Samba logging
+file, Samba provides options for this as well. However, to use
+syslog, the first thing you will have to do is make sure that Samba
+was built with the <tt class="literal">configure</tt>
+<tt class="literal">--with-syslog</tt> option. See <a href="ch02.html">Chapter 2</a> for more information on configuring and
+compiling Samba. See <a href="appe.html">Appendix E</a> for more
+information about the <tt class="literal">--with-syslog</tt> option.</p>
+
+<p>Once that is done, you will need to configure your
+<em class="filename">/etc/syslog.conf</em><a name="INDEX-97"/> to accept logging information from Samba.
+If there is not already a <tt class="literal">daemon.*</tt> entry in the
+<em class="filename">/etc/syslog.conf</em> file, add the following:</p>
+
+<blockquote><pre class="code">daemon.* /var/log/daemon.log</pre></blockquote>
+
+<p>This specifies that any logging information from system daemons will
+be stored in the <em class="filename">/var/log/daemon.log</em> file. This
+is where the Samba information will be stored as well. From there,
+you can set a value for the <tt class="literal">syslog</tt> parameter in
+your Samba configuration file to specify which logging messages are
+to be sent to syslog. Only messages that have debug levels lower than
+the value of the <tt class="literal">syslog</tt> parameter will be sent to
+syslog. For example, setting the following:</p>
+
+<blockquote><pre class="code">syslog = 3</pre></blockquote>
+
+<p>specifies that any logging messages with a level of 2 or below will
+be sent to both syslog and the Samba logging files. (The mappings to
+<em class="filename">syslog</em> priorities are described in the upcoming
+section &quot;syslog.&quot;) To continue the
+example, let's assume that we have set the
+<tt class="literal">log</tt> <tt class="literal">level</tt> option to 4. Logging
+messages with levels of 2 and 1 will be sent to both syslog and the
+Samba logging files, and messages with a level of 3 or 4 will be sent
+to the Samba logging files, but not to syslog. If the
+<tt class="literal">syslog</tt> value exceeds the <tt class="literal">log</tt>
+<tt class="literal">level</tt> value, nothing will be sent to syslog.</p>
+
+<p>If you want to specify that messages be sent only to syslog&mdash;and
+not to the standard Samba logging files&mdash;you can place this
+option in the configuration file:</p>
+
+<blockquote><pre class="code">syslog only = yes</pre></blockquote>
+
+<p>If this is the case, any logging information above the number
+specified in the <tt class="literal">syslog</tt> option will be discarded,
+as with the <tt class="literal">log</tt> <tt class="literal">level</tt> option.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-6-SECT-8.2"/>
+
+<h3 class="head2">Logging Configuration Options</h3>
+
+<p><a href="ch06.html#samba2-CHP-6-TABLE-8">Table 6-8</a> lists each logging configuration option
+that Samba can use.</p>
+
+<a name="samba2-CHP-6-TABLE-8"/><h4 class="head4">Table 6-8. Logging configuration options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">log file</tt></p>
+</td>
+<td>
+<p>string (name of file)</p>
+</td>
+<td>
+<p>Name of the log file that Samba is to use. Works with all variables.</p>
+</td>
+<td>
+<p>Specified in Samba makefile</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">log level</tt></p>
+
+<p><tt class="literal">(debug level)</tt></p>
+</td>
+<td>
+<p>numeric (0-10)</p>
+</td>
+<td>
+<p>Amount of log/debug messages that are sent to the log file. 0 is
+none; 3 is considerable.</p>
+</td>
+<td>
+<p><tt class="literal">1</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">max log size</tt></p>
+</td>
+<td>
+<p>numeric (size in KB)</p>
+</td>
+<td>
+<p>Maximum size of log file.</p>
+</td>
+<td>
+<p><tt class="literal">5000</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">debug timestamp</tt> <tt class="literal">(timestamp logs)</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">no</tt>, doesn't timestamp logs,
+making them easier to read during heavy debugging.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">syslog</tt></p>
+</td>
+<td>
+<p>numeric (0-10)</p>
+</td>
+<td>
+<p>Level of messages sent to <em class="emphasis">syslog</em>. Those levels
+below <tt class="literal">syslog</tt> <tt class="literal">level</tt> will be sent
+to the system logger.</p>
+</td>
+<td>
+<p><tt class="literal">1</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">syslog only</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, uses <em class="emphasis">syslog</em> entirely
+and sends no output to the Samba log files.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.1"/>
+
+<h3 class="head3">log file</h3>
+
+<p>By default, Samba writes log information to text files in the
+<em class="filename">/usr/local/samba/var</em> directory. The
+<tt class="literal">log</tt><a name="INDEX-98"/> <tt class="literal">file</tt> option can be
+used to set the name of the log file to another location. For
+example, to put the Samba log information in
+<em class="filename">/usr/local/logs/samba.log</em>, you could use the
+following:</p>
+
+<blockquote><pre class="code">[global]
+ log file = /usr/local/logs/samba.log</pre></blockquote>
+
+<p>You can use variable substitution to create log files specifically
+for individual users or clients.</p>
+
+<p>You can override the default log file location using the
+<em class="emphasis">-l</em> command-line switch when either daemon is
+started. However, this does not override the <tt class="literal">log</tt>
+<tt class="literal">file</tt> option. If you do specify this parameter,
+initial logging information will be sent to the file specified after
+<em class="emphasis">-l</em> (or the default specified in the Samba
+makefile) until the daemons have processed the
+<em class="filename">smb.conf</em> file and know to redirect it to a new
+log file.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.2"/>
+
+<h3 class="head3">log level</h3>
+
+<p>The <tt class="literal">log</tt><a name="INDEX-99"/> <tt class="literal">level</tt> option
+sets the amount of data to be logged. Normally this is set to 0 or 1.
+However, if you have a specific problem, you might want to set it at
+3, which provides the most useful debugging information you would
+need to track down a problem. Levels above 3 provide information
+that's primarily for the developers to use for
+chasing internal bugs, and it slows down the server considerably.
+Therefore, we recommend that for normal day-to-day operation, you
+avoid setting this option to anything above 3.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.3"/>
+
+<h3 class="head3">max log size</h3>
+
+<p>The <tt class="literal">max</tt><a name="INDEX-100"/> <tt class="literal">log</tt>
+<tt class="literal">size</tt> option sets the maximum size, in kilobytes,
+of the debugging log file that Samba keeps. When the log file exceeds
+this size, the current log file is renamed to add a
+<em class="filename">.old</em> extension (erasing any previous file with
+that name) and a new debugging log file is started with the original
+name. For example:</p>
+
+<blockquote><pre class="code">[global]
+ log file = /usr/local/logs/samba.log.%m
+ max log size = 1000</pre></blockquote>
+
+<p>Here, if the size of any log file exceeds 1MB, Samba renames the log
+file <em class="emphasis">samba.log</em>.
+<em class="replaceable">machine-name</em><em class="emphasis">.old</em>,
+and a new log file is generated. If there is already a file with the
+<em class="emphasis">.old</em> extension, Samba deletes it. We highly
+recommend setting this option in your configuration files because
+debug logging (even at lower levels) can quietly eat away at your
+available disk space. Using this option protects unwary
+administrators from suddenly discovering that most of the space on a
+disk or partition has been swallowed up by a single Samba log file.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.4"/>
+
+<h3 class="head3">debug timestamp or timestamp logs</h3>
+
+<p>If you happen to be debugging a network problem and you find that the
+timestamp information within the Samba log lines gets in the way, you
+can turn it off by giving either the
+<tt class="literal">timestamp</tt><a name="INDEX-101"/> <tt class="literal">logs</tt> or the
+synonymous <tt class="literal">debug</tt><a name="INDEX-102"/>
+<tt class="literal">timestamp</tt> option a value of <tt class="literal">no</tt>.
+For example, a regular Samba log file presents its output in the
+following form:</p>
+
+<blockquote><pre class="code">12/31/01 12:03:34 toltec (172.16.1.1) connect to server network as user jay</pre></blockquote>
+
+<p>With a <tt class="literal">no</tt> value for this option, the output would
+appear without the timestamp:</p>
+
+<blockquote><pre class="code">toltec (172.16.1.1) connect to server network as user jay</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.5"/>
+
+<h3 class="head3">syslog</h3>
+
+<p>The <tt class="literal">syslog</tt><a name="INDEX-103"/> option causes Samba log
+messages to be sent to the Unix system logger. The type of log
+information to be sent is specified as a numeric value. Like the
+<tt class="literal">log</tt> <tt class="literal">level</tt> option, it can be a
+number from 0 to 10. Logging information with a level less than the
+number specified will be sent to the system logger. Debug logs
+greater than or equal to the <tt class="literal">syslog</tt> level, but
+less than log level, will still be sent to the standard Samba log
+files. For example:</p>
+
+<blockquote><pre class="code">[global]
+ log level = 3
+ syslog = 1</pre></blockquote>
+
+<p>With this, all logging information with a level of 0 would be sent to
+the standard Samba logs and the system logger, while information with
+levels 1, 2, and 3 would be sent only to the standard Samba logs.
+Levels above 3 are not logged at all. All messages sent to the system
+logger are mapped to a priority level that the syslogd daemon
+understands, as shown in <a href="ch06.html#samba2-CHP-6-TABLE-9">Table 6-9</a>. The default
+level is 1.</p>
+
+<a name="samba2-CHP-6-TABLE-9"/><h4 class="head4">Table 6-9. syslog priority conversion</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Log level</p>
+</th>
+<th>
+<p>syslog priority</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>0</p>
+</td>
+<td>
+<p><tt class="literal">LOG_ERR</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>1</p>
+</td>
+<td>
+<p><tt class="literal">LOG_WARNING</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>2</p>
+</td>
+<td>
+<p><tt class="literal">LOG_NOTICE</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>3</p>
+</td>
+<td>
+<p><tt class="literal">LOG_INFO</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p>4 and above</p>
+</td>
+<td>
+<p><tt class="literal">LOG_DEBUG</tt></p>
+</td>
+</tr>
+
+</table>
+
+<p>If you wish to use <em class="emphasis">syslog</em>, you will have to run
+<tt class="literal">configure</tt> <tt class="literal">--with-syslog</tt> when
+compiling Samba, and you will need to configure your
+<em class="filename">/etc/syslog.conf</em> to suit. (See <a href="ch06.html#samba2-CHP-6-SECT-8.1">Section 6.8.1</a>, earlier in this chapter.)</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.6"/>
+
+<h3 class="head3">syslog only</h3>
+
+<p>The <tt class="literal">syslog</tt><a name="INDEX-104"/> <tt class="literal">only</tt> option
+tells Samba not to use its own logging files at all and to use only
+the system logger. To enable this, specify the following option in
+the global section of the Samba configuration file:</p>
+
+<a name="INDEX-105"/><a name="INDEX-106"/><a name="INDEX-107"/><blockquote><pre class="code">[global]
+ syslog only = yes</pre></blockquote>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> Depending on your system, this file might not
+be <em class="emphasis">/etc/printcap</em>. You can use the
+<em class="emphasis">testparm</em> command that comes with Samba to dump
+the parameter definitions and determine the value of the
+<tt class="literal">printcap</tt> <tt class="literal">name</tt> configuration
+option. The value assigned to it is the default value chosen when
+Samba was configured and compiled, which should be correct.</p>
+<a name="FOOTNOTE-2"/> <p><a href="#FNPTR-2">[2]</a> We are referring here to the window that
+opens when a printer icon in the Printers control panel is
+double-clicked.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html>
diff --git a/docs/htmldocs/using_samba/ch07.html b/docs/htmldocs/using_samba/ch07.html
new file mode 100644
index 00000000000..a6dc8d94b0d
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch07.html
@@ -0,0 +1,2139 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 7. Name Resolution and Browsing</h1>
+
+
+
+
+<p><a name="INDEX-1"/><em class="firstterm">Name
+resolution</em> is critical to Samba's
+operation because names are used to find the servers that share files
+or printers. <em class="firstterm">Browsing</em> takes the task of
+finding servers to a new level of sophistication by allowing a user
+to delve down into a hierarchy of networks, domains, hosts, and
+services offered by each server.</p>
+
+<p>While name resolution and
+<a name="INDEX-2"/>browsing are not
+difficult to configure, some complexity is introduced by the variety
+of available name-resolution systems. Historically, Unix and other
+TCP/IP users have moved from a flat hosts file to the Domain Name
+System, with the Network Information System being another popular
+choice. Meanwhile, Microsoft has moved from a broadcasting system to
+a simple, LAN-only name server called WINS and ultimately to DNS.</p>
+
+<p>The reason for going over that history is that all previous systems
+of name resolution are still in use today! Finding a host is so
+crucial to networking that sites want robust (if limited)
+name-resolution systems to fall back on in case the main system
+fails. Browsing is also complicated by the frequent need to show
+hosts in other subnets. This chapter shows you how to configure your
+network to handle name resolution and browsing any way you want.</p>
+
+<p>Some of the differences between Unix and Microsoft networking
+implementations are the result of fundamental design goals. Unix
+networking was originally designed largely to implement a relatively
+formal group of systems that were assumed to be small in number,
+well-maintained, and highly available, that have static IP addresses,
+and that wouldn't physically move around from place
+to place. Bringing a new server online was a labor-intensive task,
+but it did not have to be performed frequently. In contrast, Windows
+networking was originally developed as a peer-to-peer collection of
+small personal computers on a single subnet, having no centrally or
+hierarchically organized structure.</p>
+
+<p>SMB networking is dynamic. Computers are allowed to leave the network
+at any time, sometimes without warning, and also to join or rejoin
+the network at any time. Furthermore, any user in a Windows network
+can add a new shared resource to the network or remove a resource
+that he had previously added. The change in the
+network's configuration is handled automatically by
+the rest of the network without requiring a system administrator to
+take any action.</p>
+
+
+
+<div class="sect1"><a name="samba2-CHP-7-SECT-1"/>
+
+<h2 class="head1">Name Resolution</h2>
+
+<p>TCP/IP networks identify systems by IP addresses and always associate
+these addresses with more human-readable text names. In
+Microsoft's earliest networking implementations (for
+MS-DOS and Windows for Workgroups), the translation of names to
+network addresses was carried out in a manner that was very simple,
+yet very inefficient. When a system on the network needed an IP
+address corresponding to a name, it broadcasted the name to every
+other system on the network and waited for the system that owned the
+name to respond with its IP address.</p>
+
+<p>The main problem with performing <a name="INDEX-3"/>name resolution using broadcast
+packets is poor performance of the network as a whole, including CPU
+time consumed by each host on the network, which has to accept every
+broadcast packet and decide whether to respond to it. Also, broadcast
+packets usually aren't forwarded by routers,
+limiting name resolution to the local subnet.
+Microsoft's solution was to add WINS (Windows
+Internet Name Service) support to Windows NT so that the computers on
+the network can perform a direct query of the WINS server instead of
+using broadcast packets.</p>
+
+<p>Modern Windows clients use a variety of methods for translating
+hostnames into IP addresses. The exact method varies depending on the
+version of Windows the client is running, how the client is
+configured (i.e., whether DNS server and/or WINS server IP addresses
+are provided), and whether the application software is accessing the
+network through Microsoft's Winsock or TCP/IP API.
+In general, Windows uses some combination of the following
+methods:<a name="INDEX-4"/></p>
+
+<ul><li>
+<p>Looking up the name in its cache of recently resolved names</p>
+</li><li>
+<p>Querying DNS servers</p>
+</li><li>
+<p>Using the DNS <em class="filename">Hosts</em> file</p>
+</li><li>
+<p>Querying WINS servers</p>
+</li><li>
+<p>Using the WINS <em class="filename">LMHOSTS</em> file</p>
+</li><li>
+<p>Performing broadcast name resolution</p>
+</li></ul>
+<p>The first method is pretty much self-explanatory. A hostname is
+checked against a cache of hostnames that have been recently resolved
+to IP addresses. This helps to save time and network bandwidth for
+resolving names that are used frequently.</p>
+
+<p>When a Windows system is configured with the IP address of at least
+one <a name="INDEX-5"/>DNS server, it can use DNS to
+resolve fully qualified domain names, such as those for sites on the
+Internet. The DNS servers can be either Windows NT/2000 or Unix
+systems. You can learn more about DNS and DNS server configuration in
+the O'Reilly book <em class="citetitle">DNS and
+BIND</em>.</p>
+
+<p>In this chapter, we focus mainly on name resolution using WINS, which
+is supported by Samba with the <em class="emphasis">nmbd</em> daemon.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-1.1"/>
+
+<h3 class="head2">WINS Clients and Server Interaction</h3>
+
+<p>There are two types of interaction between a
+<a name="INDEX-6"/>WINS client and a server: the
+client keeps its own NetBIOS name<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> registered with the server and
+queries the server to get the IP address corresponding to the NetBIOS
+name of another system.</p>
+
+<p>When a WINS client joins the network, it registers its NetBIOS name
+with the WINS server, which stores it along with the
+client's IP address in the WINS database. This entry
+is marked <em class="firstterm">active</em>. The client is then expected
+to renew the registration of its name periodically (typically, every
+four days) to inform the server that it is still using the name. This
+period is called the <em class="firstterm">time to live</em>, or TTL.
+When the client leaves the network by being shut down gracefully, it
+informs the server, and the server marks the
+client's entry in its database as
+<em class="firstterm">released</em>.</p>
+
+<p>When a client leaves the network without telling the WINS server to
+release its name, the server waits until after it fails to receive
+the expected registration renewal from the client and then marks the
+entry as released.</p>
+
+<p>In either case, the released name is available for use by other
+clients joining the network. It might persist in the released state
+in the WINS database, and if it is not reregistered, the entry will
+eventually be deleted.</p>
+
+<p>More information on WINS can be found in the Microsoft white paper
+<em class="citetitle">Windows Internet Naming Service (WINS) Architecture and
+Capacity Planning</em><a name="INDEX-7"/>. It can be downloaded from the
+Microsoft web site at <a href="http://www.microsoft.com">http://www.microsoft.com</a>.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-1.2"/>
+
+<h3 class="head2">The lmhosts File</h3>
+
+<p>In <a href="ch03.html">Chapter 3</a> we showed you how to configure
+Windows systems to use the
+<em class="filename">LMHOSTS</em><a name="INDEX-8"/>
+file as an alternative to the WINS server for name resolution. Samba
+also can use an <em class="filename">LMHOSTS</em> file, which by default
+is <em class="filename">/usr/local/samba/lib/lmhosts</em>.
+Samba's <em class="filename">lmhosts</em> is the same
+format as the Windows version. A simple <em class="filename">lmhosts</em>
+file might look like this:</p>
+
+<blockquote><pre class="code">172.16.1.1 toltec
+172.16.1.6 maya</pre></blockquote>
+
+<p>The names on the right side of the entries are NetBIOS names, so you
+can assign resource types to them and add additional entries for
+computers:</p>
+
+<blockquote><pre class="code">172.16.1.1 toltec#20
+172.16.1.1 metran#1b
+172.16.1.6 maya#20</pre></blockquote>
+
+<p>Here, we've made <tt class="literal">toltec</tt> the
+primary domain controller of the <tt class="literal">METRAN</tt> domain on
+the second line. This line starts with
+<tt class="literal">toltec</tt>'s IP address, followed by
+the name metran and the resource type &lt;1B&gt;. The other lines are
+entries for <tt class="literal">toltec</tt> and <tt class="literal">maya</tt> as
+standard workstations.</p>
+
+<p>If you wish to place an <em class="emphasis">lmhosts</em> file somewhere
+other than the default location, you will need to notify the
+<em class="emphasis">nmbd</em> process upon startup using the
+<em class="emphasis">-H</em> option, followed by the name of your
+<em class="filename">lmhosts</em> file, as follows:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>nmbd -H /etc/samba/lmhosts -D</b></tt></pre></blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-1.3"/>
+
+<h3 class="head2">Configuring Name Resolution for the Samba Suite</h3>
+
+<p>Various daemons and tools in the Samba suite need to perform
+<a name="INDEX-9"/>name resolution. You can define the
+order in which the programs try each name-resolution method through
+the <tt class="literal">name</tt><a name="INDEX-10"/><a name="INDEX-11"/>
+<tt class="literal">resolve</tt> <tt class="literal">order</tt> parameter, like
+this:</p>
+
+<blockquote><pre class="code">[global]
+ name resolve order = wins lmhosts hosts bcast</pre></blockquote>
+
+<p>The string used to define the parameter can take up to four values:</p>
+
+<dl>
+<dt><b>lmhosts</b></dt>
+<dd>
+<p>Uses the Samba server's local
+<em class="filename">lmhosts</em> file</p>
+</dd>
+
+
+
+<dt><b>hosts</b></dt>
+<dd>
+<p>Uses the standard Unix name-resolution methods, which can be
+<em class="emphasis">/etc/hosts</em>, DNS, NIS, or a combination,
+depending on how the local system is configured</p>
+</dd>
+
+
+
+<dt><b>wins</b></dt>
+<dd>
+<p>Uses the WINS server</p>
+</dd>
+
+
+
+<dt><b>bcast</b></dt>
+<dd>
+<p>Uses the broadcast method</p>
+</dd>
+
+</dl>
+
+<p>The order in which they are specified is the order in which name
+resolution will be attempted. In our example, Samba will attempt to
+use its WINS server first for name resolution, followed by the
+<em class="emphasis">lmhosts</em> file on the local system. Next, the
+<tt class="literal">hosts</tt> value tells it to use Unix name-resolution
+methods. The word <tt class="literal">hosts</tt> can be misleading; it
+covers not only the <em class="filename">/etc/hosts</em> file, but also
+the use of DNS or NIS (as configured on the Unix host). Finally, if
+those three do not work, it will perform a broadcast name resolution.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-1.4"/>
+
+<h3 class="head2">Setting Up Samba as a WINS Server</h3>
+
+<p>You can set up Samba as a <a name="INDEX-12"/>WINS server by setting the
+<tt class="literal">wins</tt><a name="INDEX-13"/> <tt class="literal">support</tt>
+parameter in the configuration file, like this:</p>
+
+<blockquote><pre class="code">[global]
+ wins support = yes</pre></blockquote>
+
+<p>Believe it or not, that's all you need to do! The
+<tt class="literal">wins</tt> <tt class="literal">support</tt> option turns Samba
+into a WINS server. For most installations, Samba's
+default configuration is sufficient.</p>
+<a name="samba2-CHP-7-NOTE-137"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>Remember, Samba cannot communicate with Windows WINS servers. If you
+are using Samba as your WINS server, you must make sure not to allow
+any Windows systems or other Samba servers on your network to be
+configured as WINS servers. If you do, their WINS databases will not
+synchronize, resulting in inconsistent name resolution.</p>
+</blockquote>
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-1.4.1"/>
+
+<h3 class="head3">Configuring a DNS proxy</h3>
+
+<p>A Samba <a name="INDEX-14"/><a name="INDEX-15"/>WINS server can check with the
+system's DNS server if a requested host cannot be
+found in its WINS database. With a typical Linux system, for example,
+you can find the IP address of the DNS server by searching the
+<em class="filename">/etc/resolv.conf</em><a name="INDEX-16"/><a name="INDEX-17"/> file. In it, you might see an entry such
+as the following:</p>
+
+<blockquote><pre class="code">nameserver 127.0.0.1
+nameserver 172.16.1.192</pre></blockquote>
+
+<p>This tells us that the Linux system is configured to use a DNS server
+located at 172.16.1.192. (The 127.0.0.1 is the
+<tt class="literal">localhost</tt> address and is never a valid DNS server
+address.)</p>
+
+<p>Now it is a simple matter of using the
+<tt class="literal">dns</tt><a name="INDEX-18"/> <tt class="literal">proxy</tt> option to tell
+Samba to use the DNS server:</p>
+
+<blockquote><pre class="code">[global]
+ dns proxy = yes</pre></blockquote>
+
+<a name="samba2-CHP-7-NOTE-138"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Although this allows Windows clients to resolve fully qualified
+Internet domain names through the Samba WINS server, it will work
+only for domain names that fit within the 15-character limitation of
+NetBIOS names. For this reason, we recommend you use <tt class="literal">dns
+proxy</tt> only to act as a supplement to your WINS server,
+rather than as a replacement for a DNS server.</p>
+</blockquote>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-1.5"/>
+
+<h3 class="head2">Setting Up Samba to Use Another WINS Server</h3>
+
+<p>You can configure Samba to use a <a name="INDEX-19"/>WINS server somewhere else on the
+network by simply providing it with the IP address of the WINS
+server. This is done with the global
+<tt class="literal">wins</tt><a name="INDEX-20"/> <tt class="literal">server</tt>
+configuration option, as shown here:</p>
+
+<blockquote><pre class="code">[global]
+ wins server = 172.16.1.1</pre></blockquote>
+
+<p>With this option enabled, Samba will direct all WINS requests to the
+server located at 172.16.1.1. Note that because the request is
+directed at a single machine, we don't have to worry
+about any of the problems inherent in broadcasting. However, Samba
+will not necessarily use the WINS server before other forms of name
+resolution. The order in which Samba attempts various name-resolution
+techniques is given with the <tt class="literal">name</tt>
+<tt class="literal">resolve</tt> <tt class="literal">order</tt> configuration
+option, which we discussed earlier.</p>
+
+<p>The <tt class="literal">wins</tt> <tt class="literal">support</tt> and the
+<tt class="literal">wins</tt> <tt class="literal">server</tt> parameters are
+mutually exclusive; you cannot simultaneously offer Samba as the WINS
+server and use another system as the server! Typically, one Samba
+server is set up as the WINS server using <tt class="literal">wins</tt>
+<tt class="literal">support</tt>, and all other Samba servers are
+configured with the <tt class="literal">wins</tt> <tt class="literal">server</tt>
+parameter pointing to the Samba WINS server.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-1.5.1"/>
+
+<h3 class="head3">Configuring a WINS proxy</h3>
+
+<p><a name="INDEX-21"/>If you have a Samba server on a
+subnet that doesn't have a WINS server, and the
+Samba server has been configured with a WINS server on another
+subnet, you can tell the Samba server to forward any name-resolution
+requests with the <tt class="literal">wins</tt><a name="INDEX-22"/>
+<tt class="literal">proxy</tt> option:</p>
+
+<blockquote><pre class="code">[global]
+ wins server = 172.16.200.12
+ wins proxy = yes</pre></blockquote>
+
+<p>Use this only in situations where the WINS server resides on another
+subnet. Otherwise, the broadcast will reach the WINS server
+regardless of any proxying.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-1.6"/>
+
+<h3 class="head2">Name-Resolution Configuration Options</h3>
+
+<p><a name="INDEX-23"/>Samba's <a name="INDEX-24"/>name-resolution options
+are shown in <a href="ch07.html#samba2-CHP-7-TABLE-1">Table 7-1</a>.</p>
+
+<a name="samba2-CHP-7-TABLE-1"/><h4 class="head4">Table 7-1. Name-resolution options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">wins support</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>If set to <tt class="literal">yes</tt>, allows Samba to act as a WINS server</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">wins server</tt></p>
+</td>
+<td>
+<p>string (IP address or DNS name)</p>
+</td>
+<td>
+<p>Identifies a WINS server for Samba to use for name registration and
+resolution</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">wins proxy</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>Allows Samba to act as a proxy to a WINS server on another subnet</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">wins hook</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>Command to run when the WINS database changes</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">dns proxy</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>If set to <tt class="literal">yes</tt>, allows a Samba WINS server to
+search DNS if it cannot find a name in WINS</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">name resolve</tt> <tt class="literal">order</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>The order of methods used to resolve NetBIOS names</p>
+</td>
+<td>
+<p><tt class="literal">lmhosts</tt> <tt class="literal">hosts wins bcast</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">max ttl</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Maximum TTL in seconds for a requested NetBIOS name</p>
+</td>
+<td>
+<p><tt class="literal">259200</tt> ( 3 days)</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">max wins ttl</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Maximum TTL in seconds for NetBIOS names given out by Samba as a WINS
+server</p>
+</td>
+<td>
+<p><tt class="literal">518400</tt> (6 days)</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">min wins ttl</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Minimum TTL in seconds for NetBIOS names given out by Samba as a WINS
+server</p>
+</td>
+<td>
+<p><tt class="literal">21600</tt> (6 hours)</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.1"/>
+
+<a name="INDEX-25"/><h3 class="head3">wins support</h3>
+
+<p>Samba will provide WINS name service to all machines in the network
+if you set the following in the <tt class="literal">[global]</tt> section
+of the <em class="filename">smb.conf</em> file:</p>
+
+<blockquote><pre class="code">[global]
+ wins support = yes</pre></blockquote>
+
+<p>The default value is <tt class="literal">no</tt>, which is typically used
+to allow a Windows NT/2000 server or another Samba server to be the
+WINS server. If you enable this option, remember that a Samba WINS
+server currently cannot exchange data with other WINS servers, so do
+not allow any other WINS servers on the network. When set to
+<tt class="literal">yes</tt>, this option is mutually exclusive with the
+<tt class="literal">wins</tt> <tt class="literal">server</tt> parameter.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.2"/>
+
+<a name="INDEX-26"/><h3 class="head3">wins server</h3>
+
+<p>Samba will use an existing WINS server on the network if you specify
+the <tt class="literal">wins</tt> <tt class="literal">server</tt> global option
+in your configuration file. The value of this option is either the IP
+address or DNS name (not NetBIOS name) of the WINS server. For
+example:</p>
+
+<blockquote><pre class="code">[global]
+ wins server = 172.16.220.110</pre></blockquote>
+
+<p>or:</p>
+
+<blockquote><pre class="code">[global]
+ wins server = wins.metran.cx</pre></blockquote>
+
+<p>For this option to work, the <tt class="literal">wins</tt>
+<tt class="literal">support</tt> option must be set to
+<tt class="literal">no</tt> (the default). Otherwise, Samba will report an
+error. You can specify only one WINS server using this option.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.3"/>
+
+<a name="INDEX-27"/><h3 class="head3">wins proxy</h3>
+
+<p>This option allows Samba to act as a proxy to another WINS server,
+and thus relay name registration and resolution requests from itself
+to the real WINS server, often outside the current subnet. The WINS
+server can be indicated through the <tt class="literal">wins</tt>
+<tt class="literal">server</tt> option. The proxy will then return the WINS
+response back to the client. You can enable this option by specifying
+the following in the <tt class="literal">[global]</tt> section:</p>
+
+<blockquote><pre class="code">[global]
+ wins proxy = yes</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.4"/>
+
+<a name="INDEX-28"/><h3 class="head3">wins hook</h3>
+
+<p>This option allows you to run a script or other program whenever the
+WINS database is modified. One application might be to set up another
+Samba server to act as a backup for another Samba WINS server. This
+is done by having the <tt class="literal">wins</tt> <tt class="literal">hook</tt>
+script call <em class="emphasis">rsync</em> to synchronize the WINS
+databases (<em class="filename">/usr/local/samba/var/locks/wins.dat</em>)
+on the two systems whenever an entry is added or deleted. The script
+would be specified in the Samba configuration file like this:</p>
+
+<blockquote><pre class="code">[global]
+ wins hook = /usr/local/bin/sync_wins</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.5"/>
+
+<a name="INDEX-29"/><h3 class="head3">dns proxy</h3>
+
+<p>If you want the DNS to be used if a NetBIOS name
+isn't found in WINS, you can set the following
+option:</p>
+
+<blockquote><pre class="code">[global]
+ dns proxy = yes</pre></blockquote>
+
+<p>This will permit <em class="filename">nmbd</em> to query the
+server's standard DNS. You might wish to deactivate
+this option if you do not have a permanent connection to your DNS
+server. This option should not be used in place of a DNS server on
+your network; it is intended for resolving NetBIOS names rather than
+fully qualified Internet domain names.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.6"/>
+
+<h3 class="head3">name resolve order</h3>
+
+<p>The global <tt class="literal">name</tt><a name="INDEX-30"/>
+<tt class="literal">resolve</tt> <tt class="literal">order</tt> option specifies
+the order of services that Samba will use in performing name
+resolution. The default order is to use the
+<em class="emphasis">lmhosts</em> file, followed by standard Unix
+name-resolution methods (some combination of
+<em class="filename">/etc/hosts</em>, DNS, and NIS), then to query a WINS
+server, and finally to use broadcasting to determine the address of a
+NetBIOS name. You can override this option by specifying something
+like the following:</p>
+
+<blockquote><pre class="code">[global]
+ name resolve order = lmhosts wins hosts bcast</pre></blockquote>
+
+<p>This causes resolution to use the <em class="emphasis">lmhosts</em> file
+first, followed by a query to a WINS server, the
+<em class="filename">/etc/hosts</em> file, and finally broadcasting. You
+need not use all four options. This option is covered in more detail
+in <a href="ch07.html#samba2-CHP-7-SECT-1.4">Section 7.1.4</a>,
+earlier in this chapter.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.7"/>
+
+<a name="INDEX-31"/><h3 class="head3">max ttl</h3>
+
+<p>This option is used when Samba is not acting as a WINS server but is
+using another system on the network for its WINS server. It sets the
+maximum T T L for NetBIOS names registered by the Samba server with
+the WINS server. You should never need to alter this value.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.8"/>
+
+<a name="INDEX-32"/><h3 class="head3">max wins ttl</h3>
+
+<p>This option is used when Samba is providing WINS name service, and it
+sets the maximum T T L for NetBIOS names registered with Samba. You
+should never need to change this value from its default.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.9"/>
+
+<a name="INDEX-33"/><h3 class="head3">min wins ttl</h3>
+
+<p>This option is used when Samba is providing WINS name service, and it
+sets the minimum T T L for NetBIOS names registered with Samba. You
+should never need to alter this value from its default. <a name="INDEX-34"/> <a name="INDEX-35"/> <a name="INDEX-36"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-7-SECT-2"/>
+
+<h2 class="head1">Browsing</h2>
+
+<p><a name="INDEX-37"/>Browsing
+was developed by Microsoft to help users find shared resources on the
+network. In a networked computing environment where users can add or
+remove shares at any time, it is important to have some automatic
+means of keeping track of the shared resources and allowing users to
+&quot;browse&quot; through them to find the
+ones they wish to use.</p>
+
+<p>Before browsing was added to SMB networking, when anyone added a new
+share, the people with whom they wished to share the data or printer
+would have to be informed of the share's UNC, using
+some relatively low-tech method such as speaking to them in person or
+over the phone, or sending email. Already, this was very inconvenient
+in large organizations. To further complicate matters, the users
+working on client computers had to type in the
+share's UNC to connect to it. The only way to get
+around typing in the share's UNC every time it was
+used was to map a network drive to it, and with a large number of
+shares on the network, this could easily get out of hand.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-2.1"/>
+
+<h3 class="head2">Browsing in a Windows Network</h3>
+
+<p><a name="INDEX-38"/>To keep things simple, we will
+first describe network browsing in a network that contains only
+Windows systems and then show you how to add a Samba server.</p>
+
+<p>The basic way browsing works is that one computer in the network
+takes on the role of the <em class="firstterm">master
+browser</em><a name="INDEX-39"/> (also
+called <em class="firstterm">local master
+browser</em><a name="INDEX-40"/>,<em class="firstterm"> browse
+master</em><a name="INDEX-41"/>, or
+<em class="firstterm">browse server</em><a name="INDEX-42"/>) and
+keeps a list of all the computers on the local subnet that are acting
+as SMB servers. The list of computers is called the <em class="firstterm">browse
+list</em><a name="INDEX-43"/> and includes all Samba servers, Windows
+NT/2000/XP systems, and any Windows 95/98/Me systems that have the
+&quot;File and printer sharing for Microsoft
+Networks&quot; networking component installed. The browse
+list also contains the names of all workgroups and domains. At this
+level, browsing is limited to the local subnet because the browsing
+protocol depends on broadcast packets, which are typically not
+forwarded to other subnets by routers.</p>
+
+<p>A user at any Windows system can view the browse list by opening up
+the Network Neighborhood (or My Network Places), as we showed you in
+<a href="ch01.html">Chapter 1</a>. Or, the <em class="emphasis">net
+view</em><a name="INDEX-44"/> command can be used from a Windows
+command prompt:</p>
+
+<blockquote><pre class="code">C:\&gt;<tt class="userinput"><b>net view</b></tt>
+Server Name Remark
+
+-------------------------------------------------------------------------------
+\\MAYA Windows 98
+\\MIXTEC Samba 2.2.5
+\\OLMEC Windows XP Pro on Pentium/ASUS
+\\TOLTEC Samba 2.2.5
+\\YAQUI Windows 95 on mixtec/VMware
+\\ZAPOTEC
+The command completed successfully.</pre></blockquote>
+
+<p>Then, <em class="emphasis">net view</em> can be used with a computer name
+as an argument to contact a server directly and list the resources it
+is sharing:</p>
+
+<blockquote><pre class="code">C:\&gt;<tt class="userinput"><b>net view \\maya</b></tt>
+Shared resources at \\maya
+
+Windows 98
+
+Share name Type Used as Comment
+
+-------------------------------------------------------------------------------
+D Disk
+E Disk
+HP Print
+The command completed successfully.</pre></blockquote>
+
+<p>The computers on the network involved in browsing are more than just
+the master browser and its clients. There are also backup browsers,
+which maintain copies of the browse list and respond to client
+requests for it. Backup browsers are therefore able to take over the
+role of master browser seamlessly in case it fails. The master
+browser usually doesn't serve the browse list
+directly to clients. Instead, its job is mainly to keep the master
+copy of the browse list up-to-date, and also periodically update the
+backup browsers. Clients are expected to get their copies of the
+browse list from backup browsers, selecting among them randomly to
+help to distribute the load on the backup browsers more evenly.
+Ideally, the interaction between any client and the master browser is
+limited to the client announcing when it joins or leaves the network
+(if it is a server) and requesting a list of backup browsers.</p>
+
+<p>There can be more than one <a name="INDEX-45"/>backup browser. A workgroup will have a
+backup browser if two or more computers are running Windows 95/98/Me
+or Windows NT Workstation (or another nonserver version of Windows
+NT/2000/XP) on the subnet. For every 32 additional computers, another
+backup browser is added.</p>
+
+<p>In a Windows NT domain, the <a name="INDEX-46"/>primary domain controller is
+always the local master browser, and if it fails, another Windows
+NT/2000 server (if one exists) will take over the role of local
+master browser. Other versions of Windows can function as backup
+browsers, but will never become a master browser if a Windows NT/2000
+server is available.</p>
+
+<p>In addition to acting as the local master browser, the primary domain
+controller also acts as the <em class="firstterm">domain master
+browser</em><a name="INDEX-47"/>, which ties subnets together and allows
+browse lists to be shared between master and backup browsers on
+separate subnets. This is how browsing is extended to function beyond
+the local subnet. Each subnet functions as a separate browsing
+entity, and the domain master browser synchronizes the master
+browsers of each subnet. In a Windows-only network, browsing cannot
+function across subnets unless a Windows NT/2000 PDC exists on the
+network. Samba can act as a domain master browser and can perform
+that task even in a workgroup network, which means that the Windows
+PDC is not required for this task. (It is also possible to use the
+<tt class="literal">remote</tt> <tt class="literal">browse</tt>
+<tt class="literal">sync</tt> parameter to configure a Samba server to
+synchronize its browse list with a Samba server on another subnet. In
+this case, each server must be acting as the local master browser of
+its subnet.)</p>
+
+<p>Unless it is configured never to act as a browser, each computer on
+the subnet is considered a <em class="firstterm">potential browser</em>
+and can be ordered by the browse master to become a backup browser,
+or it can identify itself as a backup browser and accept the role on
+its own.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-2.2"/>
+
+<h3 class="head2">Browser Elections</h3>
+
+<p><a name="INDEX-48"/>When no master browser is running on
+the subnet, potential browsers choose a new master browser among
+themselves in a process called an <em class="firstterm">election</em>. An
+election is started by a computer in the subnet when it discovers
+that no master browser is currently running. If a master browser is
+shut down gracefully, it will broadcast an election request datagram,
+initiating an election by the remaining computers. If the master
+browser fails, the election can be started by a client computer that
+requests a list of backup browsers from the master browser or by a
+backup browser that requests to have its browse list updated from the
+master browser. In each case, the system fails to receive a reply
+from the master browser and initiates the election.</p>
+
+<p>Browser elections are decided in multiple rounds of self-elimination.
+During each round, potential browsers broadcast election request
+datagrams containing their qualifications to notify other potential
+browsers that an election is happening and that if the recipient is
+more qualified, it should also broadcast a bid. When a potential
+browser receives an election request datagram from a more qualified
+opponent, it drops out, disqualifying itself from becoming the master
+browser. Otherwise, it responds with its own election request
+datagram. After a few rounds, only one potential browser is left in
+the election. After an additional four rounds of sending out an
+election request datagram and receiving no response, it becomes the
+master browser and sends a broadcast datagram announcing itself as
+the local master browser for the subnet. It then assigns runners-up
+in the election as backup browsers, as needed.</p>
+
+<p>A potential browser's qualifications include the
+following:</p>
+
+<ul><li>
+<p>Whether it has recently lost an election</p>
+</li><li>
+<p>The version of the election protocol it is running</p>
+</li><li>
+<p>Its election criteria</p>
+</li><li>
+<p>The amount of time the system has been up</p>
+</li><li>
+<p>The computer's NetBIOS name</p>
+</li></ul>
+<p>If the potential browser has lost an election recently, it
+immediately disqualifies itself. The version of the election protocol
+it is running is checked, but so far, all Windows systems (and Samba)
+use the same election protocol, so the check is not very meaningful.
+The election criteria are usually what determine which computer
+becomes the local master browser. There are two parts to the election
+criteria, shown in Tables <a href="ch07.html#samba2-CHP-7-TABLE-2">Table 7-2</a> and <a href="ch07.html#samba2-CHP-7-TABLE-3">Table 7-3</a>.</p>
+
+<a name="samba2-CHP-7-TABLE-2"/><h4 class="head4">Table 7-2. Operating-system values in an election</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Operating system</p>
+</th>
+<th>
+<p>Value</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>Windows NT/2000 Server, running as PDC</p>
+</td>
+<td>
+<p>32</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows NT/2000/XP, if not the PDC</p>
+</td>
+<td>
+<p>16</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows 95/98/Me</p>
+</td>
+<td>
+<p>1</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows for Workgroups</p>
+</td>
+<td>
+<p>1</p>
+</td>
+</tr>
+
+</table>
+
+<a name="samba2-CHP-7-TABLE-3"/><h4 class="head4">Table 7-3. Computer-role settings in an election</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Role</p>
+</th>
+<th>
+<p>Value</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>Domain master browser</p>
+</td>
+<td>
+<p>128</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>WINS client</p>
+</td>
+<td>
+<p>32</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Preferred master</p>
+</td>
+<td>
+<p>8</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Running master</p>
+</td>
+<td>
+<p>4</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Recent backup browser</p>
+</td>
+<td>
+<p>2</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Backup browser</p>
+</td>
+<td>
+<p>1</p>
+</td>
+</tr>
+
+</table>
+
+<p>The operating-system type is compared first, and the system with the
+highest value wins. The values have been chosen to cause the primary
+domain controller, if there is one, to become the local master
+browser. Otherwise, a Windows NT/2000/XP system will win over a
+Windows for Workgroups or Windows 95/98/Me system.</p>
+
+<p>When an operating-system type comparison results in a tie, the role
+of the computer is compared. A computer can have more than one of the
+values in <a href="ch07.html#samba2-CHP-7-TABLE-3">Table 7-3</a>, in which case the values are
+added.</p>
+
+<p>A domain master browser has a role value of 128 to weight the
+election so heavily in its favor that it will also become the local
+master browser on its own subnet. Although the primary domain
+controller (which is always the domain master browser) will win the
+election based solely on its operating system value, sometimes there
+is no primary domain controller on the network, and the domain master
+browser would not otherwise be distinguished from other potential
+browsers.</p>
+
+<p>Systems that are using a WINS server for name resolution are weighted
+heavily over ones that use broadcast name resolution with a role
+value of 32.</p>
+
+<p>A <em class="firstterm">preferred master</em> is a computer that has been
+selected and configured manually by a system administrator to be
+favored as the choice master browser. When a preferred master starts
+up, it forces a browser election, even if an existing master browser
+is still active. A preferred master has a role value of 8, and the
+existing master browser gets a value of 4.</p>
+
+<p>A backup browser that has recently been a master browser and still
+has an up-to-date browse list is given a role value of 2, and a
+potential browser that has been running as a backup browser gets a
+value of 1.</p>
+
+<p>If comparing the operating-system type and role results in a tie, the
+computer that has been running the longest wins. In the unlikely
+event that the two have been up for the same amount of time, the
+computer that wins is the one with the NetBIOS name that sorts first
+alphabetically.</p>
+
+<p>You can tell if a machine is a local master browser by using the
+Windows <em class="emphasis">nbtstat</em><a name="INDEX-49"/> command. Place the NetBIOS name of the
+machine you wish to check after the <em class="emphasis">-a</em> option:</p>
+
+<blockquote><pre class="code">C:\&gt;<tt class="userinput"><b>nbtstat -a toltec</b></tt>
+
+Local Area Connection:
+Node IpAddress: [172.16.1.4] Scope Id: []
+
+ NetBIOS Remote Machine Name Table
+
+ Name Type Status
+ ---------------------------------------------
+ TOLTEC &lt;00&gt; UNIQUE Registered
+ TOLTEC &lt;03&gt; UNIQUE Registered
+ TOLTEC &lt;20&gt; UNIQUE Registered
+ ..__MSBROWSE__.&lt;01&gt; GROUP Registered
+ METRAN &lt;00&gt; GROUP Registered
+ METRAN &lt;1B&gt; UNIQUE Registered
+ METRAN &lt;1C&gt; GROUP Registered
+ METRAN &lt;1D&gt; UNIQUE Registered
+ METRAN &lt;1E&gt; GROUP Registered
+
+ MAC Address = 00-00-00-00-00-00</pre></blockquote>
+
+<p>The resource entry that you're looking for is
+<tt class="literal">.._ _MSBROWSE_ _.&lt;01&gt;</tt><a name="INDEX-50"/>. This indicates
+that the server is currently acting as the local master browser for
+the current subnet. If the machine is a Samba server, you can check
+the Samba <em class="filename">nmbd</em> log file for an entry such as:</p>
+
+<blockquote><pre class="code">nmbd/nmbd_become_lmb.c:become_local_master_stage2(406)
+*****
+Samba name server TOLTEC is now a local master browser for
+workgroup METRAN on subnet 172.16.1.0</pre></blockquote>
+
+<p>Or, you can use the
+<em class="emphasis">nmblookup</em><a name="INDEX-51"/> command with the
+<em class="emphasis">-M</em> option and the workgroup or domain name on
+any Samba server to find the IP address of the local master:</p>
+
+<a name="INDEX-52"/><blockquote><pre class="code">$ <tt class="userinput"><b>nmblookup -M metran</b></tt>
+querying metran on 172.16.1.255
+172.16.1.1 metran&lt;1d&gt;</pre></blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-2.3"/>
+
+<h3 class="head2">Server Announcements</h3>
+
+<p><a name="INDEX-53"/>After
+the master browser election is decided, each server on the network
+announces itself to the network to allow the master and backup
+browsers to build their browse lists. At first, the server
+announcements happen every minute, but the interval is gradually
+stretched out to every 12 minutes. When a server is shut down
+gracefully, it sends an announcement that it is going offline to
+allow the master and backup browsers to remove it from the browse
+list. However, when a server goes offline by crashing or by some
+other failure, the master browser notices its disappearance only
+because it stops receiving server announcements. The master browser
+waits for three of the server's announcement periods
+before deciding that it is offline, which can take up to 36 minutes.
+Because backup browsers have their browse lists updated from the
+master browser once every 15 minutes, it can take up to 51 minutes
+for clients to be informed of a failed server.</p>
+
+<p>For more detailed information on Microsoft's
+browsing protocols, consult the Microsoft documents
+<em class="citetitle">Browsing and Windows 95
+Networking</em><a name="INDEX-54"/> and
+<em class="citetitle">CIFS/E Browser Protocol</em>. You can find these by
+searching for the titles on the Microsoft web site at <a href="http://www.microsoft.com">http://www.microsoft.com</a>.</p>
+
+<p>More information on configuring Samba for browsing can be found in
+<em class="filename">BROWSING.txt</em><a name="INDEX-55"/> and
+<em class="filename">BROWSING-Config.txt</em> in the Samba
+distribution's <em class="filename">docs/textdocs</em>
+directory. <a name="INDEX-56"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-2.4"/>
+
+<h3 class="head2">Configuring Samba for Browsing</h3>
+
+<p><a name="INDEX-57"/><a name="INDEX-58"/><a name="INDEX-59"/>Samba has full support for browsing
+and can participate as a master browser, a backup browser, a domain
+master browser, a potential browser, or just a server that
+doesn't participate in browsing elections. If you
+want to make sure your Samba server never becomes a master or backup
+browser, simply set:</p>
+
+<a name="INDEX-60"/><blockquote><pre class="code">[global]
+ local master = no</pre></blockquote>
+
+<p>Usually, you will want Samba to be available as a local master or at
+least a backup browser. In the simplest case, you
+don't need to do anything because
+Samba's default is to participate in browsing
+elections with its operating system value set to 20, which will beat
+any Windows system less than a Windows NT/2000 primary domain
+controller (see <a href="ch07.html#samba2-CHP-7-TABLE-2">Table 7-2</a>). The operating-system
+value Samba reports for itself in browser elections can be set using
+the <tt class="literal">os</tt><a name="INDEX-61"/> <tt class="literal">level</tt>
+parameter:</p>
+
+<blockquote><pre class="code">[global]
+ os level = 33</pre></blockquote>
+
+<p>The preceding value will allow Samba to beat even a Windows 2000
+Advanced Server acting as a primary domain controller. As we show in
+the following section, though, forcing Samba to win this way is not
+recommended.</p>
+
+<p>If you want to allow a Windows XP Professional system to be the
+master browser, you would need to set Samba lower:</p>
+
+<blockquote><pre class="code">[global]
+ os level = 8</pre></blockquote>
+
+<p>The maximum value for <tt class="literal">os</tt> <tt class="literal">level</tt>
+is 255 because it is handled as an 8-bit unsigned integer. Supposing
+we wanted to make absolutely sure our Samba server will be the local
+master browser at all times, we might say:</p>
+
+<blockquote><pre class="code">[global]
+ local master = yes
+ os level = 255
+ preferred master = yes</pre></blockquote>
+
+<p>The addition of the
+<tt class="literal">preferred</tt><a name="INDEX-62"/>
+<tt class="literal">master</tt> parameter causes Samba to start a browser
+election as soon as it starts up, and the <tt class="literal">os</tt>
+<tt class="literal">level</tt> of 255 allows it to beat any other system on
+the network. This includes other Samba servers, assuming they are
+configured properly! If another server is using a similar
+configuration file (with <tt class="literal">os</tt>
+<tt class="literal">level</tt> <tt class="literal">=</tt> <tt class="literal">255</tt>
+and <tt class="literal">preferred</tt> <tt class="literal">master</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt>), the two will fight each
+other for the master browser role, winning elections based on minor
+criteria, such as uptime or their current role. To avoid this, other
+Samba servers should be set with a lower <tt class="literal">os</tt>
+<tt class="literal">level</tt> and not configured to be the preferred
+master.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-2.5"/>
+
+<h3 class="head2">Samba as the Domain Master Browser</h3>
+
+<p><a name="INDEX-63"/>Previously we mentioned that for a Windows
+workgroup or domain to extend into multiple subnets, one system would
+have to take the role of the domain master browser. The domain master
+browser propagates browse lists across each subnet in the workgroup.
+This works because each local master browser periodically
+synchronizes its browse list with the domain master browser. During
+this synchronization, the local master browser passes on the name of
+any server that the domain master browser does not have in its browse
+list, and vice versa. Each local master browser eventually holds the
+browse list for the entire domain.</p>
+
+<p>There is no election to determine which machine assumes the role of
+the domain master browser. Instead, the administrator has to set it
+manually. By Microsoft design, however, the domain master browser and
+the PDC both register a resource type of &lt;1B&gt;, so the
+roles&mdash;and the machines&mdash;are inseparable.</p>
+
+<p>If you have a Windows NT server on the network acting as a PDC, we
+recommend that you do not try to use Samba to become the domain
+master browser. The reverse is true as well: if Samba is taking on
+the responsibilities of a PDC, we recommend making it the domain
+master browser as well. Although it is possible to split the roles
+with Samba, this is not a good idea. Using two different machines to
+serve as the PDC and the domain master browser can cause random
+errors to occur in a Windows workgroup.</p>
+
+<p>Samba can assume the role of a domain master browser for all subnets
+in the workgroup with the following options:</p>
+
+<blockquote><pre class="code">[global]
+ domain master = yes
+ preferred master = yes
+ local master = yes
+ os level = 255</pre></blockquote>
+
+<p>The final three parameters ensure that the server is also the local
+master browser, which is vital for it to work properly as the domain
+master browser. You can verify that a Samba machine is in fact the
+<a name="INDEX-64"/>domain master browser by checking the
+<em class="emphasis">nmbd</em><a name="INDEX-65"/><a name="INDEX-66"/> log file:</p>
+
+<blockquote><pre class="code">nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118)
+*****
+Samba name server TOLTEC is now a domain master browser for
+workgroup METRAN on subnet 172.16.1.0</pre></blockquote>
+
+<p>Or you can use the
+<em class="emphasis">nmblookup</em><a name="INDEX-67"/> command that comes with the Samba
+distribution to query for a unique &lt;1B&gt; resource type in the
+workgroup:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>nmblookup METRAN#1B</b></tt>
+Sending queries to 172.16.1.255
+172.16.1.1 METRAN&lt;1b&gt;</pre></blockquote>
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.5.1"/>
+
+<h3 class="head3">Multiple subnets</h3>
+
+<p><a name="INDEX-68"/>You must
+remember three rules when creating a
+<a name="INDEX-69"/>workgroup/domain
+that spans more than one subnet:</p>
+
+<ul><li>
+<p>You must have either a Windows NT/2000 or Samba server acting as a
+local master browser on each subnet in the workgroup/domain.</p>
+</li><li>
+<p>You must have a Windows NT/2000 Server edition or a Samba server
+acting as a domain master browser somewhere in the workgroup/domain.</p>
+</li><li>
+<p>A WINS server should be on the network, with each system on the
+network configured to use it for name resolution.</p>
+</li></ul>
+<p>Samba has some additional features you can use if you
+don't have or want a domain master browser on your
+network and still need to have <a name="INDEX-70"/>cross-subnet browsing. Consider the
+subnets shown in <a href="ch07.html#samba2-CHP-7-FIG-1">Figure 7-1</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-7-FIG-1"/><a name="INDEX-71"/><a name="INDEX-72"/><img src="figs/sam2_0701.gif"/></div><h4 class="head4">Figure 7-1. Multiple subnets with Samba servers</h4>
+
+<p>First, a Samba server that is a local master browser can use the
+<tt class="literal">remote</tt><a name="INDEX-73"/> <tt class="literal">announce</tt>
+configuration option to make sure that computers in different subnets
+are sent broadcast announcements about the server. This has the
+effect of ensuring that the Samba server appears in the browse lists
+of foreign subnets. To achieve this, however, the directed broadcasts
+must reach the local master browser on the other subnet. Be aware
+that many routers do not allow directed broadcasts by default; you
+might have to change this setting on the router for the directed
+broadcasts to get through to its subnet.</p>
+
+<p>With the <tt class="literal">remote</tt> <tt class="literal">announce</tt>
+option, list the subnets and the workgroup that should receive the
+broadcast. For example, to ensure that machines in the 172.16.2 and
+172.16.3 subnets and the METRAN workgroup are sent broadcast
+information from our Samba server, we could specify the following:</p>
+
+<blockquote><pre class="code">[global]
+ remote announce = 172.16.2.255/METRAN \
+ 172.16.3.255/METRAN</pre></blockquote>
+
+<p>Instead of supplying a broadcast address of the remote subnet, you
+are allowed to specify the exact address where broadcasts should be
+sent if the local master browser on the foreign subnet is guaranteed
+to always have the same IP address.</p>
+
+<p>A Samba local master browser can synchronize its browse list directly
+with one or more Samba servers, each acting as a local master browser
+on a different subnet. This is another way to implement browsing
+across subnets. For example, let's assume that Samba
+is configured as a local master browser, and Samba local master
+browsers exist at 172.16.2.130 and 172.16.3.120. We can use the
+<tt class="literal">remote</tt> <tt class="literal">browse</tt>
+<tt class="literal">sync</tt> option to sync directly with the Samba
+servers, as follows:</p>
+
+<blockquote><pre class="code">[global]
+ remote browse sync = 172.16.2.130 172.16.3.120</pre></blockquote>
+
+<p>For this to work, the other Samba machines must also be local master
+browsers. You can also use directed broadcasts with this option if
+you do not know specific IP addresses of local master browsers.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-2.6"/>
+
+<h3 class="head2">Making a Share Invisible</h3>
+
+<p><a name="INDEX-74"/><a name="INDEX-75"/><a name="INDEX-76"/>You can keep a share from being in the
+browse list by using the
+<tt class="literal">browsable</tt><a name="INDEX-77"/> option. This Boolean option
+prevents a share from being seen in the Network Neighborhood or My
+Network Places. For example, to prevent the <tt class="literal">[data]</tt>
+share from being visible, we could write:</p>
+
+<blockquote><pre class="code">[data]
+ path = /export/samba/userdata
+ browsable = no</pre></blockquote>
+
+<p>Although you typically don't want to do this to an
+ordinary disk share, the <tt class="literal">browsable</tt> option is
+useful in the event that you need to create a share with contents
+that you do not want others to see, such as a
+<tt class="literal">[netlogon]</tt><a name="INDEX-78"/> share for storing logon scripts
+for Windows domain control (see <a href="ch04.html">Chapter 4</a> for more
+information on logon scripts).</p>
+
+<p>Another example is the
+<tt class="literal">[homes]</tt><a name="INDEX-79"/> share. This share is often marked
+nonbrowsable so that a share named <tt class="literal">[homes]</tt>
+won't appear when its machine's
+resources are browsed. However, if a user <tt class="literal">alice</tt>
+logs on and looks at the machine's shares, an
+<tt class="literal">[alice]</tt> share will appear under the machine.</p>
+
+<p>What if we wanted to make sure
+<tt class="literal">alice</tt>'s share appeared to
+everyone before she logs on? This could be done with the global
+<tt class="literal">auto</tt><a name="INDEX-80"/> <tt class="literal">services</tt>
+option. This option preloads shares into the browse list to ensure
+that they are always visible:</p>
+
+<blockquote><pre class="code">[global]
+ auto services = alice</pre></blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-7-SECT-2.7"/>
+
+<h3 class="head2">Browsing Options</h3>
+
+<p><a href="ch07.html#samba2-CHP-7-TABLE-4">Table 7-4</a> <a name="INDEX-81"/><a name="INDEX-82"/>shows
+options that define how Samba handles browsing tasks.</p>
+
+<a name="samba2-CHP-7-TABLE-4"/><h4 class="head4">Table 7-4. Browsing configuration options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">announce as</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>Operating system that Samba will announce itself as.</p>
+</td>
+<td>
+<p><tt class="literal">N T Server</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">announce</tt> <tt class="literal">version</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Version of the operating system that Samba will announce itself as.</p>
+</td>
+<td>
+<p><tt class="literal">4.5</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">browsable</tt> <tt class="literal">(browseable)</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Allows share to be displayed in list of machine resources.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">browse list</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, allows Samba to provide a browse list on
+this server.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">auto services</tt> <tt class="literal">(preload)</tt></p>
+</td>
+<td>
+<p>string (share list)</p>
+</td>
+<td>
+<p>List of shares that will always appear in the browse list.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">default</tt> <tt class="literal">service (default)</tt></p>
+</td>
+<td>
+<p>string (share name)</p>
+</td>
+<td>
+<p>Name of a share (service) that will be provided if the client
+requests a share not listed in <em class="emphasis">smb.conf</em>.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">local master</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, allows Samba to participate in browsing
+elections.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lm announce</tt></p>
+</td>
+<td>
+<p><tt class="literal">yes</tt>, <tt class="literal">no</tt>, or
+<tt class="literal">auto</tt></p>
+</td>
+<td>
+<p>Enables or disables LAN Manager-style host announcements.</p>
+</td>
+<td>
+<p><tt class="literal">auto</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lm interval</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Frequency in seconds that LAN Manager announcements will be made if
+activated.</p>
+</td>
+<td>
+<p><tt class="literal">60</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">preferred</tt> <tt class="literal">master (prefered
+master)</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, allows Samba to use the preferred master
+browser bit to attempt to become the local master browser.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">domain master</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, allows Samba to become the domain browser
+master for the workgroup or domain.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">os level</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Operating system level of Samba in an election for local master
+browser.</p>
+</td>
+<td>
+<p><tt class="literal">0</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">remote browse</tt> <tt class="literal">sync</tt></p>
+</td>
+<td>
+<p>string (list of IP addresses)</p>
+</td>
+<td>
+<p>Samba servers to synchronize browse lists with.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">remote</tt> <tt class="literal">announce</tt></p>
+</td>
+<td>
+<p>string (IP address/workgroup pairs)</p>
+</td>
+<td>
+<p>Subnets and workgroups to send directed broadcast packets to,
+allowing Samba to appear in their browse lists.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.1"/>
+
+<a name="INDEX-83"/><h3 class="head3">announce as</h3>
+
+<p>This global configuration option specifies the type of operating
+system that Samba announces to other machines on the network. The
+default value for this option is <tt class="literal">N T</tt>
+<tt class="literal">Server</tt>, which causes Samba to masquerade as a
+Windows NT Server operating system. Other possible values are
+<tt class="literal">NT</tt>, <tt class="literal">NT</tt>
+<tt class="literal">Workstation</tt>, <tt class="literal">Win95</tt>, and
+<tt class="literal">W f W</tt> for a Windows for Workgroup operating
+system. You can override the default value with the following:</p>
+
+<blockquote><pre class="code">[global]
+ announce as = Win95</pre></blockquote>
+
+<p>We recommend against changing the default value of this configuration
+option.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.2"/>
+
+<a name="INDEX-84"/><h3 class="head3">announce version</h3>
+
+<p>This global option is frequently used with the
+<tt class="literal">announce</tt> <tt class="literal">as</tt> configuration
+option; it specifies the version of the operating system that Samba
+announces to other machines on the network. The default value of this
+option is 4.5, which places Samba above Windows NT Version 4.0, but
+below Windows 2000. You can specify a new value with a global entry
+such as the following:</p>
+
+<blockquote><pre class="code">[global]
+ announce version = 4.3</pre></blockquote>
+
+<p>We recommend against changing the default value of this configuration
+option.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.3"/>
+
+<h3 class="head3">browsable</h3>
+
+<p>The <tt class="literal">browsable</tt><a name="INDEX-85"/> option (also spelled
+<tt class="literal">browseable</tt>) indicates whether the share referenced
+should appear in the list of available resources for the system on
+which it resides. This option is always set to <tt class="literal">yes</tt>
+by default. If you wish to prevent the share from being seen in a
+client's browser, you can reset this option to
+<tt class="literal">no</tt>.</p>
+
+<p>Note that this does not prevent someone from accessing the share
+using other means, such as specifying a UNC location (e.g.,
+<tt class="literal">\\server\accounting)</tt> in Windows Explorer. It only
+prevents the share from being listed under the
+system's resources when being browsed.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.4"/>
+
+<a name="INDEX-86"/><h3 class="head3">browse list</h3>
+
+<p>You should never need to change this parameter from its default value
+of <tt class="literal">yes</tt>. If your Samba server is acting as a local
+master browser (i.e., it has won the browsing election), you can use
+the global <tt class="literal">browse</tt> <tt class="literal">list</tt> option
+to instruct Samba to provide or withhold its browse list to all
+clients. By default, Samba always provides a browse list. You can
+withhold this information by specifying the following:</p>
+
+<blockquote><pre class="code">[global]
+ browse list = no</pre></blockquote>
+
+<p>If you disable the browse list, clients cannot browse the names of
+other machines, their services, and other domains currently available
+on the network. Note that this won't make any
+particular machine inaccessible; if someone knows a valid machine
+name/address and a share on that machine, he can still connect to it
+explicitly using the Windows <em class="emphasis">net use</em> command or
+by mapping a drive letter to it using Windows Explorer. It simply
+prevents information in the browse list from being retrieved by any
+client that requests it.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.5"/>
+
+<h3 class="head3">auto services</h3>
+
+<p>The global <tt class="literal">auto</tt><a name="INDEX-87"/>
+<tt class="literal">services</tt> option, which is also called
+<tt class="literal">preload</tt> <a name="INDEX-88"/>, ensures that the specified
+shares are always visible in the browse list. One common use for this
+option is to advertise specific user or printer shares that are
+created by the <tt class="literal">[homes]</tt> or
+<tt class="literal">[printers]</tt> shares, but are not otherwise
+browsable.</p>
+
+<p>This option works best with disk shares. If you wish to force each of
+your system printers (i.e., those listed in the printer capabilities
+file) to appear in the browse list, we recommend using the
+<tt class="literal">load</tt> <tt class="literal">printers</tt> option instead.</p>
+
+<p>Shares listed with the <tt class="literal">auto</tt>
+<tt class="literal">services</tt> option will not be displayed if the
+<tt class="literal">browse</tt> <tt class="literal">list</tt> option is set to
+<tt class="literal">no</tt>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.6"/>
+
+<h3 class="head3">default service</h3>
+
+<p>The global <tt class="literal">default</tt><a name="INDEX-89"/>
+<tt class="literal">service</tt> option (sometimes called
+<tt class="literal">default</tt>) names a
+&quot;last-ditch&quot; share. The value is
+set to an existing share name without the enclosing brackets. When a
+client requests a nonexistent disk or printer share, Samba will
+attempt to connect the user to the share specified by this option
+instead. The option is specified as follows:</p>
+
+<blockquote><pre class="code">[global]
+ default service = helpshare</pre></blockquote>
+
+<p>When Samba redirects the requested, nonexistent service to the
+service specified by <tt class="literal">default</tt>
+<tt class="literal">service</tt>, the <tt class="literal">%S</tt> option takes on
+the value of the requested service, with any underscores (
+<tt class="literal">_</tt> ) in the requested service replaced by forward slashes
+(<tt class="literal">/</tt>).</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.7"/>
+
+<a name="INDEX-90"/><h3 class="head3">local master</h3>
+
+<p>This global option specifies whether Samba will attempt to become the
+local master browser for the subnet when it starts up. If this option
+is set to <tt class="literal">yes</tt>, Samba will participate in
+elections. However, setting this option by itself does not guarantee
+victory. (Other parameters, such as <tt class="literal">preferred</tt>
+<tt class="literal">master</tt> and <tt class="literal">os</tt>
+<tt class="literal">level</tt>, help Samba win browsing elections.) If this
+option is set to <tt class="literal">no</tt>, Samba will lose all browsing
+elections, regardless of which values are specified by the other
+configuration options. The default value is <tt class="literal">yes</tt>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.8"/>
+
+<h3 class="head3">lm announce</h3>
+
+<p>The global <tt class="literal">lm</tt><a name="INDEX-91"/>
+<tt class="literal">announce</tt> option tells Samba's
+<em class="emphasis">nmbd</em> whether to send <a name="INDEX-92"/>LAN Manager host
+announcements on behalf of the server. These host announcements might
+be required by older clients, such as IBM's OS/2
+operating system. This announcement allows the server to be added to
+the browse lists of the client. If activated, Samba will announce
+itself repetitively at the number of seconds specified by the
+<tt class="literal">lm</tt> <tt class="literal">interval</tt> option.</p>
+
+<p>You can specify the option as follows:</p>
+
+<blockquote><pre class="code">[global]
+ lm announce = yes</pre></blockquote>
+
+<p>This configuration option takes the standard Boolean values,
+<tt class="literal">yes</tt> and <tt class="literal">no</tt>, which enable or
+disable LAN Manager announcements, respectively. In addition, a third
+option, <tt class="literal">auto</tt>, causes <em class="emphasis">nmbd</em> to
+listen passively for LAN Manager announcements, but not to send any
+of its own initially. If LAN Manager announcements are detected for
+another machine on the network, <em class="emphasis">nmbd</em> will start
+sending its own LAN Manager announcements to ensure that it is
+visible. The default value is <tt class="literal">auto</tt>. You probably
+won't need to change this value from its default.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.9"/>
+
+<a name="INDEX-93"/><h3 class="head3">lm interval</h3>
+
+<p>This option, which is used in conjunction with <tt class="literal">lm</tt>
+<tt class="literal">announce</tt>, indicates the number of seconds
+<em class="emphasis">nmbd</em> will wait before repeatedly broadcasting
+LAN Manager-style announcements. LAN Manager announcements must be
+enabled for this option to work. The default value is 60 seconds. If
+you set this value to 0, Samba will not send any LAN Manager host
+announcements, regardless of the value of the <tt class="literal">lm</tt>
+<tt class="literal">announce</tt> option. You can reset the value of this
+option as follows:</p>
+
+<blockquote><pre class="code">[global]
+ lm interval = 90</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.10"/>
+
+<h3 class="head3">preferred master</h3>
+
+<p>The <tt class="literal">preferred</tt><a name="INDEX-94"/>
+<tt class="literal">master</tt> option requests that Samba set the
+preferred master bit when participating in an election. This gives
+the server a higher preferred status in the workgroup than other
+machines at the same operating-system level. If you are configuring
+your Samba machine to become the local master browser, it is wise to
+set the following value:</p>
+
+<blockquote><pre class="code">[global]
+ preferred master = yes</pre></blockquote>
+
+<p>Otherwise, you should leave it set to its default,
+<tt class="literal">no</tt>. If Samba is configured as a preferred master
+browser, it will force an election when it first comes online.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.11"/>
+
+<a name="INDEX-95"/><h3 class="head3">domain master</h3>
+
+<p>If Samba is the primary domain controller for your workgroup or NT
+domain, it should also be made the domain master browser. The domain
+master browser is a special machine that has the NetBIOS resource
+type &lt;1B&gt; and is used to propagate browse lists to and from
+each local master browser in individual subnets across the domain. To
+force Samba to become the <a name="INDEX-96"/>domain master browser, set the following in
+the <tt class="literal">[global]</tt> section of the
+<em class="filename">smb.conf</em>:</p>
+
+<blockquote><pre class="code">[global]
+ domain master = yes</pre></blockquote>
+
+<p>If you have a Windows NT server on the network acting as a primary
+domain controller (PDC), we recommend that you do not use Samba to
+become the domain master browser. The reverse is true as well: if
+Samba is taking on the responsibilities of a PDC, we recommend making
+it the domain master browser. Splitting the PDC and the domain master
+browser will cause unpredictable errors to occur on the network.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.12"/>
+
+<h3 class="head3">os level</h3>
+
+<p>The global <tt class="literal">os</tt><a name="INDEX-97"/> <tt class="literal">level</tt> option
+defines the operating-system value with which Samba will masquerade
+during a browser election. If you wish to have Samba win an election
+and become the master browser, set the <tt class="literal">os</tt>
+<tt class="literal">level</tt> higher than that of any other system on the
+subnet. The values are shown in <a href="ch07.html#samba2-CHP-7-TABLE-2">Table 7-2</a>. The
+default level is 20, which means that Samba will win elections
+against all versions of Windows, except Windows NT/2000 if it is
+operating as the PDC. If you wish Samba to win all elections, you can
+set its operating system value as follows:</p>
+
+<blockquote><pre class="code">[global]
+ os level = 255</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.13"/>
+
+<h3 class="head3">remote browse sync</h3>
+
+<p>The global <tt class="literal">remote</tt><a name="INDEX-98"/>
+<tt class="literal">browse</tt> <tt class="literal">sync</tt> option specifies
+that Samba should synchronize its browse lists with local master
+browsers in other subnets. However, the synchronization can occur
+only with other Samba servers and not with Windows computers. For
+example, if your Samba server were a master browser on the subnet
+172.16.235, and Samba local master browsers existed on other subnets
+located at 172.16.234.92 and 172.16.236.2, you would specify the
+following:</p>
+
+<blockquote><pre class="code">[global]
+ remote browse sync = 172.16.234.92 172.16.236.2</pre></blockquote>
+
+<p>The Samba server would then directly contact the other machines on
+the address list and synchronize browse lists. You can also say:</p>
+
+<blockquote><pre class="code">[global]
+ remote browse sync = 172.16.234.255 172.16.236.255</pre></blockquote>
+
+<p>This forces Samba to broadcast queries to determine the IP addresses
+of the local master browser on each subnet, with which it will then
+synchronize browse lists. This works, however, only if your router
+doesn't block directed broadcast requests ending in
+255.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.14"/>
+
+<h3 class="head3">remote announce</h3>
+
+<p>Samba servers are capable of providing browse lists to foreign
+subnets with the <tt class="literal">remote</tt><a name="INDEX-99"/>
+<tt class="literal">announce</tt> option. This is typically sent to the
+local master browser of the foreign subnet in question. However, if
+you do not know the address of the local master browser, you can do
+the following:</p>
+
+<blockquote><pre class="code">[global]
+ remote announce = 172.16.234.255/ACCOUNTING \
+ 172.16.236.255/ACCOUNTING</pre></blockquote>
+
+<p>With this, Samba will broadcast host announcements to all machines on
+subnets 172.16.234 and 172.16.236, which will hopefully reach the
+local master browser of the subnet.</p>
+
+<p>You can also specify exact IP addresses, if they are known, but this
+works only if the systems are guaranteed to maintain the role of
+master browser on their subnets. By appending a workgroup or domain
+name to the IP address, Samba announces that it is in that workgroup
+or domain. If this is left out, the workgroup set by the
+<tt class="literal">workgroup</tt> parameter is used. <a name="INDEX-100"/> <a name="INDEX-101"/><a name="INDEX-102"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> As we explained in
+<a href="ch01.html">Chapter 1</a>, a system can register under more than
+one NetBIOS name. We use the singular here only to keep our
+explanation simple.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html>
diff --git a/docs/htmldocs/using_samba/ch08.html b/docs/htmldocs/using_samba/ch08.html
new file mode 100644
index 00000000000..001a86a4a32
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch08.html
@@ -0,0 +1,3744 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 8. Advanced Disk Shares</h1>
+
+
+<p>This chapter continues our discussion of configuring Samba from <a href="ch06.html">Chapter 6</a>. We will cover some more advanced issues
+regarding the integration of Unix and Windows filesystems, including
+hidden files, Unix links, file permissions, name mangling, case
+sensitivity of filenames, file locking, opportunistic locking
+(oplocks), connection scripts, supporting Microsoft Dfs (Distributed
+filesystem) shares, and using NIS home directories.</p>
+
+
+<div class="sect1"><a name="samba2-CHP-8-SECT-1"/>
+
+<h2 class="head1">Filesystem Differences</h2>
+
+<p>One of the biggest issues for which Samba has to correct is the
+difference between Unix and Microsoft filesystems. This includes
+items such as handling symbolic links, hidden files, and dot files.
+In addition, file permissions can also be a headache if not properly
+accounted for.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-1.1"/>
+
+<h3 class="head2">Hiding and Vetoing Files</h3>
+
+<p><a name="INDEX-1"/><a name="INDEX-2"/>Sometimes you need to ensure that a user
+cannot see or access a file at all. Other times, you
+don't want to keep users from accessing a
+file&mdash;you just want to hide it when they view the contents of
+the directory. On Windows systems, an attribute of files allows them
+to be hidden from a folder listing. With Unix, the traditional way of
+hiding files in a directory is to use a <a name="INDEX-3"/><a name="INDEX-4"/>dot (.) as the first character in the
+filename. This prevents items such as configuration files from being
+seen when performing an ordinary <em class="emphasis">ls</em> command.
+Keeping a user from accessing a file at all, however, involves
+working with permissions on files and directories.</p>
+
+<p>The first option we should discuss is the Boolean
+<tt class="literal">hide</tt><a name="INDEX-5"/><a name="INDEX-6"/> <tt class="literal">dot</tt>
+<tt class="literal">files</tt>. When it is set to <tt class="literal">yes</tt>,
+Samba reports files beginning with a period (.) as having their
+hidden attribute set. If the user has chosen to show all hidden files
+while browsing (e.g., using the Folder Options menu item under the
+View menu in Windows 98), he will still be able to see the files,
+although his icons will appear
+&quot;ghosted,&quot; or slightly grayed-out.
+If the client is configured not to show hidden files, the files will
+not appear at all.</p>
+
+<p>Instead of simply hiding files beginning with a dot, you can also
+specify a string pattern to Samba for files to hide, using the
+<tt class="literal">hide</tt><a name="INDEX-7"/> <tt class="literal">files</tt>
+option. For example, let's assume you specified the
+following in our example <tt class="literal">[data]</tt> share:</p>
+
+<blockquote><pre class="code">[data]
+ hide files = /*.java/*README*/</pre></blockquote>
+
+<p>Each entry for this option must begin, end, or be separated from
+another with a slash ( / ) character, even if only one pattern is
+listed. This convention allows spaces to appear in filenames. The
+slashes have nothing to do with Unix directories; they are instead
+acting as delimiters for the <tt class="literal">hide</tt>
+<tt class="literal">files</tt> values.</p>
+
+<p>If you want to prevent users from seeing files completely, you can
+instead use the <tt class="literal">veto</tt><a name="INDEX-8"/> <tt class="literal">files</tt>
+option. This option, which takes the same syntax as the
+<tt class="literal">hide</tt> <tt class="literal">files</tt> option, specifies a
+list of files that should never be seen by the user. For example,
+let's change the <tt class="literal">[data]</tt> share to
+the following:</p>
+
+<blockquote><pre class="code">[data]
+ veto files = /*.java/*README*/</pre></blockquote>
+
+<p>The syntax of this option is identical to the <tt class="literal">hide</tt>
+<tt class="literal">files</tt> configuration option: each entry must begin,
+end, or be separated from another with a slash (<tt class="literal">/</tt>)
+character, even if only one pattern is listed. If you do so, files
+that match the pattern, such as <em class="filename">hello.java</em> and
+<em class="filename">README.txt,</em> will simply disappear from the
+directory, and the user cannot access them through SMB.</p>
+
+<p><a name="INDEX-9"/>We need to address
+one other question. What happens if the user tries to delete a
+directory that contains vetoed files? This is where the
+<tt class="literal">delete</tt><a name="INDEX-10"/> <tt class="literal">veto</tt>
+<tt class="literal">files</tt> option comes in. If this Boolean option is
+set to <tt class="literal">yes</tt>, the user can delete both the regular
+files and the vetoed files in the directory, and the directory itself
+is removed. If the option is set to <tt class="literal">no</tt>, the user
+cannot delete the vetoed files, and consequently the directory is not
+deleted either. From the user's perspective, the
+directory appears empty, but cannot be removed.</p>
+
+<p>The <tt class="literal">dont</tt><a name="INDEX-11"/> <tt class="literal">descend</tt>
+directive specifies a list of directories whose contents Samba should
+not make visible. Note that we say <em class="emphasis">contents</em>, not
+the directory itself. Users can enter a directory marked as such, but
+they are prohibited from descending the directory tree any
+farther&mdash;they always see an empty folder. For example,
+let's use this option with a more basic form of the
+share that we defined earlier in the chapter:</p>
+
+<blockquote><pre class="code">[data]
+ dont descend = config defaults</pre></blockquote>
+
+<p>In addition, let's assume that the
+<em class="filename">/home/samba/data</em> directory has the following
+contents:</p>
+
+<blockquote><pre class="code">drwxr-xr-x 6 tom users 1024 Jun 13 09:24 .
+drwxr-xr-x 8 root root 1024 Jun 10 17:53 ..
+-rw-r--r-- 2 tom users 1024 Jun 9 11:43 README
+drwxr-xr-x 3 tom users 1024 Jun 13 09:28 config
+drwxr-xr-x 3 tom users 1024 Jun 13 09:28 defaults
+drwxr-xr-x 3 tom users 1024 Jun 13 09:28 market</pre></blockquote>
+
+<p>If the user then connects to the share, she would see the directories
+in the share. However, the contents of the
+<em class="filename">/config</em> and <em class="filename">/defaults</em>
+directories would appear empty to her, even if other folders or files
+existed in them. In addition, users cannot write any data to the
+folder (which prevents them from creating a file or folder with the
+same name as one that is already there but invisible). If a user
+attempts to do so, she will receive an &quot;Access
+Denied&quot; message. The <tt class="literal">dont</tt>
+<tt class="literal">descend</tt> option is an administrative
+option&mdash;not a security option&mdash;and is not a substitute for
+good file permissions. <a name="INDEX-12"/><a name="INDEX-13"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-1.2"/>
+
+<h3 class="head2">Links</h3>
+
+<p><a name="INDEX-14"/>When a client
+tries to open a symbolic link on a Samba server share, Samba attempts
+to follow the link to find the real file and let the client open it,
+as if the user were on a Unix machine. If you don't
+want to allow this, set the <tt class="literal">follow</tt>
+<tt class="literal">symlinks</tt> option like this:</p>
+
+<blockquote><pre class="code">[data]
+ follow symlinks = no</pre></blockquote>
+
+<p>You can test this by setting up and trying to access a symbolic link.
+Create a directory on the Unix server inside the share, acting as the
+user under which you will log in to Samba. Enter the following
+commands:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>echo &quot;This is a test&quot; &gt;hello.txt</b></tt>
+$ <tt class="userinput"><b>ln -s hello.txt hello-link.txt</b></tt></pre></blockquote>
+
+<p>This results in the text file <em class="filename">hello.txt</em> and a
+symbolic link to it called <em class="filename">hello-link.txt</em>.
+Normally, if you double-click either one, you will receive a file
+that has the text &quot;This is a test&quot;
+inside of it. However, with the <tt class="literal">follow</tt>
+<tt class="literal">symlinks</tt><a name="INDEX-15"/> option set to
+<tt class="literal">no</tt>, you will receive an error dialog if you
+double-click <em class="filename">hello-link.txt</em>.</p>
+
+<p>The <tt class="literal">wide</tt><a name="INDEX-16"/> <tt class="literal">links</tt>
+option, if set to <tt class="literal">no</tt>, prevents the client user
+from following symbolic links that point outside the shared directory
+tree. For example, let's assume that we modified the
+<tt class="literal">[data]</tt> share as follows:</p>
+
+<blockquote><pre class="code">[data]
+ follow symlinks = yes
+ wide links = no</pre></blockquote>
+
+<p>As long as the <tt class="literal">follow</tt><a name="INDEX-17"/>
+<tt class="literal">symlinks</tt> option is disabled, Samba will refuse to
+follow any symbolic links outside the current share tree. If we
+create a file outside the share (for example, in
+someone's home directory) and then create a link to
+it in the share as follows:</p>
+
+<blockquote><pre class="code">ln -s ~tom/datafile ./datafile</pre></blockquote>
+
+<p>the client cannot open the file in Tom's home
+directory.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-1.3"/>
+
+<h3 class="head2">Filesystem Options</h3>
+
+<p><a href="ch08.html#samba2-CHP-8-TABLE-1">Table 8-1</a> <a name="INDEX-18"/><a name="INDEX-19"/>shows a breakdown of the options we
+discussed earlier. We recommend the defaults for most, except those
+listed in the following descriptions.</p>
+
+<a name="samba2-CHP-8-TABLE-1"/><h4 class="head4">Table 8-1. Filesystem configuration options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">dont descend</tt></p>
+</td>
+<td>
+<p>string (list of directories)</p>
+</td>
+<td>
+<p>Indicates a list of directories whose contents Samba should make
+invisible to clients.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">follow</tt> <tt class="literal">symlinks</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If set to <tt class="literal">no</tt>, will not honor symbolic links.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">getwd cache</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If set to <tt class="literal">yes</tt>, will use a cache for
+<tt class="literal">getwd( )</tt> calls.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">wide links</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If set to <tt class="literal">yes</tt>, will follow symbolic links outside
+the share.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">hide dot files</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If set to <tt class="literal">yes</tt>, treats Unix hidden files as hidden
+files in Windows.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">hide files</tt></p>
+</td>
+<td>
+<p>string (list of files)</p>
+</td>
+<td>
+<p>List of file patterns to treat as hidden.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">veto files</tt></p>
+</td>
+<td>
+<p>string (list of files)</p>
+</td>
+<td>
+<p>List of file patterns to never show.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">delete veto</tt> <tt class="literal">files</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If set to <tt class="literal">yes</tt>, will delete files matched by
+<tt class="literal">veto files</tt> when the directory they reside in is
+deleted.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-1.3.1"/>
+
+<h3 class="head3">dont descend</h3>
+
+<p>The <tt class="literal">dont</tt><a name="INDEX-20"/> <tt class="literal">descend</tt>
+option can be used to specify various directories that should appear
+empty to the client. Note that the directory itself will still
+appear. However, Samba will not show any of the contents of the
+directory to the client user. This is not a good option to use as a
+security feature; it is really meant only as a convenience to keep
+users from casually browsing into directories that might have
+sensitive files. See our example earlier in this section.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-1.3.2"/>
+
+<a name="INDEX-21"/><h3 class="head3">follow symlinks</h3>
+
+<p>This option controls whether Samba will follow a symbolic link in the
+Unix operating system to the target or if it should return an error
+to the client user. If the option is set to <tt class="literal">yes</tt>,
+the target of the link will be interpreted as the file. If set to
+<tt class="literal">no</tt>, an error will be generated if the symbolic
+link is accessed.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-1.3.3"/>
+
+<a name="INDEX-22"/><h3 class="head3">getwd cache</h3>
+
+<p>This global option specifies whether Samba should use a local cache
+for the Unix <em class="emphasis">getwd( )</em> ( get current working
+directory) system call. You can override the default value of
+<tt class="literal">yes</tt> as follows:</p>
+
+<blockquote><pre class="code">[global]
+ getwd cache = no</pre></blockquote>
+
+<p>Setting this option to <tt class="literal">no</tt> can significantly
+increase the time it takes to resolve the working directory,
+especially if the <tt class="literal">wide</tt> <tt class="literal">links</tt>
+option is set to <tt class="literal">no</tt>. You should normally not need
+to alter this option.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-1.3.4"/>
+
+<a name="INDEX-23"/><h3 class="head3">wide links</h3>
+
+<p>This option specifies whether the client user can follow symbolic
+links that point outside the shared directory tree. This includes any
+files or directories at the other end of the link, as long as the
+permissions are correct for the user. The default value for this
+option is <tt class="literal">yes</tt>. Note that this option will not be
+honored if the <tt class="literal">follow</tt> <tt class="literal">symlinks</tt>
+options is set to <tt class="literal">no</tt>. Setting this option to
+<tt class="literal">no</tt> slows <em class="emphasis">smbd</em> considerably
+because it will have to check each link it encounters.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-1.3.5"/>
+
+<h3 class="head3">hide dot files</h3>
+
+<p>The <tt class="literal">hide</tt><a name="INDEX-24"/><a name="INDEX-25"/> <tt class="literal">dot</tt>
+<tt class="literal">files</tt> option hides any files on the server that
+begin with a dot (.) character to mimic the functionality behind
+several shell commands that are present on Unix systems. Like
+<tt class="literal">hide</tt> <tt class="literal">files</tt>, those files that
+begin with a dot have the DOS hidden attribute set, which
+doesn't guarantee that a client cannot view them.
+The default value for this option is <tt class="literal">yes</tt>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-1.3.6"/>
+
+<h3 class="head3">hide files</h3>
+
+<p>The <tt class="literal">hide</tt><a name="INDEX-26"/> <tt class="literal">files</tt> option
+provides one or more directory or filename patterns to Samba. Any
+file matching this pattern will be treated as a hidden file from the
+perspective of the client. Note that this simply means that the DOS
+hidden attribute is set, which might or might not mean that the user
+can actually see it while browsing.</p>
+
+<p>Each entry in the list must begin, end, or be separated from another
+entry with a slash (<tt class="literal">/</tt>) character, even if only one
+pattern is listed. This allows spaces to appear in the list.
+Asterisks can be used as a wildcard to represent zero or more
+characters. Questions marks can be used to represent exactly one
+character. For example:</p>
+
+<blockquote><pre class="code">hide files = /.jav*/README.???/</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-1.3.7"/>
+
+<a name="INDEX-27"/><h3 class="head3">veto files</h3>
+
+<p>More stringent than the hidden files state is the state provided by
+the <tt class="literal">veto</tt> <tt class="literal">files</tt> configuration
+option. Samba won't even admit these files exist.
+You cannot list or open them from the client. This should not be used
+as a means of implementing security. It is actually a mechanism to
+keep PC programs from deleting special files, such as ones used to
+store the resource fork of a Macintosh file on a Unix filesystem. If
+both Windows and Macs are sharing the same files, this can prevent
+ill-advised power users from removing files the Mac users need.</p>
+
+<p>The syntax of this option is identical to that of the
+<tt class="literal">hide</tt> <tt class="literal">files</tt> configuration
+option: each entry must begin, end, or be separated from another with
+a slash ( / ) character, even if only one pattern is listed.
+Asterisks can be used as a wildcard to represent zero or more
+characters. Question marks can be used to represent exactly one
+character. For example:</p>
+
+<blockquote><pre class="code">veto files = /*config/*default?/</pre></blockquote>
+
+<p>This option is primarily administrative and is not a substitute for
+good file permissions.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-1.3.8"/>
+
+<a name="INDEX-28"/><h3 class="head3">delete veto files</h3>
+
+<p>This option tells Samba to delete vetoed files when a user attempts
+to delete the directory in which they reside. The default value is
+<tt class="literal">no</tt>. This means that if a user tries to delete a
+directory that contains a vetoed file, the file (and the directory)
+will not be deleted. Instead, the directory remains and appears empty
+from the perspective of the user. If set to <tt class="literal">yes</tt>,
+the directory and the vetoed files will be deleted. <a name="INDEX-29"/><a name="INDEX-30"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-8-SECT-2"/>
+
+<h2 class="head1">File Permissions and Attributes on MS-DOS and Unix</h2>
+
+<p><a name="INDEX-31"/><a name="INDEX-32"/><a name="INDEX-33"/>Originally, DOS was not intended to be a
+multiuser, networked operating system. Unix, on the other hand, was
+designed for multiple users from the start. Consequently, Samba must
+not only be aware of, but also provide special solutions for,
+inconsistencies and gaps in coverage between the two filesystems. One
+of the biggest gaps is how Unix and DOS handle permissions on files.</p>
+
+<p>Let's take a look at how Unix assigns permissions.
+All Unix files have read, write, and execute bits for three
+classifications of users: owner, group, and world. These permissions
+can be seen at the extreme lefthand side when an <em class="emphasis">ls
+-al</em> command is issued in a Unix directory. For example:</p>
+
+<blockquote><pre class="code">-rwxr--r-- 1 tom users 2014 Apr 13 14:11 access.conf</pre></blockquote>
+
+<p>Windows, on the other hand, has four principal bits that it uses with
+any file: read-only, system, hidden, and archive. You can view these
+bits by right-clicking the file and choosing the Properties menu
+item. You should see a dialog similar to <a href="ch08.html#samba2-CHP-8-FIG-1">Figure 8-1</a>.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a></p>
+
+<div class="figure"><a name="samba2-CHP-8-FIG-1"/><img src="figs/sam2_0801.gif"/></div><h4 class="head4">Figure 8-1. DOS and Windows file properties</h4>
+
+<p>The definition of each bit follows:</p>
+
+<dl>
+<dt><b>Read-only</b></dt>
+<dd>
+<p>The file's contents can be read by a user but cannot
+be written to.</p>
+</dd>
+
+
+
+<dt><b>System</b></dt>
+<dd>
+<p>This file has a specific purpose required by the operating system.</p>
+</dd>
+
+
+
+<dt><b>Hidden</b></dt>
+<dd>
+<p>This file has been marked to be invisible to the user, unless the
+operating system is explicitly set to show it.</p>
+</dd>
+
+
+
+<dt><b>Archive</b></dt>
+<dd>
+<p>This file has been touched since the last DOS backup was performed on
+it.</p>
+</dd>
+
+</dl>
+
+<p>Note that there is no bit to specify that a file is executable. DOS
+and Windows NT filesystems identify executable files by giving them
+the extensions <em class="filename">.exe</em>, <em class="filename">.com</em>,
+<em class="filename">.cmd</em>, or <em class="filename">.bat</em>.</p>
+
+<p>Consequently, there is no use for any of the three Unix executable
+bits that are present on a file in a Samba disk share. DOS files,
+however, have their own attributes that need to be preserved when
+they are stored in a Unix environment: the archive, system, and
+hidden bits. Samba can preserve these bits by reusing the executable
+permission bits of the file on the Unix side&mdash;if it is
+instructed to do so. Mapping these bits, however, has an unfortunate
+side effect: if a Windows user stores a file in a Samba share, and
+you view it on Unix with the <em class="emphasis">ls -al</em> command,
+some of the executable bits won't mean what
+you'd expect them to.</p>
+
+<p>Three Samba options decide whether the bits are mapped:
+<tt class="literal">map</tt><a name="INDEX-34"/> <tt class="literal">archive</tt>,
+<tt class="literal">map</tt><a name="INDEX-35"/> <tt class="literal">system</tt> , and
+<tt class="literal">map</tt><a name="INDEX-36"/> <tt class="literal">hidden</tt>. These options
+map the archive, system, and hidden attributes to the owner, group,
+and world execute bits of the file, respectively. You can add these
+options to the <tt class="literal">[data]</tt> share, setting each of their
+values as follows:</p>
+
+<blockquote><pre class="code">[data]
+ map archive = yes
+ map system = yes
+ map hidden = yes</pre></blockquote>
+
+<p>After that, try creating a file in the share under Unix&mdash;such as
+<em class="emphasis">hello.java</em>&mdash;and change the permissions of
+the file to 755. With these Samba options set, you should be able to
+check the permissions on the Windows side and see that each of the
+three values has been checked in the Properties dialog box. What
+about the read-only attribute? By default, Samba sets this whenever a
+file does not have the Unix owner write permission bit set. In other
+words, you can set this bit by changing the permissions of the file
+to 555.</p>
+
+<p>The default value of the <tt class="literal">map</tt>
+<tt class="literal">archive</tt> option is <tt class="literal">yes</tt>, while
+the other two options have a default value of <tt class="literal">no</tt>.
+This is because many programs do not work properly if the archive bit
+is not stored correctly for DOS and Windows files. The system and
+hidden attributes, however, are not critical for a
+program's operation and are left to the discretion
+of the administrator.</p>
+
+<p><a href="ch08.html#samba2-CHP-8-FIG-2">Figure 8-2</a> summarizes the <a name="INDEX-37"/><a name="INDEX-38"/>Unix permission bits and
+illustrates how Samba maps those bits to DOS attributes. Note that
+the group read/write and world read/write bits do not directly
+translate to a DOS attribute, but they still retain their original
+Unix definitions on the Samba server.</p>
+
+<div class="figure"><a name="samba2-CHP-8-FIG-2"/><img src="figs/sam2_0802.gif"/></div><h4 class="head4">Figure 8-2. How Samba and Unix view the permissions of a file</h4>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-2.1"/>
+
+<h3 class="head2">Creation Masks</h3>
+
+<p><a name="INDEX-39"/>File and directory creation masks are
+similar to <a name="INDEX-40"/>umasks you
+have probably encountered while working with Unix systems. They are
+used to help define the permissions that will be assigned to a file
+or directory at the time it is created. Samba's
+masks work differently in that the bits that can be set are set in
+the creation mask, while in Unix umasks, the bits
+<em class="emphasis">cannot</em> be set are set in the umask. We think you
+will find Samba's method to be much more intuitive.
+Once in a while you might need to convert between a Unix umask and
+the equivalent Samba mask. It is simple: one is just the bitwise
+complement of the other. For example, an octal umask of 0022 has the
+same effect as a Samba mask of 0755.</p>
+
+<p>Unix umasks are set on a user-by-user basis, usually while executing
+the GUI's or command-line shell's
+startup scripts. When users connect to a Samba share from a network
+client, these scripts are not executed, so Samba supplies the ability
+to set the creation masks for files and directories. By default, this
+is done on a share-by-share basis, although you can use the
+<tt class="literal">include</tt> parameter in the Samba configuration file
+(as explained in <a href="ch06.html">Chapter 6</a>) to assign masks on a
+user-by-user basis, thus matching conventional Unix behavior.</p>
+
+<p>To show how Samba's create masks work, suppose we
+have a Windows Me user connecting to his Unix home directory through
+Samba, and Samba is configured with <tt class="literal">create</tt>
+<tt class="literal">mask</tt> <tt class="literal">=</tt> <tt class="literal">777</tt>
+in the <tt class="literal">[homes]</tt> share. With this value,
+<tt class="literal">create</tt> <tt class="literal">mask</tt> will not affect the
+bits that are set on new files. If the user creates a file with
+Wordpad, it will appear in the Unix filesystem like this:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ls -l file.doc</b></tt>
+-rwxrw-rw- 1 jay jay 0 Sep 21 11:02 file.doc</pre></blockquote>
+
+<p>Wordpad created the file with read/write permissions (i.e., the
+MS-DOS read-only attribute was not set), so Samba mapped the MS-DOS
+attributes to Unix read/write permissions for user, group, and other.
+The <a name="INDEX-41"/><a name="INDEX-42"/>execute bit is set for the owner
+because by default, the <tt class="literal">map</tt>
+<tt class="literal">archive</tt> parameter is set to
+<tt class="literal">yes</tt>. The other execute bits are not set because
+<tt class="literal">map</tt> <tt class="literal">system</tt> and
+<tt class="literal">map</tt> <tt class="literal">hidden</tt> are set to
+<tt class="literal">no</tt> by default. You can customize this behavior as
+you see fit, and unless you do backups from MS-DOS or Windows
+systems, you might want to specify <tt class="literal">map</tt>
+<tt class="literal">archive</tt> <tt class="literal">=</tt> <tt class="literal">no</tt>
+to avoid Windows files from appearing as executables on the Unix
+system.</p>
+
+<p>Now suppose we set
+<tt class="literal">create</tt><a name="INDEX-43"/> <tt class="literal">mask</tt> to have
+an effect. For example:</p>
+
+<blockquote><pre class="code">[homes]
+ create mask = 664</pre></blockquote>
+
+<p>This is equivalent to a Unix umask of 113. If the user creates the
+Wordpad document as before, it will show up as:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ls -l file.doc</b></tt>
+-rw-rw-r-- 1 jay jay 0 Sep 22 16:38 file.doc</pre></blockquote>
+
+<p>Comparing this to the previous example, notice that not only has the
+write permission for other disappeared as we expected, but so has the
+execute permission for owner. This happened because the value of
+<tt class="literal">create</tt> <tt class="literal">mask</tt> logically ANDs the
+owner's permissions with a 6, which has masked off
+the execute bit. The lesson here is that if you want to enable any of
+<tt class="literal">map</tt> <tt class="literal">archive</tt>,
+<tt class="literal">map</tt> <tt class="literal">system</tt>, or
+<tt class="literal">map</tt> <tt class="literal">hidden</tt>, you must be careful
+not to mask off the corresponding execute bit with your
+<tt class="literal">create</tt> <tt class="literal">mask</tt>.</p>
+
+<p>The <tt class="literal">directory</tt><a name="INDEX-44"/> <tt class="literal">mask</tt>
+option works similarly, masking permissions for newly created
+directories. The following example will allow the permissions of a
+newly created directory to be, at most, 755:</p>
+
+<blockquote><pre class="code">[data]
+ directory mask = 755</pre></blockquote>
+
+<p>Also, you can force various bits with the <tt class="literal">force</tt>
+<tt class="literal">create</tt> <tt class="literal">mode</tt> and
+<tt class="literal">force</tt> <tt class="literal">directory</tt>
+<tt class="literal">mode</tt> options. These options will perform a logical
+OR against the file and directory creation masks, ensuring that those
+bits that are specified will always be set. You would typically set
+these options globally to ensure that group and world read/write
+permissions have been set appropriately for new files or directories
+in each share.</p>
+
+<p>In the same spirit, if you wish to set explicitly the Unix user and
+group attributes of a file created on the Windows side, you can use
+the <tt class="literal">force</tt><a name="INDEX-45"/> <tt class="literal">user</tt> and
+<tt class="literal">force</tt><a name="INDEX-46"/> <tt class="literal">group</tt>
+options. For example:</p>
+
+<blockquote><pre class="code">[data]
+ create mask = 744
+ directory mask = 755
+ force user = joe
+ force group = accounting</pre></blockquote>
+
+<p>These options assign the same Unix username and group to every client
+that connects to the share. However, this occurs
+<em class="emphasis">after</em> the client authenticates; it does not
+allow free access to a share. These options are frequently used for
+their side effects of assigning a specific user and group to each new
+file or directory that is created in a share. Use these options with
+discretion.</p>
+
+<p>Finally, one of the capabilities of Unix that DOS lacks is the
+ability to delete a read-only file from a writable directory. In
+Unix, if a directory is writable, a read-only file in that directory
+can still be removed. This could permit you to delete files in any of
+your directories, even if the file was left by someone else.</p>
+
+<p>DOS filesystems are not designed for multiple users, and so its
+designers decided that read-only means &quot;protected
+against accidental change, including deletion,&quot;
+rather than &quot;protected against some other user on a
+single-user machine.&quot; So the designers of DOS
+prohibited removal of a read-only file. Even today, Windows
+filesystems exhibit the same behavior.</p>
+
+<p>Normally, this is harmless. Windows programs don't
+try to remove read-only files because they know it's
+a bad idea. However, a number of source-code control
+programs&mdash;which were first written for Unix&mdash;run on Windows
+and require the ability to delete read-only files. Samba permits this
+behavior with the <tt class="literal">delete</tt><a name="INDEX-47"/>
+<tt class="literal">readonly</tt> option. To enable this functionality, set
+the option to <tt class="literal">yes</tt>:</p>
+
+<a name="INDEX-48"/><blockquote><pre class="code">[data]
+ delete readonly = yes</pre></blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-2.2"/>
+
+<h3 class="head2">File and Directory Permission Options</h3>
+
+<p><a name="INDEX-49"/><a name="INDEX-50"/><a name="INDEX-51"/>The
+options for file and directory permissions are summarized in <a href="ch08.html#samba2-CHP-8-TABLE-2">Table 8-2</a>; each option is then described in detail.</p>
+
+<a name="samba2-CHP-8-TABLE-2"/><h4 class="head4">Table 8-2. File and directory permission options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">create mask</tt> <tt class="literal">(create mode)</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Maximum permissions for files created by Samba.</p>
+</td>
+<td>
+<p><tt class="literal">0744</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">directory mask</tt> <tt class="literal">(directory mode)</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Maximum permissions for directories created by Samba.</p>
+</td>
+<td>
+<p><tt class="literal">0744</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">force create mode</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Forces the specified permissions (bitwise <tt class="literal">or</tt>) for
+directories created by Samba.</p>
+</td>
+<td>
+<p><tt class="literal">0000</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">force directory</tt> <tt class="literal">mode</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Forces the specified permissions (bitwise <tt class="literal">or</tt>) for
+directories created by Samba.</p>
+</td>
+<td>
+<p><tt class="literal">0000</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">force group</tt> <tt class="literal">(group)</tt></p>
+</td>
+<td>
+<p>string ( group name)</p>
+</td>
+<td>
+<p>Effective group for a user accessing this share.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">force user</tt></p>
+</td>
+<td>
+<p>string (username)</p>
+</td>
+<td>
+<p>Effective username for a user accessing this share.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">delete readonly</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Allows a user to delete a read-only file from a writable directory.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">map archive</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Preserve DOS archive attribute in user execute bit (0100).</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">map system</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Preserve DOS system attribute in group execute bit (0010).</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">map hidden</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Preserve DOS hidden attribute in world execute bit (0001).</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">inherit permissions</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, permissions on new files and directories
+are inherited from parent directory.</p>
+</td>
+<td>
+<p>no</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-2.2.1"/>
+
+<a name="INDEX-52"/><h3 class="head3">create mask</h3>
+
+<p>The argument for this option is an octal number indicating which
+permission flags can be set at file creation by a client in a share.
+The default is 0744, which means that the Unix owner can at most
+read, write, and optionally execute her own files, while members of
+the user's group and others can only read or execute
+them. If you need to change it for nonexecutable files, we recommend
+0644, or <tt class="literal">rw-r--r--</tt>. Keep in mind that the execute
+bits can be used by the server to map certain DOS file attributes, as
+described earlier. If you're altering the create
+mask, those bits have to be part of the create mask as well.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-2.2.2"/>
+
+<a name="INDEX-53"/><h3 class="head3">directory mask</h3>
+
+<p>The argument for this option is an octal number indicating which
+permission flags can be set at directory creation by a client in a
+share. The default is 0744, which allows everyone on the Unix side
+to, at most, read and traverse the directories, but allows only you
+to modify them. We recommend the mask 0750, removing access by
+&quot;the world.&quot;</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-2.2.3"/>
+
+<a name="INDEX-54"/><h3 class="head3">force create mode</h3>
+
+<p>This option sets the permission bits that Samba will set when a file
+permission change is made. It's often used to force
+group permissions, as mentioned previously. It can also be used to
+preset any of the DOS attributes we mentioned: archive (0100), system
+(0010), or hidden (0001).</p>
+
+<a name="samba2-CHP-8-NOTE-139"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p><a name="INDEX-55"/>When saving
+documents, many Windows applications rename their datafiles with a
+<em class="filename">.bak</em> extension and create new ones. When the
+files are in a Samba share, this changes their ownership and
+permissions so that members of the same Unix group
+can't edit them. Setting <tt class="literal">force</tt>
+<tt class="literal">create mode = 0660</tt> will keep the new file editable
+by members of the group.</p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-2.2.4"/>
+
+<a name="INDEX-56"/><h3 class="head3">force directory mode</h3>
+
+<p>This option sets the permission bits that Samba will set when a
+directory permission change is made or a directory is created.
+It's often used to force group permissions, as
+mentioned previously. This option defaults to 0000 and can be used
+just like the <tt class="literal">force</tt> <tt class="literal">create</tt>
+<tt class="literal">mode</tt> to add group or other permissions if needed.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-2.2.5"/>
+
+<a name="INDEX-57"/><h3 class="head3">force group</h3>
+
+<p>This option, sometimes called <tt class="literal">group</tt>, assigns a
+static group ID that will be used on all connections to a share after
+the client has successfully authenticated. This assigns a specific
+group to each new file or directory created from an SMB client.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-2.2.6"/>
+
+<h3 class="head3">force user</h3>
+
+<p>The <tt class="literal">force</tt><a name="INDEX-58"/> <tt class="literal">user</tt> option
+assigns a static user ID that will be used on all connections to a
+share after the client has successfully authenticated. This assigns a
+specific user to each new file or directory created from an SMB
+client.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-2.2.7"/>
+
+<a name="INDEX-59"/><h3 class="head3">delete readonly</h3>
+
+<p>This option allows a user to delete a directory containing a
+read-only file. By default, DOS and Windows will not allow such an
+operation. You probably will want to leave this option turned off
+unless a program (for example, an RCS program) needs this capability;
+many Windows users would be appalled to find that
+they'd accidentally deleted a file that they had set
+as read-only.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-2.2.8"/>
+
+<a name="INDEX-60"/><h3 class="head3">map archive</h3>
+
+<p>The DOS archive bit is used to flag a file that has been changed
+since it was last archived (e.g., backed up with the DOS archive
+program). Setting the Samba option <tt class="literal">map</tt>
+<tt class="literal">archive</tt> <tt class="literal">=</tt>
+<tt class="literal">yes</tt> maps the DOS archive flag to the Unix
+execute-by-owner (0100) bit. It's best to leave this
+option on if your Windows users are doing their own backups or are
+using programs that require the archive bit. Unix lacks the notion of
+an archive bit entirely. Backup programs typically keep a file that
+lists what files were backed up on what date, so comparing
+file-modification dates serves the same purpose.</p>
+
+<p>Setting this option to <tt class="literal">yes</tt> causes an occasional
+surprise on Unix when a user notices that a datafile is marked as
+executable, but rarely causes harm. If a user tries to run it, he
+will normally get a string of error messages as the shell tries to
+execute the first few lines as commands. The reverse is also
+possible; an executable Unix program looks like it
+hasn't been backed up recently on Windows. But
+again, this is rare and usually harmless.</p>
+
+<p>For map archive to work properly, the execute bit for owner must not
+be masked off with the <tt class="literal">create</tt>
+<tt class="literal">mask</tt> parameter.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-2.2.9"/>
+
+<a name="INDEX-61"/><h3 class="head3">map system</h3>
+
+<p>The DOS system attribute indicates files that are required by the
+operating system and should not be deleted, renamed, or moved without
+special effort. Set this option only if you need to store Windows
+system files on the Unix fileserver. Executable Unix programs will
+appear to be nonremovable, special Windows files when viewed from
+Windows clients. This might prove mildly inconvenient if you want to
+move or remove one. For most sites, however, this is fairly harmless.</p>
+
+<p>For map archive to work properly, the execute bit for group must not
+be masked off with the <tt class="literal">create</tt>
+<tt class="literal">mask</tt> parameter.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-2.2.10"/>
+
+<a name="INDEX-62"/><h3 class="head3">map hidden</h3>
+
+<p>DOS uses the hidden attribute to indicate that a file should not
+ordinarily be visible in directory listings. Unix
+doesn't have such a facility; it's
+up to individual programs (notably, the shell) to decide what to
+display and what not to display. Normally, you won't
+have any DOS files that need to be hidden, so the best thing to do is
+to leave this option turned off.</p>
+
+<p>Setting this option to <tt class="literal">yes</tt> causes the server to
+map the hidden flag onto the executable-by-others bit (0001). This
+feature can produce a rather startling effect. Any Unix program that
+is executable by world seems to vanish when you look for it from a
+Windows client. If this option is not set, however, and a Windows
+user attempts to mark a file hidden on a Samba share, it will not
+work&mdash;Samba has no place to store the hidden attribute!</p>
+
+<p>For map archive to work properly, the execute bit for other must not
+be masked off with the <tt class="literal">create</tt>
+<tt class="literal">mask</tt> parameter.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-2.2.11"/>
+
+<h3 class="head3">inherit permissions</h3>
+
+<p>When the <tt class="literal">inherit</tt><a name="INDEX-63"/>
+<tt class="literal">permissions</tt> option is set to
+<tt class="literal">yes</tt>, the <tt class="literal">create</tt>
+<tt class="literal">mask</tt>, <tt class="literal">directory</tt>
+<tt class="literal">mask</tt>, <tt class="literal">force</tt>
+<tt class="literal">create</tt> <tt class="literal">mode</tt>, and
+<tt class="literal">force</tt> <tt class="literal">directory</tt>
+<tt class="literal">mode</tt> are ignored. The normal behavior of setting
+the permissions on newly created files is overridden such that the
+new files and directories take on permissions from their parent
+directory. New directories will have exactly the same permissions as
+the parent, and new files will inherit the read and write bits from
+the parent directory, while the execute bits are determined as usual
+by the values of the <tt class="literal">map</tt>
+<tt class="literal">archive</tt>, <tt class="literal">map</tt>
+<tt class="literal">hidden</tt>, and <tt class="literal">map</tt>
+<tt class="literal">system</tt> parameters.</p>
+
+<p>By default, this option is set to <tt class="literal">no</tt>. <a name="INDEX-64"/><a name="INDEX-65"/><a name="INDEX-66"/> <a name="INDEX-67"/><a name="INDEX-68"/><a name="INDEX-69"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-8-SECT-3"/>
+
+<h2 class="head1">Windows NT/2000/XP ACLs</h2>
+
+<p><a name="INDEX-70"/><a name="INDEX-71"/><a name="INDEX-72"/><a name="INDEX-73"/>Unix and Windows
+have different <a name="INDEX-74"/>security models, and Windows NT/2000/XP
+has a security model that is different from Windows 95/98/Me. One
+area in which this is readily apparent is file protections. On Unix
+systems, the method used has traditionally been the 9-bit
+&quot;user, group, other&quot; system, in
+which read, write, and execute bits can be set separately for the
+owner of the file, the groups to which the owner belongs, and
+everyone else, respectively.</p>
+
+<p><a name="INDEX-75"/>Windows 95/98/Me has a file-protection
+system that is essentially no protection at all. This family of
+operating systems was developed from MS-DOS, which was implemented as
+a non-networked, single-user system. Multiuser security simply was
+never added. One apparent exception to this is user-level security
+for shared files, which we will discuss in <a href="ch09.html">Chapter 9</a>. Here, separate access permissions can be
+assigned to individual network client users or groups. However,
+user-level security on Windows 95/98/Me systems requires a Windows
+NT/2000 or Samba server to perform the actual authentication.</p>
+
+<p>On <a name="INDEX-76"/><a name="INDEX-77"/><a name="INDEX-78"/>Windows NT/2000/XP,
+user-level security is an extension of the native file security
+model, which involves access control lists (ACLs). This system is
+somewhat more extensive than the Unix security model, allowing the
+access rights on individual files to be set separately for any number
+of individual users and/or any number of arbitrary groups of users.
+<a href="ch08.html#samba2-CHP-8-FIG-3">Figure 8-3</a>, <a href="ch08.html#samba2-CHP-8-FIG-4">Figure 8-4</a>,
+and <a href="ch08.html#samba2-CHP-8-FIG-5">Figure 8-5</a> show the dialog boxes on a Windows
+2000 system in which the ACL is set for a file. By right-clicking a
+file's icon and selecting Properties, then selecting
+the Security tab, we get to the dialog box shown in <a href="ch08.html#samba2-CHP-8-FIG-3">Figure 8-3</a>. Here, we can set the basic permissions for a
+file, which are similar to Unix permissions, although not identical.</p>
+
+<div class="figure"><a name="samba2-CHP-8-FIG-3"/><img src="figs/sam2_0803.gif"/></div><h4 class="head4">Figure 8-3. The Security tab of the file Properties dialog</h4>
+
+<p>By clicking the Advanced tab, we can bring up the dialog box shown in
+<a href="ch08.html#samba2-CHP-8-FIG-4">Figure 8-4</a>, which shows the list of
+<a name="INDEX-79"/>access control entries (ACEs) in the ACL.
+In this dialog, ACEs can be added to or deleted from the ACL, or an
+existing ACE can be viewed and modified. Each ACE either allows or
+denies a set of permissions for a specific user or group.</p>
+
+<div class="figure"><a name="samba2-CHP-8-FIG-4"/><img src="figs/sam2_0804.gif"/></div><h4 class="head4">Figure 8-4. The Permissions tab of the Access Control Settings dialog</h4>
+
+<div class="figure"><a name="samba2-CHP-8-FIG-5"/><img src="figs/sam2_0805.gif"/></div><h4 class="head4">Figure 8-5. Permission Entry dialog, showing the settings of an ACE</h4>
+
+<p><a href="ch08.html#samba2-CHP-8-FIG-5">Figure 8-5</a> shows the dialog box for adding an ACE.
+As you can see, there are more options for permissions in an ACL than
+with the permission bits on typical Unix systems. You can learn more
+about these settings in <em class="citetitle">Essential Windows NT System
+Administration</em>, published by O'Reilly.</p>
+
+<p>In a networked environment where a Samba server is serving files to
+Windows NT/2000/XP clients, Samba has to map Unix permissions for
+files and directories to Windows NT/2000/XP access control lists.
+When a Windows NT/2000/XP client accesses a shared file or directory
+on a Samba server, Samba translates the object's
+ownership, group, and permissions into an ACL and returns them to the
+client.</p>
+
+<p><a href="ch08.html#samba2-CHP-8-FIG-6">Figure 8-6</a> shows the Properties dialog box for the
+file <em class="filename">shopping_list.doc</em> that resides on the Samba
+server.</p>
+
+<div class="figure"><a name="samba2-CHP-8-FIG-6"/><img src="figs/sam2_0806.gif"/></div><h4 class="head4">Figure 8-6. The Properties dialog for a file on the Samba server</h4>
+
+<p>From Unix, this file appears as:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ls -l shopping_list.doc</b></tt>
+-rw------- 1 adilia users 49 Mar 29 11:58 shopping_list.doc</pre></blockquote>
+
+<p>Notice that because the file has read permissions for the owner, the
+Read-only checkbox will show as cleared, even though the user on the
+Windows client (who is not <tt class="literal">adilia</tt> in this example)
+does not have read access permissions. The checkboxes here show only
+DOS attributes. By clicking the Security tab, we can start to examine
+the ACLs, as shown in <a href="ch08.html#samba2-CHP-8-FIG-7">Figure 8-7</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-8-FIG-7"/><img src="figs/sam2_0807.gif"/></div><h4 class="head4">Figure 8-7. The Security tab of the Properties dialog for a file on the Samba server</h4>
+
+<p>The owner of the file (<tt class="literal">adilia</tt>) is shown as one
+entry, while the group (<tt class="literal">users</tt>) and other
+permissions are presented as the groups called
+<tt class="literal">users</tt> and <tt class="literal">Everyone</tt>. Clicking
+one of the items in the upper windows causes the simplified view of
+the permissions in that item to appear in the bottom window. Here,
+the read/write permissions for <tt class="literal">adilia</tt> appear in a
+manner that makes the security model of Unix and Windows seem
+similar. However, clicking the Advanced . . . button brings up the
+additional dialog box shown in <a href="ch08.html#samba2-CHP-8-FIG-8">Figure 8-8</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-8-FIG-8"/><img src="figs/sam2_0808.gif"/></div><h4 class="head4">Figure 8-8. The Access Control Settings dialog for a file on the Samba server</h4>
+
+<p>In this dialog box, we see the actual ACL of the file. The ACEs for
+<tt class="literal">users</tt> and <tt class="literal">Everyone</tt> are listed
+with Take Ownership in the Permission column. This is a trick used by
+Samba for ACLs that have no permissions on the Unix side. On Windows,
+an ACL with nothing set results in no ACL at all, so Samba sets the
+Take Ownership permission to make sure that all the ACLs
+corresponding to the Unix &quot;user, group,
+other&quot; permissions will show up on Windows. The Take
+Ownership permission has no corresponding Unix attribute, so the
+setting on Windows does not affect the actual file on the Unix system
+in any way. Although Windows client users might be misled into
+thinking they can take ownership of the file (that is, change the
+ownership of the file to themselves), an actual attempt to do so will
+fail.</p>
+
+<p>The Permissions column for the <tt class="literal">adilia</tt> ACL is
+listed as Special because Samba reports permissions for the file that
+do not correspond to settings for which Windows has a more
+descriptive name. Clicking the entry and then clicking the View/Edit
+. . . button brings up the dialog box shown in <a href="ch08.html#samba2-CHP-8-FIG-9">Figure 8-9</a>, in which the details of the ACL permissions
+can be viewed and perhaps modified.</p>
+
+<div class="figure"><a name="samba2-CHP-8-FIG-9"/><img src="figs/sam2_0809.gif"/></div><h4 class="head4">Figure 8-9. Permission Entry dialog for a file served by Samba</h4>
+
+<p>We say &quot;perhaps&quot; here because
+checking or unchecking boxes in this dialog box might not result in
+settings that Samba is able to map back into the Unix security model.
+When a user attempts to modify a setting (either permissions or
+ownership) that she does not have authority to change, or does not
+correspond to a valid setting on the Unix system, Samba will respond
+with an error dialog or by quietly ignoring the unmappable settings.</p>
+
+<p>The ACLs for a directory are slightly different. <a href="ch08.html#samba2-CHP-8-FIG-10">Figure 8-10</a> shows the ACL view after clicking the Advanced
+button.</p>
+
+<div class="figure"><a name="samba2-CHP-8-FIG-10"/><img src="figs/sam2_0810.gif"/></div><h4 class="head4">Figure 8-10. The Access Control Settings dialog for a directory on the Samba server</h4>
+
+<p>Here, there are two ACLs each for <tt class="literal">users</tt> and
+<tt class="literal">Everyone</tt>. One ACL specifies the permissions for
+the directory itself, and the other specifies permissions for the
+directory's contents. When changing settings in the
+View/Edit... dialog, there is an extra drop-down menu to apply the
+settings either to just the directory or to some combination of the
+directory and the files and directories it contains. If settings are
+applied to more than just the directory, Samba will match the
+behavior of a Windows server and change the permissions on the
+contents of the directory, as specified in the dialog.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-3.1"/>
+
+<h3 class="head2">Unix ACLs</h3>
+
+<p><a name="INDEX-80"/><a name="INDEX-81"/>In
+most cases, users of Windows clients will find the Unix security
+model to be sufficient. However, in some cases, people might want the
+Samba server to support the full Windows ACL security model. Even if
+they don't need the fine-grained control over file
+and directory permissions, they might find Samba's
+translation between ACLs and Unix permissions to be a source of
+confusion or frustration.</p>
+
+<p>When the underlying Unix host operating system supports
+<a name="INDEX-82"/><a name="INDEX-83"/>POSIX.1e ACLs, Samba provides much better
+support of Windows NT/2000/XP ACLs. Versions of Unix that offer the
+necessary support include the following:</p>
+
+<ul><li>
+<p>Solaris 2.6 and later</p>
+</li><li>
+<p>SGI Irix</p>
+</li><li>
+<p>Linux, with Andreas Gr&uuml;nbacher's kernel
+patch from <a href="http://acl.bestbits.at">http://acl.bestbits.at</a>
+that adds ACL support to the Linux ext2 and ext3 filesystems</p>
+</li><li>
+<p>Linux, with the XFS filesystem</p>
+</li><li>
+<p>AIX</p>
+</li><li>
+<p>FreeBSD 5.0 and later</p>
+</li><li>
+<p>HP/UX 11.0 and later, with the JFS 3.3 filesystem layout Version 4</p>
+</li></ul>
+<p>If you are fortunate enough to have a Unix host operating system with
+ACL support already provided, all you need to do is recompile Samba
+using the <tt class="literal">--with-acl-support</tt> configure option, as
+we described in <a href="ch02.html">Chapter 2</a>. If you are running
+Linux and need to patch your kernel, things are much more
+complicated. We suggest you refer to the documentation that comes
+with the patch for details on using it.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-3.2"/>
+
+<h3 class="head2">Configuration Options for ACLs</h3>
+
+<p><a href="ch08.html#samba2-CHP-8-TABLE-3">Table 8-3</a> <a name="INDEX-84"/><a name="INDEX-85"/>shows the Samba configuration options
+for working with Windows NT/2000/XP access control lists.</p>
+
+<a name="samba2-CHP-8-TABLE-3"/><h4 class="head4">Table 8-3. ACL configuration options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">nt acl support</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, allows users on Windows NT/2000/XP clients
+to modify ACL settings</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">security mask</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Bitmask that allows or denies permission settings on files</p>
+</td>
+<td>
+<p><tt class="literal">0777</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">force security</tt> <tt class="literal">mode</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Bits that are always set when modifying file permissions</p>
+</td>
+<td>
+<p><tt class="literal">0000</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">directory</tt> <tt class="literal">security mask</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Bitmask that allows or denies permission settings on directories</p>
+</td>
+<td>
+<p><tt class="literal">0777</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">force directory</tt> <tt class="literal">security mode</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Bits that are always set when modifying directory permissions</p>
+</td>
+<td>
+<p><tt class="literal">0000</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-3.2.1"/>
+
+<a name="INDEX-86"/><h3 class="head3">nt acl support</h3>
+
+<p>This parameter defaults to <tt class="literal">yes</tt>, which allows users
+on Windows NT/2000/XP clients to modify ACL settings for files on the
+Samba server. When set to <tt class="literal">no</tt>, files show up as
+owned by <tt class="literal">Everyone</tt>, with permissions appearing as
+&quot;Full Control&quot;. However,
+<em class="emphasis">actual</em> ownership and permissions are enforced as
+whatever they are set to on the Samba server, and the user on the
+Windows client cannot view or modify them with the dialog boxes used
+for managing ACLs.</p>
+
+<p>When enabled, support for Windows NT/2000/XP ACLs is limited to
+whatever ownerships and permissions can map into valid users and
+permissions on the Samba server. If the server supports ACLs (either
+&quot;out of the box&quot; or with an
+additional patch to enhance the filesystem), Samba's
+ACL support more closely matches that of a Windows NT/2000/XP server.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-3.2.2"/>
+
+<h3 class="head3">security mask</h3>
+
+<p>Using the <tt class="literal">security</tt><a name="INDEX-87"/>
+<tt class="literal">mask</tt> option, it is possible to define which file
+permissions users can modify from Windows NT/2000/XP clients. This is
+for files only and not directories, which are handled with the
+<tt class="literal">directory</tt><a name="INDEX-88"/>
+<tt class="literal">security</tt> <tt class="literal">mask</tt> option. The
+parameter is assigned a numeric value that is a Unix-style
+permissions mask. For bits in the mask that are set, the client can
+modify the corresponding bits in the files'
+permissions. If the bit is zero, the client cannot modify that
+permission. For example, if <tt class="literal">security</tt>
+<tt class="literal">mask</tt> is set as:</p>
+
+<blockquote><pre class="code">[data]
+ security mask = 0777</pre></blockquote>
+
+<p>the client can modify all the user/group/other permissions for the
+files in the share. This is the default. A value of
+<tt class="literal">0</tt> would deny clients from changing any of the
+permissions, and setting <tt class="literal">security</tt>
+<tt class="literal">mask</tt> as:</p>
+
+<blockquote><pre class="code">[data]
+ security mask = 0666</pre></blockquote>
+
+<p>would allow client users to modify the read and write permissions,
+but not the execute permissions.</p>
+
+<p>Do not count on <tt class="literal">security</tt> <tt class="literal">mask</tt>
+for complete control because if the user can access the files on the
+Samba server through any other means (for example, by logging
+directly into the Unix host), he can modify the permissions using
+that method.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-3.2.3"/>
+
+<h3 class="head3">force security mode</h3>
+
+<p>The <tt class="literal">force</tt><a name="INDEX-89"/>
+<tt class="literal">security</tt> <tt class="literal">mode</tt> option can be
+used to define a set of permissions that are always set whenever the
+user on a Windows NT/2000/XP client modifies a
+file's permissions. (See the
+<tt class="literal">force</tt> <tt class="literal">directory</tt>
+<tt class="literal">security</tt> <tt class="literal">mode</tt> option for
+handling directories.)</p>
+
+<p>Be careful to understand this properly. The mask given as the
+parameter's value is not necessarily equal to the
+resulting permissions on the file. The permissions that the client
+user attempts to modify are logically OR'd with the
+<tt class="literal">force</tt> <tt class="literal">security</tt>
+<tt class="literal">mode</tt> <tt class="literal">mask</tt> option, and any bits
+that are turned on will cause the file's
+corresponding permissions to be set. As an example, suppose
+<tt class="literal">force</tt> <tt class="literal">security</tt>
+<tt class="literal">mode</tt> is set in a share thusly:</p>
+
+<blockquote><pre class="code">[data]
+ force security mode = 0440</pre></blockquote>
+
+<p>(This sets the read bit for owner and group, but not other.) If a
+user on a Windows NT/2000/XP client modifies an ACL on a file in the
+<tt class="literal">[data]</tt> share and attempts to remove all read
+permissions, the read permission for other
+(<tt class="literal">Everyone</tt>) will be removed, but the read
+permission for the owner and group will remain. Note that this
+parameter cannot force a permission bit to be turned off.</p>
+
+<p>As with the <tt class="literal">security</tt> <tt class="literal">mask</tt>
+option, if a user can access the files in the share through any means
+other than Samba, she can easily work around Samba's
+enforcement of this parameter.</p>
+
+<p>The default value of <tt class="literal">force</tt>
+<tt class="literal">security</tt> <tt class="literal">mode</tt> is
+<tt class="literal">0000</tt>, which allows users to remove any permission
+from files.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-3.2.4"/>
+
+<a name="INDEX-90"/><h3 class="head3">directory security mask</h3>
+
+<p>This option works exactly the same as the <tt class="literal">security</tt>
+<tt class="literal">mask</tt> option, except that it operates on
+directories rather than files. As with <tt class="literal">security</tt>
+<tt class="literal">mask</tt>, it has a default value of
+<tt class="literal">0777</tt>, which allows Windows NT/2000/XP client users
+to modify all Unix permissions on directories in the share.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-3.2.5"/>
+
+<a name="INDEX-91"/><h3 class="head3">force directory security mode</h3>
+
+<p>This option works exactly the same as the <tt class="literal">force</tt>
+<tt class="literal">security</tt> <tt class="literal">mode</tt> option, except
+that it operates on directories rather than files. It also has a
+default value of <tt class="literal">0000</tt>, which allows Windows
+NT/2000/XP client users to remove any permissions from directories in
+the share. <a name="INDEX-92"/><a name="INDEX-93"/><a name="INDEX-94"/><a name="INDEX-95"/> <a name="INDEX-96"/><a name="INDEX-97"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-8-SECT-4"/>
+
+<h2 class="head1">Name Mangling and Case</h2>
+
+<p><a name="INDEX-98"/><a name="INDEX-99"/><a name="INDEX-100"/><a name="INDEX-101"/>Back
+in the days of DOS and Windows 3.1, every filename was limited to
+eight uppercase characters, followed by a dot, and three more
+uppercase characters. This was known as the <em class="firstterm">8.3
+format</em> and was a huge nuisance. Windows 95/98/Me, Windows
+NT/2000/XP, and Unix have since relaxed this problem by allowing
+longer, sometimes case-sensitive, filenames. <a href="ch08.html#samba2-CHP-8-TABLE-4">Table 8-4</a> shows the current naming state of several
+popular operating systems.</p>
+
+<a name="samba2-CHP-8-TABLE-4"/><h4 class="head4">Table 8-4. Operating system filename limitations</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Operating system</p>
+</th>
+<th>
+<p>File-naming rules</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>DOS 6.22 or below</p>
+</td>
+<td>
+<p>Eight characters followed by a dot followed by a three-letter
+extension (8.3 format); case-insensitive</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows 3.1 for Workgroups</p>
+</td>
+<td>
+<p>Eight characters followed by a dot followed by a three-letter
+extension (8.3 format); case-insensitive</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows 95/98/Me</p>
+</td>
+<td>
+<p>255 characters; case-insensitive but case-preserving</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows NT/2000/XP</p>
+</td>
+<td>
+<p>255 characters; case-insensitive but case-preserving</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Unix</p>
+</td>
+<td>
+<p>255 characters; case-sensitive</p>
+</td>
+</tr>
+
+</table>
+
+<p>Samba still has to remain backward-compatible with network clients
+that store files in just the 8.3 format, such as Windows for
+Workgroups. If a user creates a file on a share called
+<em class="emphasis">antidisestablishmentarianism.txt</em>, a Windows for
+Workgroups client cannot tell it apart from another file in the same
+directory called <em class="emphasis">antidisease.txt</em>. Like Windows
+95/98/Me and Windows NT/2000/XP, Samba has to employ a special method
+for translating a long filename to an 8.3 filename in such a way that
+similar filenames will not cause collisions. This is called
+<em class="firstterm">name mangling</em>, and Samba deals with this in a
+manner that is similar, but not identical to, Windows 95 and its
+successors.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-4.1"/>
+
+<h3 class="head2">The Samba Mangling Operation</h3>
+
+<p><a name="INDEX-102"/>Here is how Samba mangles a long
+filename into an 8.3 filename:</p>
+
+<ul><li>
+<p>If the original filename does not begin with a dot, the first five
+characters before the dot (if there is one) are converted to
+uppercase. These characters are used as the first five characters of
+the 8.3 mangled filename.</p>
+</li><li>
+<p>If the original filename begins with a dot, the dot is removed and
+then the previous step is performed on what is left.</p>
+</li><li>
+<p>These characters are immediately followed by a special mangling
+character: by default, a tilde (~), although Samba allows you to
+change this character.</p>
+</li><li>
+<p>The base of the long filename before the last period is hashed into a
+two-character code; parts of the name after the last dot can be used
+if necessary. This two-character code is appended to the filename
+after the mangling character.</p>
+</li><li>
+<p>The first three characters after the last dot (if there is one) of
+the original filename are converted to uppercase and appended onto
+the mangled name as the extension. If the original filename began
+with a dot, three underscores ( <tt class="literal">_ _ _</tt> ) are used
+as the extension instead.</p>
+</li></ul>
+<p>Here are some examples:</p>
+
+<blockquote><pre class="code">virtuosity.dat VIRTU~F1.DAT
+.htaccess HTACC~U0._ _ _
+hello.java HELLO~1F.JAV
+team.config.txt TEAMC~04.TXT
+antidisestablishmentarianism.txt ANTID~E3.TXT
+antidisease.txt ANTID~9K.TXT</pre></blockquote>
+
+<p>Using these rules will allow Windows for Workgroups to differentiate
+the two files on behalf of the poor individual who is forced to see
+the network through the eyes of that operating system. Note that the
+same long filename should always hash to the same mangled name with
+Samba; this doesn't always happen with Windows. The
+downside of this approach is that there can still be collisions;
+however, the chances are greatly reduced.</p>
+
+<p>You generally want to use the mangling configuration options with
+only the oldest clients. We recommend doing this without disrupting
+other clients by adding an <tt class="literal">include</tt> directive to
+the <em class="filename">smb.conf</em> file:</p>
+
+<blockquote><pre class="code">[global]
+ include = /usr/local/samba/lib/smb.conf.%a</pre></blockquote>
+
+<p>This resolves to <em class="filename">smb.conf.WfWg</em> when a Windows
+for Workgroups client attaches. Now you can create a file
+<em class="filename">/usr/local/samba/lib/smb.conf.WfWg</em>, which might
+contain these options:</p>
+
+<blockquote><pre class="code">[global]
+ case sensitive = no
+ default case = upper
+ preserve case = no
+ short preserve case = no
+ mangle case = yes
+ mangled names= yes</pre></blockquote>
+
+<p>If you are not using Windows for Workgroups, you probably do not need
+to change any of these options from their defaults.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-4.1.1"/>
+
+<h3 class="head3">Representing and resolving filenames with Samba</h3>
+
+<p><a name="INDEX-103"/>Another item that we should
+point out is that there is a difference between how an operating
+system <em class="emphasis">represents</em> a file and how it
+<em class="emphasis">resolves</em> it. For example, you have likely run
+across a file on a Windows system called
+<em class="filename">README.TXT</em>. The file can be represented by the
+operating system entirely in uppercase letters. However, if you open
+an MS-DOS command prompt and enter the command:</p>
+
+<blockquote><pre class="code">C:\&gt; <tt class="userinput"><b>notepad readme.txt</b></tt></pre></blockquote>
+
+<p>the all-caps file is loaded into the editing program, even though you
+typed the name in lowercase letters.</p>
+
+<p>This is because the Windows 95/98/Me and Windows NT/2000/XP families
+of operating systems resolve filenames in a case-insensitive manner,
+even though the files are represented in a case-sensitive manner.
+Unix-based operating systems, on the other hand, always resolve files
+in a case-sensitive manner; if you try to edit
+<em class="filename">README.TXT</em> with the command:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>vi readme.txt</b></tt></pre></blockquote>
+
+<p>you will likely be editing the empty buffer of a new file.</p>
+
+<p><a name="INDEX-104"/>Here is how Samba handles case: if the
+<tt class="literal">preserve</tt><a name="INDEX-105"/> <tt class="literal">case</tt> is set
+to <tt class="literal">yes</tt>, Samba will always use the case provided by
+the operating system for representing (not resolving) filenames. If
+it is set to <tt class="literal">no</tt>, it will use the case specified by
+the <tt class="literal">default</tt><a name="INDEX-106"/> <tt class="literal">case</tt> option.
+The same is true for
+<tt class="literal">short</tt><a name="INDEX-107"/>
+<tt class="literal">preserve</tt> <tt class="literal">case</tt>. If this option
+is set to <tt class="literal">yes</tt>, Samba will use the default case of
+the operating system for representing 8.3 filenames; otherwise, it
+will use the case specified by the <tt class="literal">default</tt>
+<tt class="literal">case</tt> option. Finally, Samba will always resolve
+filenames in its shares based on the value of the
+<tt class="literal">case</tt> <tt class="literal">sensitive</tt> option.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-4.2"/>
+
+<h3 class="head2">Mangling Options</h3>
+
+<p><a name="INDEX-108"/><a name="INDEX-109"/>Samba
+allows more refined instructions on how it should perform name
+mangling, including those controlling the case sensitivity, the
+character inserted to form a mangled name, and the ability to map
+filenames manually from one format to another. These options are
+shown in <a href="ch08.html#samba2-CHP-8-TABLE-5">Table 8-5</a>.</p>
+
+<a name="samba2-CHP-8-TABLE-5"/><h4 class="head4">Table 8-5. Name-mangling options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">case sensitive</tt></p>
+
+<p><tt class="literal">(casesignames)</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, treats filenames as case-sensitive
+(Windows doesn't).</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">default case</tt></p>
+</td>
+<td>
+<p>string (<tt class="literal">upper</tt> or <tt class="literal">lower</tt>)</p>
+</td>
+<td>
+<p>Case to assume as default (used only when preserve case is
+<tt class="literal">no</tt>).</p>
+</td>
+<td>
+<p>Lower</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">preserve case</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, keep the case the client supplied (i.e.,
+do not convert to <tt class="literal">default</tt>
+<tt class="literal">case</tt>).</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">short preserve case</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, preserve case of 8.3-format names that the
+client provides.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">mangled names</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Mangles long names into 8.3 DOS format.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">mangle case</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Mangle a name if it is mixed case.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">mangling char</tt></p>
+</td>
+<td>
+<p>string (single character)</p>
+</td>
+<td>
+<p>Gives mangling character.</p>
+</td>
+<td>
+<p><tt class="literal">~</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">mangled stack</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Number of mangled names to keep on the local mangling stack.</p>
+</td>
+<td>
+<p><tt class="literal">50</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">mangled map</tt></p>
+</td>
+<td>
+<p>string (list of patterns)</p>
+</td>
+<td>
+<p>Allows mapping of filenames from one format into another.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-4.2.1"/>
+
+<a name="INDEX-110"/><h3 class="head3">case sensitive</h3>
+
+<p>This share-level option, which has the obtuse synonym
+<tt class="literal">casesignames</tt>, specifies whether Samba should
+preserve case when resolving filenames in a specific share. The
+default value for this option is <tt class="literal">no</tt>, which is how
+Windows handles file resolution. If clients are using an operating
+system that takes advantage of case-sensitive filenames, you can set
+this configuration option to <tt class="literal">yes</tt> as shown here:</p>
+
+<blockquote><pre class="code">[accounting]
+ case sensitive = yes</pre></blockquote>
+
+<p>Otherwise, we recommend that you leave this option set to its default.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-4.2.2"/>
+
+<h3 class="head3">default case</h3>
+
+<p>The <tt class="literal">default</tt><a name="INDEX-111"/> <tt class="literal">case</tt> option
+is used with <tt class="literal">preserve</tt> <tt class="literal">case</tt>.
+This specifies the default case (upper or lower) Samba uses to create
+a file on one of its shares on behalf of a client. The default case
+is <tt class="literal">lower</tt>, which means that newly created files
+will have lowercase names. If you need to, you can override this
+global option by specifying the following:</p>
+
+<blockquote><pre class="code">[global]
+ default case = upper</pre></blockquote>
+
+<p>If you specify this value, the names of newly created files are
+translated into uppercase and cannot be overridden in a program. We
+recommend that you use the default value unless you are dealing with
+a Windows for Workgroups or other 8.3 client, in which case it should
+be <tt class="literal">upper</tt>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-4.2.3"/>
+
+<a name="INDEX-112"/><h3 class="head3">preserve case</h3>
+
+<p>This option specifies whether a file created by Samba on behalf of
+the client is created with the case provided by the client operating
+system or the case specified by the earlier
+<tt class="literal">default</tt> <tt class="literal">case</tt> configuration
+option. The default value is <tt class="literal">yes</tt>, which uses the
+case provided by the client operating system. If it is set to
+<tt class="literal">no</tt>, the value of the <tt class="literal">default</tt>
+<tt class="literal">case</tt> option (upper or lower) is used.</p>
+
+<p>Note that this option does not handle 8.3 file requests sent from the
+client&mdash;see the upcoming <tt class="literal">short</tt>
+<tt class="literal">preserve</tt> <tt class="literal">case</tt> option. You might
+want to set this option to <tt class="literal">yes</tt>, for example, if
+applications that create files on the Samba server demand the file be
+all uppercase. If instead you want Samba to mimic the behavior of a
+Windows NT filesystem, you can leave this option set to its default,
+<tt class="literal">yes</tt>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-4.2.4"/>
+
+<a name="INDEX-113"/><h3 class="head3">short preserve case</h3>
+
+<p>This option specifies whether an 8.3 filename created by Samba on
+behalf of the client is created with the default case of the client
+operating system or the case specified by the
+<tt class="literal">default</tt> <tt class="literal">case</tt> configuration
+option. The default value is <tt class="literal">yes</tt>, which uses the
+case provided by the client operating system. You can let Samba
+choose the case through the <tt class="literal">default</tt>
+<tt class="literal">case</tt> option by setting it as follows:</p>
+
+<blockquote><pre class="code">[global]
+ short preserve case = no</pre></blockquote>
+
+<p>If you want to force Samba to mimic the behavior of a Windows NT
+filesystem, you can leave this option set to its default,
+<tt class="literal">yes</tt>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-4.2.5"/>
+
+<a name="INDEX-114"/><h3 class="head3">mangled names</h3>
+
+<p>This share-level option specifies whether Samba will mangle filenames
+for 8.3 clients. If the option is set to <tt class="literal">no</tt>, Samba
+will not mangle the names, and (depending on the client) they will
+either be invisible or appear truncated to those using 8.3 operating
+systems. The default value is <tt class="literal">yes</tt>. You can
+override it per share as follows:</p>
+
+<blockquote><pre class="code">[data]
+ mangled names = no</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-4.2.6"/>
+
+<a name="INDEX-115"/><h3 class="head3">mangle case</h3>
+
+<p>This option tells Samba whether it should mangle filenames that are
+not composed entirely of the case specified using the
+<tt class="literal">default</tt> <tt class="literal">case</tt> configuration
+option. The default for this option is <tt class="literal">no</tt>. If you
+set it to <tt class="literal">yes</tt>, you should be sure that all clients
+can handle the mangled filenames that result. You can override it per
+share as follows:</p>
+
+<blockquote><pre class="code">[data]
+ mangle case = yes</pre></blockquote>
+
+<p>We recommend that you leave this option alone unless you have a
+well-justified need to change it.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-4.2.7"/>
+
+<a name="INDEX-116"/><h3 class="head3">mangling char</h3>
+
+<p>This share-level option specifies the mangling character used when
+Samba mangles filenames into the 8.3 format. The default character
+used is a tilde (~). You can reset it to whatever character you wish.
+For instance:</p>
+
+<blockquote><pre class="code">[data]
+ mangling char = #</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-4.2.8"/>
+
+<a name="INDEX-117"/><h3 class="head3">mangled stack</h3>
+
+<p>Samba maintains a local stack of recently mangled 8.3 filenames; this
+stack can be used to reverse-map mangled filenames back to their
+original state. This is often needed by applications that create and
+save a file, close it, and need to modify it later. The default
+number of long filename/mangled filename pairs stored on this stack
+is 50. However, if you want to cut down on the amount of processor
+time used to mangle filenames, you can increase the size of the stack
+to whatever you wish, at the expense of memory and slightly slower
+file access:</p>
+
+<blockquote><pre class="code">[global]
+ mangled stack = 100</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-4.2.9"/>
+
+<a name="INDEX-118"/><h3 class="head3">mangled map</h3>
+
+<p>If the default behavior of name mangling is not sufficient, you can
+give Samba further instructions on how to behave using the
+<tt class="literal">mangled</tt> <tt class="literal">map</tt> option. This option
+allows you to specify mapping patterns that can be used in place of
+name mangling performed by Samba. For example:</p>
+
+<blockquote><pre class="code">[data]
+ mangled map =(*.database *.db) (*.class *.cls)</pre></blockquote>
+
+<p>Here, Samba is instructed to search each encountered file for
+characters that match the first pattern specified in the parenthesis
+and convert them to the modified second pattern in the parenthesis
+for display on an 8.3 client. This is useful in the event that name
+mangling converts the filename incorrectly or converts it to a format
+that the client cannot understand readily. Patterns are separated by
+whitespaces. <a name="INDEX-119"/><a name="INDEX-120"/> <a name="INDEX-121"/><a name="INDEX-122"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-8-SECT-5"/>
+
+<h2 class="head1">Locks and Oplocks</h2>
+
+<p><a name="INDEX-123"/><a name="INDEX-124"/><a name="INDEX-125"/><a name="INDEX-126"/>Concurrent
+writes to a single file are not desirable in any operating system. To
+prevent this, most operating systems use <em class="firstterm">locks</em>
+to guarantee that only one process can write to a file at a time.
+Operating systems traditionally lock entire files, although newer
+ones allow a range of bytes within a file to be locked. If another
+process attempts to write to a file (or section of one) that is
+already locked, it receives an error from the operating system and
+will have to wait until the lock is released.</p>
+
+<p>Samba supports the standard DOS and NT filesystem (deny-mode) locking
+requests&mdash;which allow only one process to write to an entire
+file on a server at a given time&mdash;as well as byte-range locking.
+In addition, Samba supports a locking mechanism known in the Windows
+NT world as <em class="firstterm">opportunistic locking,
+</em><a name="INDEX-127"/>or<em class="firstterm">
+</em><em class="emphasis">oplock</em> for short.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-5.1"/>
+
+<h3 class="head2">Opportunistic Locking</h3>
+
+<p>Opportunistic locking allows a client to notify the Samba server that
+it will not only be the exclusive writer of a file, but will also
+cache its changes to that file locally to speed up access by reducing
+network activity. This can result in a large performance
+gain&mdash;typically 30%&mdash;while at the same time reserving
+network bandwidth for other purposes.</p>
+
+<p>Because exclusive access can be obtained using regular file locks,
+the value of opportunistic locks is not so much to lock the file as
+it is to cache it. In fact, a better name for opportunistic locking
+might be <em class="firstterm">opportunistic caching</em>.</p>
+
+<p>When Samba knows that a file in one of its shares has been oplocked
+by a client, it marks its version as having an opportunistic lock and
+waits for the client to complete work on the file, at which point it
+expects the client to send its changes back to the Samba server for
+synchronization with the copy on the server.</p>
+
+<p>If a second client requests access to that file before the first
+client has finished working on it, Samba sends an oplock break
+request to the first client. This tells the client to stop caching
+its changes and return the current state of the file to the server so
+that the interrupting client can use it as it sees fit. An
+opportunistic lock, however, is not a replacement for a standard
+deny-mode lock. It is not unheard of for the interrupting process to
+be granted an oplock break only to discover that the original process
+also has a deny-mode lock on a file as well. <a href="ch08.html#samba2-CHP-8-FIG-11">Figure 8-11</a> illustrates this <a name="INDEX-128"/>opportunistic locking process.</p>
+
+<div class="figure"><a name="samba2-CHP-8-FIG-11"/><img src="figs/sam2_0811.gif"/></div><h4 class="head4">Figure 8-11. Opportunistic locking</h4>
+
+<p>In most cases, the extra performance resulting from the use of
+oplocks is highly desirable. However, allowing the client to cache
+data can be a big risk if either the client or network hardware are
+unreliable. Suppose a client opens a file for writing, creating an
+oplock on it. When another client also tries to open the file, an
+oplock break request is sent to the first client. If this request
+goes unfulfilled for any reason and the second client starts writing
+to the file, the file can be easily corrupted as a result of the two
+processes writing to it concurrently. Unfortunately, this scenario is
+very real. Uncoordinated behavior such as this has been observed many
+times among Windows clients in SMB networks (with files served by
+Windows NT/2000 or Samba). Typically, the affected files are database
+files, which multiple clients open concurrently for writing.</p>
+
+<p>A more concrete example of <a name="INDEX-129"/>oplock failure occurs when database
+files are very large. If a client is allowed to oplock this kind of
+file, there can be a huge delay while the client copies the entire
+file from the server to cache it, even though it might need to update
+only one record. The situation goes from bad to worse when another
+client tries to open the oplocked file. The first client might need
+to write the entire file back to the server before the second
+client's file open request can succeed. This results
+in another huge delay (for both clients), which in practice often
+results in a failed open due to a timeout on the second client,
+perhaps along with a message warning of possible database corruption!</p>
+
+<p>If you are having problems of this variety, you can turn off oplocks
+for the affected files by using the
+<tt class="literal">veto</tt><a name="INDEX-130"/> <tt class="literal">oplock</tt>
+<tt class="literal">files</tt> parameter:</p>
+
+<blockquote><pre class="code">[dbdata]
+ veto oplock files = /*.dbm/</pre></blockquote>
+
+<p>Use the value of the parameter (a list of filename-matching patterns
+separated by slash characters) to match all the files in the share
+that might be a source of trouble. The syntax of this parameter is
+similar to that of the <tt class="literal">veto</tt>
+<tt class="literal">files</tt> parameter.</p>
+
+<p>If you want to be really careful and can live with reduced
+performance, you can turn off oplocks altogether, preventing the
+oplock break problem from ever occurring:</p>
+
+<blockquote><pre class="code">[global]
+ oplocks = no</pre></blockquote>
+
+<p>This disables oplocks for all files in all shares served by the Samba
+server. If you wish to disable oplocks in just a specific share, you
+can specify the <tt class="literal">oplocks</tt> <tt class="literal">=</tt>
+<tt class="literal">no</tt> parameter in just that share:</p>
+
+<blockquote><pre class="code">[database]
+ oplocks = no</pre></blockquote>
+
+<p>This example allows other shares, which might have less sensitive
+data, to attain better performance, while trading performance for
+better data integrity for files in the <tt class="literal">[database]</tt>
+share.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-5.2"/>
+
+<h3 class="head2">Unix and Oplocks</h3>
+
+<p><a name="INDEX-131"/>Most of the time, oplocks help Windows
+client systems cooperate to avoid overwriting each
+other's changes. Unix systems also have file-locking
+mechanisms to allow Unix processes to cooperate with each other. But
+if a file stored on a Samba system is accessed by both a Windows
+network client and a local Unix process&mdash;without an additional
+coordination between the two systems&mdash;the Unix process could
+easily ride roughshod over an oplock.</p>
+
+<p>Some Unix systems have enhanced kernels that understand the Windows
+oplocks maintained by Samba. Currently the support exists only in SGI
+Irix and Linux.</p>
+
+<p>If you leave oplocks enabled and your Unix system does not support
+kernel oplocks, you could end up with corrupted data when somebody
+runs a Unix process that reads or writes a file that Windows users
+also access. This is another case where the
+<tt class="literal">veto</tt><a name="INDEX-132"/> <tt class="literal">oplock</tt>
+<tt class="literal">files</tt> parameter can be used, assuming you can
+anticipate which Samba files are used by both Windows users and Unix
+users. For example, suppose the <tt class="literal">[usrfiles]</tt> share
+contains some ASCII text files with the <em class="filename">.txt</em>
+filename extension and OpenOffice word processor documents with the
+<em class="filename">.doc</em> filename extension, which Unix and Windows
+users both modify. We can use <tt class="literal">veto</tt>
+<tt class="literal">oplock</tt> <tt class="literal">files</tt> like this:</p>
+
+<blockquote><pre class="code">[usrfiles]
+ veto oplock files = /*.txt/*.doc/</pre></blockquote>
+
+<p>This will suppress the use of oplocks on <em class="filename">.txt</em>
+and <em class="filename">.doc</em> files, which will suppress client
+caching, while allowing the Windows and Unix programs to use regular
+file locking to prevent concurrent writes to the same file.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-5.3"/>
+
+<h3 class="head2">Locks and Oplocks Configuration Options</h3>
+
+<p><a name="INDEX-133"/><a name="INDEX-134"/>Samba's options for
+locks and oplocks are given in <a href="ch08.html#samba2-CHP-8-TABLE-6">Table 8-6</a>.</p>
+
+<a name="samba2-CHP-8-TABLE-6"/><h4 class="head4">Table 8-6. Locks and oplocks configuration options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">locking</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, turns on byte-range locks.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">strict</tt> <tt class="literal">locking</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, denies access to an entire file if a
+byte-range lock exists in it.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">posix locking</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, maps oplocks to POSIX locks on the local
+system.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">oplocks</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, turns on local caching of files on the
+client for this share.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">kernel</tt> <tt class="literal">oplocks</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, indicates that the kernel supports oplocks.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">level2 oplocks</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, allows oplocks to downgrade to read-only.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">fake oplocks</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, tells client the lock was obtained, but
+doesn't actually lock it.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">blocking</tt> <tt class="literal">locks</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Allows lock requestor to wait for the lock to be granted.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">veto oplock</tt> <tt class="literal">files</tt></p>
+</td>
+<td>
+<p>string (list of filenames)</p>
+</td>
+<td>
+<p>Does not oplock specified files.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lock</tt> <tt class="literal">directory</tt></p>
+</td>
+<td>
+<p>string (fully qualified pathname)</p>
+</td>
+<td>
+<p>Sets the location where various Samba files, including locks, are
+stored.</p>
+</td>
+<td>
+<p>As specified in Samba makefile</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-5.3.1"/>
+
+<h3 class="head3">locking</h3>
+
+<p>The <tt class="literal">locking</tt><a name="INDEX-135"/> option can be used to tell
+Samba to engage or disengage server-side byte-range locks on behalf
+of the client. Samba implements byte-range locks on the server side
+with normal Unix advisory locks and consequently prevents other
+properly behaved Unix processes from overwriting a locked byte range.</p>
+
+<p>This option can be specified per share as follows:</p>
+
+<blockquote><pre class="code">[accounting]
+ locking = yes</pre></blockquote>
+
+<p>If the <tt class="literal">locking</tt> option is set to
+<tt class="literal">yes</tt>, the requestor is delayed until the holder of
+either type of lock releases it (or crashes). If, however, the option
+is set to <tt class="literal">no</tt>, no byte-range locks are kept for the
+files, although requests to lock and unlock files will appear to
+succeed. The option is set to <tt class="literal">yes</tt> by default;
+however, you can turn this option off if you have read-only media.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-5.3.2"/>
+
+<a name="INDEX-136"/><h3 class="head3">strict locking</h3>
+
+<p>This option checks every file access for a byte-range lock on the
+range of bytes being accessed. This is typically not needed if a
+client adheres to all the locking mechanisms in place. This option is
+set to <tt class="literal">no</tt> by default; however, you can reset it
+per share as follows:</p>
+
+<blockquote><pre class="code">[accounting]
+ strict locking = yes</pre></blockquote>
+
+<p>If this option is set to <tt class="literal">yes</tt>, mandatory locks are
+enforced on any file with byte-range locks.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-5.3.3"/>
+
+<a name="INDEX-137"/><h3 class="head3">posix locking</h3>
+
+<p>On systems that support POSIX locking, Samba automatically maps
+oplocks to POSIX locks. This behavior can be disabled by setting
+<tt class="literal">posix</tt> <tt class="literal">locking</tt>
+<tt class="literal">=</tt> <tt class="literal">no</tt>. You should never need to
+change the default behavior, which is <tt class="literal">posix</tt>
+<tt class="literal">locking</tt> <tt class="literal">=</tt>
+<tt class="literal">yes</tt>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-5.3.4"/>
+
+<a name="INDEX-138"/><h3 class="head3">oplocks</h3>
+
+<p>This option enables or disables support for oplocks on the client.
+The option is enabled by default. However, you can disable it with
+the following command:</p>
+
+<blockquote><pre class="code">[data]
+ oplocks = no</pre></blockquote>
+
+<p>If you are in an extremely unstable network environment or have many
+clients that cannot take advantage of opportunistic locking, it might
+be better to shut this Samba feature off. If the host operating
+system does not support kernel oplocks, oplocks should be disabled if
+users are accessing the same files from both Unix applications (such
+as <em class="emphasis">vi</em>) and SMB clients.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-5.3.5"/>
+
+<a name="INDEX-139"/><h3 class="head3">kernel oplocks</h3>
+
+<p>If a Unix application on the Samba host system (that is not part of
+the Samba suite) tries to open a file for writing that Samba has
+oplocked to a Windows client, it is likely to succeed (depending on
+the operating system), and both Samba and the client are never aware
+of it.</p>
+
+<p>Some versions of Unix have support for oplocks in the kernel that can
+work along with Samba's oplocks. In this case, the
+Unix process trying to open the file is suspended while Samba directs
+the client to write its copy back. After that has happened, the
+operating system allows the open to complete. At the time of this
+writing, this feature is supported only by SGI Irix and Linux.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-5.3.6"/>
+
+<a name="INDEX-140"/><h3 class="head3">level2 oplocks</h3>
+
+<p>Windows NT/2000/XP clients can downgrade their read-write oplocks to
+read-only oplocks when another client opens the same file. This can
+result in significant improvements in performance on files that are
+written infrequently or not at all&mdash;especially
+executables&mdash;because all clients can then maintain a read-ahead
+cache for the file. By default, <tt class="literal">level2</tt>
+<tt class="literal">oplocks</tt> is set to <tt class="literal">yes</tt>, and you
+probably won't need to change it.</p>
+
+<p>Currently, Samba cannot support level 2 oplocks along with kernel
+oplocks and automatically disables level 2 oplocks when kernel
+oplocks are in use. (This might change in future releases as improved
+support for oplocks is added by the Samba developers.) If you are
+running Samba on a host system that supports kernel oplocks, you must
+set <tt class="literal">kernel</tt> <tt class="literal">oplocks</tt>
+<tt class="literal">=</tt> <tt class="literal">no</tt> to enable support for
+level 2 oplocks.</p>
+
+<p>Disabling oplocks with <tt class="literal">oplocks</tt>
+<tt class="literal">=</tt> <tt class="literal">no</tt> also disables level 2
+oplocks.</p>
+
+<p>Samba can automatically detect its Unix host's
+support of kernel oplocks and will set the value of
+<tt class="literal">kernel</tt> <tt class="literal">oplocks</tt> automatically.
+You should never need to set this option in your Samba configuration
+file.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-5.3.7"/>
+
+<a name="INDEX-141"/><h3 class="head3">fake oplocks</h3>
+
+<p>When this option is set to <tt class="literal">yes</tt>, Samba pretends to
+allow oplocks rather than actually supporting them. If this option is
+enabled on a read-only share (such as a shared CD-ROM drive), all
+clients are told that the files are available for opportunistic
+locking and never warned of simultaneous access. As a result, Windows
+clients cache more of the file's data and obtain
+much better performance.</p>
+
+<p>This option was added to Samba before opportunistic-locking support
+was available, and it is now generally considered better to use real
+oplocks. Do not ever enable <tt class="literal">fake</tt>
+<tt class="literal">oplocks</tt> on a read/write share.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-5.3.8"/>
+
+<h3 class="head3">blocking locks</h3>
+
+<p>Samba also supports <em class="firstterm">blocking locks</em>, a minor
+variant of range locks. Here, if the range of bytes is not available,
+the client specifies an amount of time that it's
+willing to wait. The server then caches the lock request,
+periodically checking to see if the file is available. If it is, it
+notifies the client; however, if time expires, Samba will tell the
+client that the request has failed. This strategy prevents the client
+from continually polling to see if the lock is available.</p>
+
+<p>You can disable this option per share as follows:</p>
+
+<blockquote><pre class="code">[accounting]
+ blocking locks = no</pre></blockquote>
+
+<p>When set to <tt class="literal">yes</tt>, blocking locks are enforced on
+the file. If this option is set to <tt class="literal">no</tt>, Samba
+behaves as if normal locking mechanisms are in place on the file. The
+default is <tt class="literal">yes</tt>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-5.3.9"/>
+
+<a name="INDEX-142"/><h3 class="head3">veto oplock files</h3>
+
+<p>You can provide a list of filenames that are never granted
+opportunistic locks with the <tt class="literal">veto</tt>
+<tt class="literal">oplock</tt> <tt class="literal">files</tt> option. This
+option can be set either globally or on a per-share basis. For
+example:</p>
+
+<blockquote><pre class="code">veto oplock files = /*.bat/*.htm/</pre></blockquote>
+
+<p>The value of this option is a series of patterns. Each pattern entry
+must begin, end, or be separated from another with a slash ( / )
+character, even if only one pattern is listed. Asterisks can be used
+as a wildcard to represent zero or more characters. Questions marks
+can be used to represent exactly one character.</p>
+
+<p>We recommend that you disable oplocks on any files that are meant to
+be updated by Unix or are intended for simultaneous sharing by
+several processes.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-5.3.10"/>
+
+<a name="INDEX-143"/><h3 class="head3">lock directory</h3>
+
+<p>This option (sometimes called <tt class="literal">lock</tt>
+<tt class="literal">dir</tt>) specifies the location of a directory where
+Samba will store SMB deny-mode lock files. Samba stores other files
+in this directory as well, such as browse lists and its shared memory
+file. If WINS is enabled, the WINS database is written to this
+directory as well. The default for this option is specified in the
+Samba makefile; it is typically
+<em class="filename">/usr/local/samba/var/locks</em>. You can override
+this location as follows:</p>
+
+<blockquote><pre class="code">[global]
+ lock directory = /usr/local/samba/locks</pre></blockquote>
+
+<p>You typically would not need to override this option, unless you want
+to move the lock files to a more standard location, such as
+<em class="filename">/var/spool/locks</em>. <a name="INDEX-144"/> <a name="INDEX-145"/><a name="INDEX-146"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-8-SECT-6"/>
+
+<h2 class="head1">Connection Scripts</h2>
+
+<p><a name="INDEX-147"/><a name="INDEX-148"/><a name="INDEX-149"/>Samba supports a mechanism called
+<em class="firstterm">connection scripts</em>, by which commands can be
+executed on the server as clients connect to a share or later
+disconnect from it. By using configuration file variables along with
+some custom programming, you can create connection scripts that
+perform a wide range of functions. As a simple example, here is a
+&quot;quick and dirty&quot; way to monitor
+connections to shares on the Samba server in real time. First, the
+value of the <tt class="literal">preexec</tt><a name="INDEX-150"/> parameter is set as
+follows:</p>
+
+<blockquote><pre class="code">[global]
+ preexec = /bin/echo %u at %m connected to //%L/%S on %T &gt;&gt;/tmp/smblog</pre></blockquote>
+
+<p>This causes information about the user and the connection to be
+written to the file <em class="filename">/tmp/smblog</em> whenever any
+client connects to any share. To watch clients connect, run the
+following command:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>tail -f /tmp/smblog</b></tt>
+jay at maya connected to //toltec/data on 2002/11/21 21:21:15
+david at apache connected to //toltec/techs on 2002/11/21 21:21:57
+sally at seminole connected to //toltec/payroll on 2002/11/21 21:22:16
+martha at dine connected to //toltec/profiles on 2002/11/21 21:23:38
+martha at dine connected to //toltec/netlogon on 2002/11/21 21:23:39
+martha at dine connected to //toltec/martha on 2002/11/21 21:23:40
+aaron at huastec connected to //toltec/netlogon on 2002/11/21 21:24:19
+aaron at huastec connected to //toltec/aaron on 2002/11/21 21:24:20</pre></blockquote>
+
+<p>With the <em class="emphasis">-f</em> option, the
+<em class="emphasis">tail</em> command monitors
+<em class="filename">/tmp/smblog</em> and prints additional output as new
+data is appended to the file. Every time a new connection is made, an
+additional line is printed, showing the output of the
+<tt class="literal">preexec</tt> command. Notice the lines resulting from
+connections by user <tt class="literal">martha</tt> and
+<tt class="literal">aaron</tt>. User <tt class="literal">martha</tt> logged on to
+the domain from a Windows NT client, which accessed the
+<tt class="literal">[profiles]</tt> share to download her profile, then the
+<tt class="literal">[netlogon]</tt> share to read the logon script, and
+then her home directory (because her logon script contains a
+<tt class="literal">net</tt> <tt class="literal">use</tt> <tt class="literal">H</tt>:
+<tt class="literal">/home</tt> command) to connect her home directory to
+drive letter H. The connections from <tt class="literal">aaron</tt> are
+similar, except that he connected from a Windows 98 system, which
+does not use the <tt class="literal">[profiles]</tt> share. (See <a href="ch04.html">Chapter 4</a> for more information about domain logons.)</p>
+
+<p>A more advanced use of
+<a name="INDEX-151"/><a name="INDEX-152"/>connection scripts is to monitor the
+contents of users' home directories and/or other
+shared directories and perform checks ensuring that local
+administrative policies are followed. Checked items might include the
+following:</p>
+
+<ul><li>
+<p>Disk usage, on a per-share, per-directory, or per-file basis</p>
+</li><li>
+<p>Types of files stored on the server</p>
+</li><li>
+<p>Whether filenames follow naming guidelines</p>
+</li><li>
+<p>Whether viruses have copied themselves to the Samba server</p>
+</li></ul>
+<p>To handle this kind of task, a shell script or other program would be
+written to perform the checks and take appropriate actions, such as
+removing offending files. The <tt class="literal">root</tt>
+<tt class="literal">preexec</tt> parameter would be used to run the command
+as the root user, using configuration file variables to pass
+arguments. For example:</p>
+
+<blockquote><pre class="code">[homes]
+ root preexec = admin_checks %S
+ root preexec close = yes</pre></blockquote>
+
+<p>In this example, a specially written administrative checking program
+(<em class="emphasis">admin_checks</em>) is used to monitor
+users' home directories on the Samba server. The
+<tt class="literal">%S</tt> variable is used to pass the name of the home
+directory to the script. The
+<tt class="literal">root</tt><a name="INDEX-153"/> <tt class="literal">preexec</tt>
+<tt class="literal">close</tt> parameter has been set to
+<tt class="literal">yes</tt> so that if <em class="emphasis">admin_checks</em>
+detects a serious violation of local policy, it can exit with a
+nonzero status, and the client is prevented from connecting.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-6.1"/>
+
+<h3 class="head2">Connection Script Options</h3>
+
+<p><a href="ch08.html#samba2-CHP-8-TABLE-7">Table 8-7</a> introduces some of the configuration
+options provided for setting up users.</p>
+
+<a name="samba2-CHP-8-TABLE-7"/><h4 class="head4">Table 8-7. Connection script options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">root preexec</tt></p>
+</td>
+<td>
+<p>string (Unix command)</p>
+</td>
+<td>
+<p>Sets a Unix command to run as <tt class="literal">root</tt>, before
+connecting to the share.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">root preexec close</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If set to <tt class="literal">yes</tt>, nonzero exit status of
+<tt class="literal">root preexec</tt> command will disconnect.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">preexec</tt> <tt class="literal">(exec)</tt></p>
+</td>
+<td>
+<p>string (Unix command)</p>
+</td>
+<td>
+<p>Sets a Unix command to run as the user before connecting to the share.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">preexec close</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If set to <tt class="literal">yes</tt>, nonzero exit status of
+<tt class="literal">preexec</tt> command will disconnect.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">postexec</tt></p>
+</td>
+<td>
+<p>string (Unix command)</p>
+</td>
+<td>
+<p>Sets a Unix command to run as the user after disconnecting from the
+share.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">root</tt> <tt class="literal">postexec</tt></p>
+</td>
+<td>
+<p>string (Unix command)</p>
+</td>
+<td>
+<p>Sets a Unix command to run as <tt class="literal">root</tt> after
+disconnecting from the share.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-6.1.1"/>
+
+<a name="INDEX-156"/><h3 class="head3">root preexec</h3>
+
+<p>This option specifies as its value a Unix command to be run
+<em class="emphasis">as the root user</em> before any connection to a
+share is completed. You should use this option specifically for
+performing actions that require root privilege.</p>
+
+<p>To ensure security, users should never be able to modify the target
+of the <tt class="literal">root</tt> <tt class="literal">preexec</tt> command. In
+addition, unless you explicitly redirect it, any information the
+command sends to standard output will be discarded. If you intend to
+use any <tt class="literal">preexec</tt> or <tt class="literal">postexec</tt>
+script, you should ensure that it will run correctly before having
+Samba invoke it.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-6.1.2"/>
+
+<a name="INDEX-157"/><h3 class="head3">root preexec close</h3>
+
+<p>Sometimes you might want the share to disconnect if the
+<tt class="literal">root</tt> <tt class="literal">preexec</tt> script fails,
+giving the client an error rather than allowing it to connect. For
+example, if you are using <tt class="literal">root</tt>
+<tt class="literal">preexec</tt> to mount a CD-ROM or filesystem, it would
+make no sense to connect the client to it in the event that the mount
+fails. If you specify <tt class="literal">root</tt>
+<tt class="literal">preexec</tt> <tt class="literal">close</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt>, the share will fail to
+connect if the <tt class="literal">root</tt> <tt class="literal">preexec</tt>
+script returns a nonzero exit status.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-6.1.3"/>
+
+<a name="INDEX-158"/><h3 class="head3">preexec</h3>
+
+<p>Sometimes just called <tt class="literal">exec</tt>, this option defines an
+ordinary unprivileged command run by Samba as the user specified by
+the variable <tt class="literal">%u</tt>. For example, a common use of this
+option is to perform logging, such as the following:</p>
+
+<blockquote><pre class="code">[homes]
+ preexec = echo &quot;%u connected from %m (%I)\&quot; &gt;&gt;/tmp/.log</pre></blockquote>
+
+<p>You must redirect the standard output of the command if you want to
+use it. Otherwise, it is discarded. This warning also applies to the
+command's standard error output. If you intend to
+use a <tt class="literal">preexec</tt> script, you should ensure that it
+will run correctly before having Samba invoke it.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-6.1.4"/>
+
+<a name="INDEX-159"/><h3 class="head3">preexec close</h3>
+
+<p>This is similar to <tt class="literal">root</tt> <tt class="literal">preexec</tt>
+<tt class="literal">close</tt>, except that it goes with the
+<tt class="literal">preexec</tt> option. By setting
+<tt class="literal">preexec</tt> <tt class="literal">close</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt>, a
+<tt class="literal">preexec</tt> script that returns nonzero will cause the
+share to disconnect immediately.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-6.1.5"/>
+
+<a name="INDEX-160"/><h3 class="head3">postexec</h3>
+
+<p>Once the user disconnects from the share, the command specified with
+<tt class="literal">postexec</tt> is run as the user on the Samba server to
+do any necessary cleanup. This option is essentially the same as the
+<tt class="literal">preexec</tt> option. Again, remember that the command
+is run as the user represented by <tt class="literal">%u</tt>, and any
+information sent to standard output will be ignored.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-6.1.6"/>
+
+<a name="INDEX-161"/><h3 class="head3">root postexec</h3>
+
+<p>Following the <tt class="literal">postexec</tt> option, the
+<tt class="literal">root</tt> <tt class="literal">postexec</tt> command is run,
+if one has been specified. Again, this option specifies as its value
+a Unix command to be run <em class="emphasis">as the root user</em> before
+disconnecting from a share. You should use this option specifically
+for performing actions that require root privilege. <a name="INDEX-162"/> <a name="INDEX-163"/><a name="INDEX-164"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-8-SECT-7"/>
+
+<h2 class="head1">Microsoft Distributed Filesystems</h2>
+
+<p><a name="INDEX-165"/>In a
+large network where many shared folders are spread out over a large
+number of servers, it can be difficult for users to locate the
+resources they are trying to find. Browsing through Network
+Neighborhood or My Network Places can become an ordeal rather than a
+time-saving convenience. To mitigate this problem, Microsoft added an
+extension to file sharing called <em class="firstterm">Distributed
+filesystem</em><a name="INDEX-166"/><a name="INDEX-167"/> (Dfs). Using Dfs, it
+is possible to organize file shares on the network so that they
+appear to users as organized in a single directory tree on a single
+server, regardless of which servers on the network actually contain
+the resources. Instead of having to browse the entire network, users
+can go to the Dfs share and locate their data much more easily.</p>
+
+<p>Dfs can also help administrators because it provides a level of
+indirection between the name of a shared folder and its actual
+location. The Dfs share contains references to resources on the
+network, and when a resource is accessed, the Dfs server hands the
+client off to the actual server of the resource. When moving
+resources to another computer, the reference to the resource in the
+Dfs share can be redirected to the new location in one step, with the
+change being entirely seamless for users.</p>
+
+<p>To a limited extent, Dfs also can help improve performance for
+read-only shares because it provides <a name="INDEX-168"/>load balancing. It is possible
+to set up a Dfs reference to point to identical shares on two or more
+servers. The Dfs server then divides requests between the servers,
+dividing the client load among them. However, this works well only
+for static, read-only data because no provision is included in Dfs
+for synchronization among the servers when changes are made on any of
+them.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-7.1"/>
+
+<h3 class="head2">Windows Dfs Clients</h3>
+
+<p><a name="INDEX-169"/>Modern versions of Windows come with
+client-side support for Dfs, and no extra configuration is required.
+Support is more limited for older versions, however. Windows for
+Workgroups cannot function as a Dfs client at all. Windows NT 4.0
+must be upgraded to at least Service Pack 3 to act as a Dfs client,
+and the Dfs Client must be installed. Later service packs (such as
+Service Pack 6) include the Dfs Client. Windows 95 must also have the
+Dfs Client software installed to act as a Dfs client. Without the Dfs
+Client software, double-clicking a remote folder in a Dfs share will
+show an empty folder, and no error message will appear.</p>
+
+<a name="samba2-CHP-8-NOTE-140"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>To use the Dfs Client for Windows 95 or Windows NT, you must first
+download and install it. See the web page <a href="http://microsoft.com/ntserver/nts/downloads/winfeatures/NTSDistrFile/default.asp">http://microsoft.com/ntserver/nts/downloads/winfeatures/NTSDistrFile/default.asp</a>
+for a link to download the installation program and instructions on
+how to install the Dfs Client.</p>
+</blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-7.2"/>
+
+<h3 class="head2">Configuring Samba for Dfs</h3>
+
+<p><a name="INDEX-170"/>To act as a Dfs server, Samba 2.2 must
+be compiled with the <tt class="literal">--with-msdfs</tt> configure
+option. (See <a href="ch02.html">Chapter 2</a> for instructions on
+configuring and compiling Samba.) Samba 3.0 includes Dfs support by
+default and does not need to be compiled with the
+<tt class="literal">--with-msdfs</tt> configure option.</p>
+
+<p>Once a Dfs-enabled Samba server is running, there are just two steps
+to serving a Dfs share. First we will set up a Dfs root directory on
+the server, and then we will modify the <em class="filename">smb.conf</em>
+configuration file to enable the share.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-7.2.1"/>
+
+<h3 class="head3">Setting up the Dfs root</h3>
+
+<p>First we need to create a directory to act as the Dfs root:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /usr/local/samba/dfs</b></tt></pre></blockquote>
+
+<p>This can be any directory, but it is important that it be owned by
+root and given the proper permissions:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>chown root:root /usr/local/samba/dfs</b></tt>
+# <tt class="userinput"><b>chmod 755 /usr/local/samba/dfs</b></tt></pre></blockquote>
+
+<p>The Dfs directory tree can have subdirectories and files, just like
+any other shared directory. These will function just as they would in
+any other share, allowing clients to access the directories and files
+on the Samba server. The whole idea of Dfs, though, is to gather
+together shares on other servers by making references to them in the
+Dfs tree. The way this is implemented with Samba involves a clever
+use of symbolic links, which can be in the Dfs root directory or any
+subdirectory in the Dfs tree.</p>
+
+<p>You are probably familiar with using symbolic links to create
+references to files that exist on the same system, and perhaps
+crossing a local filesystem boundary (which ordinary Unix links
+cannot do). But maybe you didn't know that symbolic
+links have a more general functionality. Although we
+can't display its contents directly, as we could
+with a text or binary file, a symbolic link
+&quot;contains&quot; an ASCII text string
+naming what the link points to. For example, take a look at the
+listing for these symbolic links:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ls -l wrdlnk alnk</b></tt>
+lrwxrwxrwx 1 jay jay 15 Mar 14 06:50 wrdlnk -&gt; /usr/dict/words
+lrwxrwxrwx 1 jay jay 9 Mar 14 06:53 alnk -&gt; dreamtime</pre></blockquote>
+
+<p>As you can infer from the size of the <em class="filename">wrdlnk</em>
+link (15 bytes), the string <tt class="literal">/usr/dict/words</tt> is
+encoded into it. The size of <em class="filename">alnk</em> (9 bytes) is
+smaller, corresponding to the shorter name of
+<em class="filename">dreamtime</em>.</p>
+
+<p>Now let's create a link in our Dfs root for an SMB
+share:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>cd /usr/local/samba/dfs</b></tt>
+# <tt class="userinput"><b>ln -s 'msdfs:maya\e' maya-e</b></tt>
+# <tt class="userinput"><b>ls -l maya-e</b></tt>
+lrwxrwxrwx 1 root root 12 Mar 13 17:34 maya-e -&gt; msdfs:maya\e</pre></blockquote>
+
+<p>This link might appear as a
+&quot;broken&quot; link in a directory
+listing because it points to something that isn't a
+file on the local system. For example, the <em class="emphasis">file</em>
+command will report:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>file maya-e</b></tt>
+maya-e: broken symbolic link to msdfs:maya\e</pre></blockquote>
+
+<p>However, <em class="filename">maya-e</em> is a valid reference to the
+<em class="filename">\\maya\e</em> share when used with
+Samba's Dfs support. When Samba encounters this
+file, it sees the leading <tt class="literal">msdfs</tt>: and interprets
+the rest as the name of a remote share. The client is then redirected
+to the remote share.</p>
+
+<p>When creating links in the Dfs root directory, simply follow the same
+format, which in general is
+<tt class="literal">msdfs</tt>:<em class="replaceable">server</em>\<em class="replaceable">share</em>.
+Note that this is similar to a UNC appended onto the
+<tt class="literal">msdfs</tt>: string, except that in this case, the two
+backslashes preceding the server's name are omitted.</p>
+
+<a name="samba2-CHP-8-NOTE-141"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>The names for the symbolic links in Dfs shares must be in all
+lowercase.</p>
+</blockquote>
+
+<p>In addition to regular network shares, you can use symbolic links of
+this type to reference Dfs shares on other Dfs servers. However,
+referencing printer shares does not work. Dfs is for sharing files
+only. <a name="INDEX-171"/></p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-7.2.2"/>
+
+<h3 class="head3">Load balancing</h3>
+
+<p><a name="INDEX-172"/>To
+set up a load-balancing Dfs share, create the symbolic link like
+this:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>ln -s 'msdfs:toltec\data,msdfs:mixtec\data' lb-data</b></tt></pre></blockquote>
+
+<p>That is, simply use a list of shares separated by commas as the
+reference. Remember, it is up to you to make sure the shared folders
+remain identical. Set up permissions on the servers to make the
+shares read-only to users.</p>
+
+<p>The last thing we need to do is to modify the
+<em class="filename">smb.conf</em> file to define the Dfs root share and
+add Dfs support. The Dfs root is added as a share definition:</p>
+
+<a name="INDEX-173"/><blockquote><pre class="code">[dfs]
+ path = /usr/local/samba/dfs
+ msdfs root = yes</pre></blockquote>
+
+<p>You can use any name you like for the share. The path is set to the
+Dfs root directory we just set up, and the parameter
+<tt class="literal">msdfs</tt> <tt class="literal">root</tt> <tt class="literal">=</tt>
+<tt class="literal">yes</tt> tells Samba that this share is a Dfs root.</p>
+
+<p>To enable support for Dfs in the server, we need to add one line to
+the <tt class="literal">[global]</tt> section:</p>
+
+<a name="INDEX-174"/><blockquote><pre class="code">[global]
+ host msdfs = yes</pre></blockquote>
+
+<p>Restart the Samba daemons&mdash;or just wait a minute for them to
+reread the configuration file&mdash;and you will see the new share
+from Windows clients. If you have trouble accessing any of the remote
+shares in the Dfs share, recheck your symbolic links to make sure
+they were created correctly. <a name="INDEX-175"/></p>
+
+<a name="samba2-CHP-8-NOTE-142"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>If you previously had a share by the same name as your Dfs share, you
+might need to reboot Windows clients before they can access the share
+as a Dfs share.</p>
+</blockquote>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-8-SECT-8"/>
+
+<h2 class="head1">Working with NIS</h2>
+
+<p>In networks where NIS and NFS are in use, it is common for
+users' home directories to be mounted over the
+network by NFS. If a Samba server being used to authenticate user
+logons is running on a system with NFS-mounted home directories
+shared with a <tt class="literal">[homes]</tt> share, the additional
+overhead can result in poor performance&mdash;about 30% of normal
+Samba speed.</p>
+
+<p>Samba has the ability to work with <a name="INDEX-176"/>NIS and NIS+ to find the
+server on which the home directories actually reside so that they can
+be shared directly from that server. For this to work, the server
+that holds the home directories must also have Samba running, with a
+<tt class="literal">[homes]</tt> share of its own.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-8-SECT-8.1"/>
+
+<h3 class="head2">NIS Configuration Options</h3>
+
+<p><a href="ch08.html#samba2-CHP-8-TABLE-8">Table 8-8</a> introduces the
+<a name="INDEX-177"/><a name="INDEX-178"/>NIS configuration options specifically
+for setting up users.</p>
+
+<a name="samba2-CHP-8-TABLE-8"/><h4 class="head4">Table 8-8. NIS options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">nis homedir</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, uses NIS instead of
+<em class="filename">/etc/passwd</em> to look up the path of a
+user's home directory.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">homedir map</tt></p>
+</td>
+<td>
+<p>string (NIS map name)</p>
+</td>
+<td>
+<p>Sets the NIS map to use to look up a user's home
+directory.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-8-SECT-8.1.1"/>
+
+<h3 class="head3">nis homedir, homedir map</h3>
+
+<p>The <tt class="literal">nis</tt><a name="INDEX-179"/> <tt class="literal">homedir</tt> and
+<tt class="literal">homedir</tt><a name="INDEX-180"/> <tt class="literal">map</tt> options
+are for Samba servers on network sites where Unix home directories
+are provided using NFS, the automounter, and NIS.</p>
+
+<p>The <tt class="literal">nis</tt> <tt class="literal">homedir</tt> option
+indicates that the home-directory server for the user needs to be
+looked up in NIS. The <tt class="literal">homedir</tt>
+<tt class="literal">map</tt> option tells Samba in which NIS map to look
+for the server that has the user's home directory.
+The server needs to be a Samba server so that the client can do an
+SMB connect to it, and the other Samba servers need to have NIS
+installed so that they can do the lookup.</p>
+
+<p>For example, if user <tt class="literal">joe</tt> asks for a share called
+<tt class="literal">[joe]</tt>, and the <tt class="literal">nis</tt>
+<tt class="literal">homedir</tt> option is set to <tt class="literal">yes</tt>,
+Samba will look in the file specified by <tt class="literal">homedir</tt>
+<tt class="literal">map</tt> for a home directory for
+<tt class="literal">joe</tt>. If it finds one, Samba will return the
+associated system name to the client. The client will then try to
+connect to that machine and get the share from there. Enabling NIS
+lookups looks like the following:</p>
+
+<blockquote><pre class="code">[globals]
+ nis homedir = yes
+ homedir map = amd.map</pre></blockquote>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> The system checkbox will
+probably be grayed for your file. Don't worry about
+that&mdash;you should still be able to see when the box is checked
+and when it isn't.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html>
diff --git a/docs/htmldocs/using_samba/ch09.html b/docs/htmldocs/using_samba/ch09.html
new file mode 100644
index 00000000000..8c1d38cf0bd
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch09.html
@@ -0,0 +1,3448 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 9. Users and Security</h1>
+
+
+
+<p><a name="INDEX-1"/>In this chapter, we
+cover the basic concepts of managing security in Samba so that you
+can set up your Samba server with a security policy suited to your
+network.</p>
+
+<p>One of Samba's most complicated tasks lies in
+reconciling the security models of Unix and Windows systems. Samba
+must identify users by associating them with valid usernames and
+groups, authenticate them by checking their passwords, then control
+their access to resources by comparing their access rights to the
+permissions on files and directories. These are complex topics on
+their own, and it doesn't help that there are three
+different operating system types to deal with (Unix, Windows
+95/98/Me, and Windows NT/2000/XP) and that Samba supports multiple
+methods of handling user authentication.</p>
+
+
+
+<div class="sect1"><a name="samba2-CHP-9-SECT-1"/>
+
+<h2 class="head1">Users and Groups</h2>
+
+<p><a name="INDEX-2"/>Let's start
+out as simply as possible and add support for a single user. The
+easiest way to set up a client user is to create a Unix account (and
+home directory) for that individual on the server and notify Samba of
+the user's existence. You can do the latter by
+creating a disk share that maps to the user's home
+directory in the Samba configuration file and restricting access to
+that user with the <tt class="literal">valid</tt><a name="INDEX-3"/>
+<tt class="literal">users</tt> option. For example:</p>
+
+<blockquote><pre class="code">[dave]
+ path = /home/dave
+ comment = Dave's home directory
+ writable = yes
+ valid users = dave</pre></blockquote>
+
+<p>The <tt class="literal">valid</tt> <tt class="literal">users</tt> option lists
+the users allowed to access the share. In this case, only the user
+<tt class="literal">dave</tt> is allowed to access the share. In some
+situations it is possible to specify that any user can access a disk
+share by using the <tt class="literal">guest</tt> <tt class="literal">ok</tt>
+parameter. Because we don't wish to allow guest
+access, that option is absent here. If you allow both authenticated
+users and guest users access to the same share, you can make some
+files accessible to guest users by assigning world-readable
+permissions to those files while restricting access to other files to
+particular users or groups.</p>
+
+<p>When client users access a Samba share, they have to pass two levels
+of restriction. Unix permissions on files and directories apply as
+usual, and configuration parameters specified in the Samba
+configuration file apply as well. In other words, a client must first
+pass Samba's security mechanisms (e.g.,
+authenticating with a valid username and password, passing the check
+for the <tt class="literal">valid</tt> <tt class="literal">users</tt> parameter
+and the <tt class="literal">read</tt> <tt class="literal">only</tt> parameter,
+etc.), as well as the normal Unix file and directory permissions of
+its Unix-side user, before it can gain read/write access to a share.</p>
+
+<p>Remember that you can abbreviate the user's home
+directory by using the <tt class="literal">%H</tt><a name="INDEX-4"/> variable. In addition, you can use the
+Unix username variable <tt class="literal">%u</tt><a name="INDEX-5"/> and/or the client username variable
+<tt class="literal">%U</tt><a name="INDEX-6"/> in your options as well. For
+example :</p>
+
+<blockquote><pre class="code">[dave]
+ comment = %U home directory
+ writable = yes
+ valid users = dave
+ path = %H</pre></blockquote>
+
+<p>With a single user accessing a home directory, access permissions are
+taken care of when the user account is created. The home directory is
+owned by the user, and permissions on it are set appropriately.
+However, if you're creating a shared directory for
+group access, you need to perform a few more steps.
+Let's take a stab at a
+<a name="INDEX-7"/>group share for the
+accounting department in the <em class="emphasis">smb.conf</em> file:</p>
+
+<blockquote><pre class="code">[accounting]
+ comment = Accounting Department Directory
+ writable = yes
+ valid users = @account
+ path = /home/samba/accounting
+ create mode = 0660
+ directory mode = 0770</pre></blockquote>
+
+<p>The first thing we did differently is to specify
+<tt class="literal">@account</tt> as the valid user instead of one or more
+individual usernames. This is shorthand for saying that the valid
+users are represented by the Unix group <tt class="literal">account</tt>.
+These users will need to be added to the group entry
+<tt class="literal">account</tt> in the
+<a name="INDEX-8"/><a name="INDEX-9"/>system group file (
+<em class="filename">/etc/group</em><a name="INDEX-10"/>
+or equivalent) to be recognized as part of the group. Once they are,
+Samba will recognize those users as valid users for the share.</p>
+
+<p>In addition, you need to create a shared directory that the members
+of the group can access and point to it with the
+<tt class="literal">path</tt> configuration option. Here are the Unix
+commands that create the shared directory for the accounting
+department (assuming <em class="emphasis">/home/samba</em> already
+exists):</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /home/samba/accounting</b></tt>
+# <tt class="userinput"><b>chgrp account /home/samba/accounting</b></tt>
+# <tt class="userinput"><b>chmod 770 /home/samba/accounting</b></tt></pre></blockquote>
+
+<p>There are two other options in this <em class="filename">smb.conf</em>
+example, both of which we saw in the previous chapter. These options
+are <tt class="literal">create</tt><a name="INDEX-11"/> <tt class="literal">mode</tt> and
+<tt class="literal">directory</tt><a name="INDEX-12"/> <tt class="literal">mode</tt>. These
+options set the maximum file and directory permissions that a new
+file or directory can have. In this case, we have denied all world
+access to the contents of this share. (This is reinforced by the
+<em class="emphasis">chmod</em> command, shown earlier.)<a name="INDEX-13"/></p>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-1.1"/>
+
+<h3 class="head2">Handling Multiple Individual Users</h3>
+
+<p><a name="INDEX-14"/>Let's return
+to user shares for a moment. If we have several users for whom to set
+up home directory shares, we probably want to use the special
+<tt class="literal">[homes]</tt> share that we introduced in <a href="ch08.html">Chapter 8</a>. With the
+<tt class="literal">[homes]</tt><a name="INDEX-15"/> share, all we need to say is:</p>
+
+<blockquote><pre class="code">[homes]
+ browsable = no
+ writable = yes</pre></blockquote>
+
+<p>The <tt class="literal">[homes]</tt> share is a special section of the
+Samba configuration file. If a user attempts to connect to an
+ordinary share that doesn't appear in the
+<em class="filename">smb.conf</em> file (such as specifying it with a UNC
+in Windows Explorer), Samba will search for a
+<tt class="literal">[homes]</tt> share. If one exists, the incoming share
+name is assumed to be a username and is queried as such in the
+password database ( <em class="filename">/etc/passwd</em> or equivalent)
+file of the Samba server. If it appears, Samba assumes the client is
+a Unix user trying to connect to his home directory.</p>
+
+<p>As an illustration, let's assume that
+<tt class="literal">sofia</tt> is attempting to connect to a share called
+<tt class="literal">[sofia]</tt> on the Samba server. There is no share by
+that name in the configuration file, but a <tt class="literal">[homes]</tt>
+share exists and user <tt class="literal">sofia</tt> is present in the
+password database, so Samba takes the following steps:</p>
+
+<ol><li>
+<p>Samba creates a new disk share called <tt class="literal">[sofia]</tt> with
+the <tt class="literal">path</tt> specified in the
+<tt class="literal">[homes]</tt> section. If no <tt class="literal">path</tt>
+option is specified in <tt class="literal">[homes]</tt>, Samba initializes
+it to her home directory.</p>
+</li><li>
+<p>Samba initializes the new share's options from the
+defaults in <tt class="literal">[globals]</tt>, as well as any overriding
+options in <tt class="literal">[homes]</tt> with the exception of
+<tt class="literal">browsable</tt>.</p>
+</li><li>
+<p>Samba connects <tt class="literal">sofia</tt>'s client to
+that share.</p>
+</li></ol>
+<p>The <tt class="literal">[homes]</tt> share is a fast, painless way to
+create shares for your user community without having to duplicate the
+information from the password database file in the
+<em class="filename">smb.conf</em> file. It does have some
+<a name="INDEX-16"/>peculiarities, however, that we need to
+point out:</p>
+
+<ul><li>
+<p>The <tt class="literal">[homes]</tt> section can represent any account on
+the machine, which isn't always desirable. For
+example, it can potentially create a share for
+<tt class="literal">root</tt>, <tt class="literal">bin</tt>,
+<tt class="literal">sys</tt>, <tt class="literal">uucp</tt>, and the like. You
+can set a global
+<tt class="literal">invalid</tt><a name="INDEX-17"/> <tt class="literal">users</tt> option
+to protect against this.</p>
+</li><li>
+<p>The meaning of the
+<tt class="literal">browsable</tt><a name="INDEX-18"/> configuration option is
+different from other shares; it indicates only that a
+<tt class="literal">[homes]</tt> section won't show up in
+the local browse list, not that the <tt class="literal">[alice]</tt> share
+won't. When the <tt class="literal">[alice]</tt> section
+is created (after the initial connection), it will use the
+<tt class="literal">browsable</tt> value from the
+<tt class="literal">[globals]</tt> section for that share, not the value
+from <tt class="literal">[homes]</tt>.</p>
+</li></ul>
+<p>As we mentioned, there is no need for a path statement in
+<tt class="literal">[homes]</tt> if the users have Unix home directories in
+the server's <em class="filename">/etc/passwd</em> file.
+You should ensure that a valid home directory does exist, however, as
+Samba will not automatically create a home directory for a user and
+will refuse a tree connect if the user's directory
+does not exist or is not accessible. <a name="INDEX-19"/></p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-9-SECT-2"/>
+
+<h2 class="head1">Controlling Access to Shares</h2>
+
+<p><a name="INDEX-20"/><a name="INDEX-21"/>Often you will need to restrict the users who
+can access a specific share for security reasons. This is very easy
+to do with Samba because it contains a wealth of options for creating
+practically any security configuration. Let's
+introduce a few configurations that you might want to use in your own
+Samba setup.</p>
+
+<p>We've seen what happens when you specify valid
+users. However, you are also allowed to specify a list of
+<a name="INDEX-22"/>invalid users&mdash;users who should never be
+allowed access to Samba or its shares. This is done with the
+<tt class="literal">invalid</tt><a name="INDEX-23"/> <tt class="literal">users</tt>
+option. We hinted at one frequent use of this option earlier: a
+global default with the <tt class="literal">[homes]</tt> section to ensure
+that various system users and superusers cannot be forged for access.
+For example:</p>
+
+<blockquote><pre class="code">[global]
+ invalid users = root bin daemon adm sync shutdown \
+ halt mail news uucp operator
+ auto services = dave peter bob
+
+[homes]
+ browsable = no
+ writable = yes</pre></blockquote>
+
+<p>The <tt class="literal">invalid</tt> <tt class="literal">users</tt> option, like
+<tt class="literal">valid</tt> <tt class="literal">users</tt>, can take group
+names, preceded by an at sign (<tt class="literal">@</tt>), as well as
+usernames. In the event that a user or group appears in both lists,
+the <tt class="literal">invalid</tt> <tt class="literal">users</tt> option takes
+precedence, and the user or group is denied access to the share.</p>
+
+<p>At the other end of the spectrum, you can explicitly specify users
+who will be allowed <a name="INDEX-24"/><a name="INDEX-25"/>superuser (root) access to a share with
+the <tt class="literal">admin</tt><a name="INDEX-26"/> <tt class="literal">users</tt>
+option. An example follows:</p>
+
+<blockquote><pre class="code">[sales]
+ path = /home/sales
+ comment = Sedona Real Estate Sales Data
+ writable = yes
+ valid users = sofie shelby adilia
+ admin users = mike</pre></blockquote>
+
+<p>This option takes both group names and usernames. In addition, you
+can specify NIS netgroups by preceding them with an
+<tt class="literal">@</tt> as well; if the netgroup is not found, Samba
+will assume that you are referring to a standard Unix group.</p>
+
+<p>Be careful if you assign administrative privileges to a share for an
+entire group. The Samba Team highly recommends you avoid using this
+option, as it essentially gives root access to the specified users or
+groups for that share.</p>
+
+<p>If you wish to force read-only or read/write access on users who
+access a share, you can do so with the
+<tt class="literal">read</tt><a name="INDEX-27"/> <tt class="literal">list</tt> and
+<tt class="literal">write</tt> <tt class="literal">list</tt> options,
+respectively. These options can be used on a per-share basis to
+restrict a writable share or to grant write access to specific users
+in a read-only share, respectively. For example:</p>
+
+<blockquote><pre class="code">[sales]
+ path = /home/sales
+ comment = Sedona Real Estate Sales Data
+ read only = yes
+ write list = sofie shelby</pre></blockquote>
+
+<p>The <tt class="literal">write</tt><a name="INDEX-28"/> <tt class="literal">list</tt> option
+cannot override Unix permissions. If you've created
+the share without giving the <tt class="literal">write-list</tt> user write
+permission on the Unix system, she will be denied write access
+regardless of the setting of <tt class="literal">write</tt>
+<tt class="literal">list</tt>.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-2.1"/>
+
+<h3 class="head2">Guest Access</h3>
+
+<p><a name="INDEX-29"/>As mentioned
+earlier, you can configure a share using
+<tt class="literal">guest</tt><a name="INDEX-30"/> <tt class="literal">ok</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> to allow access to guest
+users. This works only when using share-level security, which we will
+cover later in this chapter. When a user connects as a guest,
+authenticating with a username and password is unnecessary, but Samba
+still needs a way to map the connected client to a user on the local
+system. The <tt class="literal">guest</tt><a name="INDEX-31"/>
+<tt class="literal">account</tt> parameter can be used in the share to
+specify the Unix account that guest users should be assigned when
+connecting to the Samba server. The default value for this is set
+during compilation and is typically <tt class="literal">nobody</tt>, which
+works well with most Unix versions. However, on some systems the
+<tt class="literal">nobody</tt><a name="INDEX-32"/> account is not allowed to access some
+services (e.g., printing), and you might need to set the guest user
+to <tt class="literal">ftp</tt> or some other account instead.</p>
+
+<p>If you wish to restrict access in a share only to guests&mdash;in
+other words, all clients connect as the guest account when accessing
+the share&mdash;you can use the <tt class="literal">guest</tt>
+<tt class="literal">only</tt> option in conjunction with the
+<tt class="literal">guest</tt> <tt class="literal">ok</tt> option, as shown in
+the following example:</p>
+
+<blockquote><pre class="code">[sales]
+ path = /home/sales
+ comment = Sedona Real Estate Sales Data
+ writable = yes
+ guest ok = yes
+ guest account = ftp
+ guest only = yes</pre></blockquote>
+
+<p>Make sure you specify <tt class="literal">yes</tt> for both
+<tt class="literal">guest</tt> <tt class="literal">only</tt> and
+<tt class="literal">guest</tt> <tt class="literal">ok</tt>; otherwise, Samba will
+not use the guest account that you specify.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-2.2"/>
+
+<h3 class="head2">Access Control Options</h3>
+
+<p><a href="ch09.html#samba2-CHP-9-TABLE-1">Table 9-1</a> <a name="INDEX-33"/><a name="INDEX-34"/>summarizes the options that you can use
+to control access to shares.</p>
+
+<a name="samba2-CHP-9-TABLE-1"/><h4 class="head4">Table 9-1. Share-level access options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">admin users</tt></p>
+</td>
+<td>
+<p>string (list of usernames)</p>
+</td>
+<td>
+<p>Users who can perform operations as root</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">valid users</tt></p>
+</td>
+<td>
+<p>string (list of usernames)</p>
+</td>
+<td>
+<p>Users who can connect to a share</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">invalid users</tt></p>
+</td>
+<td>
+<p>string (list of usernames)</p>
+</td>
+<td>
+<p>Users who will be denied access to a share</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">read list</tt></p>
+</td>
+<td>
+<p>string (list of usernames)</p>
+</td>
+<td>
+<p>Users who have read-only access to a writable share</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">write list</tt></p>
+</td>
+<td>
+<p>string (list of usernames)</p>
+</td>
+<td>
+<p>Users who have read/write access to a read-only share</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">max connections</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Maximum number of connections for a share at a given time</p>
+</td>
+<td>
+<p><tt class="literal">0</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">guest only</tt> <tt class="literal">(only guest)</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, allows only guest access</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">guest account</tt></p>
+</td>
+<td>
+<p>string (name of account)</p>
+</td>
+<td>
+<p>Unix account that will be used for guest access</p>
+</td>
+<td>
+<p><tt class="literal">nobody</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-2.2.1"/>
+
+<a name="INDEX-35"/><h3 class="head3">admin users</h3>
+
+<p>This option specifies a list of users that perform file operations as
+if they were <tt class="literal">root</tt>. This means that they can modify
+or destroy any other user's files, regardless of the
+permissions. Any files that they create will have root ownership and
+will use the default group of the admin user. The
+<tt class="literal">admin</tt> <tt class="literal">users</tt> option allows PC
+users to act as administrators for particular shares. Be very careful
+when using this option, and make sure good password and other
+security policies are in place.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-2.2.2"/>
+
+<a name="INDEX-36"/><a name="INDEX-37"/><h3 class="head3">valid users, invalid users</h3>
+
+<p>These two options let you enumerate the users and groups who are
+granted or denied access to a particular share. You can enter a list
+of user and/or group names. If a name is prefixed by an at sign
+(<tt class="literal">@</tt>), it is interpreted as a group name&mdash;with
+NIS groups searched before Unix groups. If the name is prefixed by a
+plus sign (<tt class="literal">+</tt>), it is interpreted as the name of a
+Unix group, and NIS is not searched. If the name is prefixed by an
+ampersand (<tt class="literal">&amp;</tt>), it is interpreted as an NIS
+group name rather than as a Unix group name. The plus sign and
+ampersand can be used together to specify whether NIS or Unix groups
+are searched first. For example:</p>
+
+<blockquote><pre class="code">[database]
+ valid users = mary ellen sue &amp;sales +marketing @dbadmin
+ invalid users = gavin syd dana &amp;techies +&amp;helpdesk</pre></blockquote>
+
+<p>In the <tt class="literal">valid</tt> <tt class="literal">users</tt> parameter,
+users <tt class="literal">mary</tt>, <tt class="literal">ellen</tt>, and
+<tt class="literal">sue</tt> are allowed access to the
+<tt class="literal">[database]</tt> share, as are the members of the Unix
+group <tt class="literal">marketing</tt> and NIS/Unix group
+<tt class="literal">dbadmin</tt>. The <tt class="literal">invalid</tt>
+<tt class="literal">users</tt> parameter denies access to the share by
+users <tt class="literal">gavin</tt>, <tt class="literal">syd</tt>, and
+<tt class="literal">dana</tt>, as well as members of the NIS group
+<tt class="literal">techies</tt> and Unix/NIS group
+<tt class="literal">helpdesk</tt>. In this last case, the list of Unix
+groups is searched first for the <tt class="literal">helpdesk</tt> group,
+and if it is not found there, the list of NIS groups is searched.</p>
+
+<p>The important rule to remember with these options is that any name or
+group in the <tt class="literal">invalid</tt> <tt class="literal">users</tt> list
+will <em class="emphasis">always</em> be denied access, even if it is
+included (in any form) in the <tt class="literal">valid</tt>
+<tt class="literal">users</tt> list.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-2.2.3"/>
+
+<a name="INDEX-38"/><a name="INDEX-39"/><h3 class="head3">read list, write list</h3>
+
+<p>Like the <tt class="literal">valid</tt> <tt class="literal">users</tt>
+<tt class="literal">and</tt> <tt class="literal">invalid</tt>
+<tt class="literal">users</tt> options, this pair of options specifies
+which users have read-only access to a writable share and read/write
+access to a read-only share, respectively. The value of either
+options is a list of users. The <tt class="literal">read</tt>
+<tt class="literal">list</tt> parameter overrides any other Samba
+permissions granted&mdash;as well as Unix file permissions on the
+server system&mdash;to deny users write access.
+<tt class="literal">The</tt> <tt class="literal">write</tt>
+<tt class="literal">list</tt> parameter overrides other Samba permissions
+to grant write access, but cannot grant write access if the user
+lacks write permissions for the file on the Unix system. You can
+specify NIS or Unix group names by prefixing the name with an at sign
+(such as <tt class="literal">@users</tt>). Neither configuration option has
+a default value associated with it.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-2.2.4"/>
+
+<a name="INDEX-40"/><h3 class="head3">max connections</h3>
+
+<p>This option specifies the maximum number of client connections that a
+share can have at any given time. Any connections that are attempted
+after the maximum is reached will be rejected. The default value is
+<tt class="literal">0</tt>, which is a special case that allows an
+unlimited number of connections. You can override it per share as
+follows:</p>
+
+<blockquote><pre class="code">[accounting]
+ max connections = 30</pre></blockquote>
+
+<p>This option is useful in the event that you need to limit the number
+of users who are accessing a licensed program or piece of data
+concurrently.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-2.2.5"/>
+
+<a name="INDEX-41"/><h3 class="head3">guest only</h3>
+
+<p>This share-level option (also called <tt class="literal">only</tt>
+<tt class="literal">guest</tt>) forces a connection to a share to be
+performed with the user specified by the <tt class="literal">guest</tt>
+<tt class="literal">account</tt> option. The share to which this is applied
+must explicitly specify <tt class="literal">guest</tt>
+<tt class="literal">ok</tt> <tt class="literal">=</tt> <tt class="literal">yes</tt> for
+this option to be recognized by Samba. The default value for this
+option is <tt class="literal">no</tt>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-2.2.6"/>
+
+<a name="INDEX-42"/><h3 class="head3">guest account</h3>
+
+<p>This option specifies the name of the account to be used for guest
+access to shares in Samba. The default for this option varies from
+system to system, but it is often set to <tt class="literal">nobody</tt>.
+Some default user accounts have trouble connecting as guest users. If
+that occurs on your system, the Samba Team recommends using the
+<tt class="literal">ftp</tt> account as the guest user. <a name="INDEX-43"/> <a name="INDEX-44"/><a name="INDEX-45"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-2.3"/>
+
+<h3 class="head2">Username Options</h3>
+
+<p><a href="ch09.html#samba2-CHP-9-TABLE-2">Table 9-2</a> shows two additional options that Samba
+can use to correct for incompatibilities in usernames between Windows
+and Unix.</p>
+
+<a name="samba2-CHP-9-TABLE-2"/><h4 class="head4">Table 9-2. Username options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">username</tt> <tt class="literal">map</tt></p>
+</td>
+<td>
+<p>string (filename)</p>
+</td>
+<td>
+<p>Sets the name of the username mapping file</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">username</tt> <tt class="literal">level</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Indicates the number of capital letters to use when trying to match a
+username</p>
+</td>
+<td>
+<p><tt class="literal">0</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-2.3.1"/>
+
+<a name="INDEX-46"/><h3 class="head3">username map</h3>
+
+<p>Client usernames on an SMB network can be relatively long (up to 255
+characters), while usernames on a Unix network often cannot be longer
+than eight characters. This means that an individual user can have
+one username on a client and another (shorter) one on the Samba
+server. You can get past this issue by<em class="firstterm">
+</em><a name="INDEX-47"/>mapping a free-form client
+username to a Unix username of eight or fewer characters. It is
+placed in a standard text file, using a format that
+we'll describe shortly. You can then specify the
+pathname to Samba with the global <tt class="literal">username</tt>
+<tt class="literal">map</tt> option. Be sure to restrict access to this
+file; make the root user the file's owner and deny
+write access to others (with octal permissions of 744 or 644).
+Otherwise, an untrusted user with access to the file can easily map
+his client username to the root user of the Samba server.</p>
+
+<p>You can specify this option as follows:</p>
+
+<blockquote><pre class="code">[global]
+ username map = /usr/local/samba/private/usermap.txt</pre></blockquote>
+
+<p>Each entry in the username map file should be listed as follows: the
+Unix username, followed by an equal sign (<tt class="literal">=</tt>),
+followed by one or more whitespace-separated SMB client usernames.
+Note that unless instructed otherwise (i.e., a guest connection),
+Samba will expect both the client and the server user to have the
+same password. You can also map NT groups to one or more specific
+Unix groups using the <tt class="literal">@</tt> sign. Here are some
+examples:</p>
+
+<blockquote><pre class="code">jarwin = JosephArwin
+manderso = MarkAnderson
+users = @account</pre></blockquote>
+
+<p>You can also use the asterisk to specify a wildcard that matches any
+free-form client username as an entry in the username map file:</p>
+
+<blockquote><pre class="code">nobody = *</pre></blockquote>
+
+<p>Comments can be placed in the file by starting the line with a hash
+mark (<tt class="literal">#</tt>) or a semicolon (<tt class="literal">;</tt>).</p>
+
+<p>Note that you can also use this file to redirect one Unix user to
+another user. Be careful, though, as Samba and your client might not
+notify the user that the mapping has been made and Samba might be
+expecting a different password.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-2.3.2"/>
+
+<a name="INDEX-48"/><h3 class="head3">username level</h3>
+
+<p>SMB clients (such as Windows) will often send usernames in SMB
+connection requests entirely in capital letters; in other words,
+client usernames are not necessarily case-sensitive. On a Unix
+server, however, usernames <em class="emphasis">are</em> case-sensitive:
+the user <tt class="literal">ANDY</tt> is different from the user
+<tt class="literal">andy</tt>. By default, Samba attacks this problem by
+doing the following:</p>
+
+<ol><li>
+<p>Checking for a user account with the exact name sent by the client</p>
+</li><li>
+<p>Testing the username in all lowercase letters</p>
+</li><li>
+<p>Testing the username in lowercase letters with only the first letter
+capitalized</p>
+</li></ol>
+<p>If you wish to have Samba attempt more combinations of upper- and
+lowercase letters, you can use the <tt class="literal">username</tt>
+<tt class="literal">level</tt> global configuration option. This option
+takes an integer value that specifies how many letters in the
+username should be capitalized when attempting to connect to a share.
+You can specify this option as follows:</p>
+
+<blockquote><pre class="code">[global]
+ username level = 3</pre></blockquote>
+
+<p>In this case, Samba attempts all possible permutations of usernames
+having three capital letters. The larger the number, the more
+computations Samba has to perform to match the username, and the
+longer the authentication will take.</p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-9-SECT-3"/>
+
+<h2 class="head1">Authentication of Clients</h2>
+
+<p><a name="INDEX-49"/>At
+this point, we should discuss how Samba authenticates users. Each
+user who attempts to connect to a share not allowing guest access
+must provide a password to
+<a name="INDEX-50"/>make a successful connection. What
+Samba does with that password&mdash;and consequently the strategy
+Samba will use to handle user authentication&mdash;is the arena of
+the <tt class="literal">security</tt> configuration option. Samba currently
+supports <a name="INDEX-51"/><a name="INDEX-52"/><a name="INDEX-53"/>four
+<a name="INDEX-54"/>security levels on its network:
+<em class="firstterm">share</em>, <em class="firstterm">user</em>,
+<em class="firstterm">server</em>, and <em class="firstterm">domain</em>.</p>
+
+<dl>
+<dt><b><a name="INDEX-55"/>Share-level security</b></dt>
+<dd>
+<p>Each share in the workgroup has one or more passwords associated with
+it. Anyone who knows a valid password for the share can access it.</p>
+</dd>
+
+
+
+<dt><b><a name="INDEX-56"/>User-level security</b></dt>
+<dd>
+<p>Each share in the workgroup is configured to allow access from
+certain users. With each initial tree connection, the Samba server
+verifies users and their passwords to allow them access to the share.</p>
+</dd>
+
+
+
+<dt><b><a name="INDEX-57"/>Server-level security</b></dt>
+<dd>
+<p>This is the same as user-level security, except that the Samba server
+uses another server to validate users and their passwords before
+granting access to the share.</p>
+</dd>
+
+
+
+<dt><b><a name="INDEX-58"/>Domain-level security</b></dt>
+<dd>
+<p>Samba becomes a member of a Windows NT domain and uses one of the
+domain's domain controllers&mdash;either the PDC or
+a BDC&mdash;to perform authentication. Once authenticated, the user
+is given a special token that allows her access to any share with
+appropriate access rights. With this token, the domain controller
+will not have to revalidate the user's password each
+time she attempts to access another share within the domain. The
+domain controller can be a Windows NT/2000 PDC or BDC, or Samba
+acting as a Windows NT PDC.</p>
+</dd>
+
+</dl>
+
+<p>Each security policy can be implemented with the global
+<tt class="literal">security</tt> option, as shown in <a href="ch09.html#samba2-CHP-9-TABLE-3">Table 9-3</a>.</p>
+
+<a name="samba2-CHP-9-TABLE-3"/><h4 class="head4">Table 9-3. Security option</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">security</tt><a name="INDEX-59"/></p>
+</td>
+<td>
+<p><tt class="literal">domain</tt>, <tt class="literal">server</tt>,
+<tt class="literal">share</tt>, or <tt class="literal">user</tt></p>
+</td>
+<td>
+<p>Indicates the type of security that the Samba server will use</p>
+</td>
+<td>
+<p><tt class="literal">user</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-3.1"/>
+
+<h3 class="head2">Share-Level Security</h3>
+
+<p>With share-level security, each share has one or more passwords
+associated with it, with the client being authenticated when first
+connecting to the share. This differs from the other modes of
+security in that there are no restrictions as to whom can access a
+share, as long as that individual knows the correct password. Shares
+often have multiple passwords. For example, one password might grant
+read-only access, while another might grant read/write access.
+Security is maintained as long as unauthorized users do not discover
+the password for a share to which they shouldn't
+have access.</p>
+
+<p>OS/2 and Windows 95/98/Me both support share-level security on their
+resources. You can set up share-level security with Windows 95/98/Me
+by first enabling share-level security using the Access Control tab
+of the Network Control Panel dialog. Then select the
+&quot;Share-level access control&quot; radio
+button (which deselects the &quot;User-level access
+control&quot; radio button), as shown in <a href="ch09.html#samba2-CHP-9-FIG-1">Figure 9-1</a>, and click the OK button. Reboot as requested.</p>
+
+<div class="figure"><a name="samba2-CHP-9-FIG-1"/><img src="figs/sam2_0901.gif"/></div><h4 class="head4">Figure 9-1. Selecting share-level security on a Windows 95/98/Me system</h4>
+
+<p>Next, right-click a resource&mdash;such as a hard drive or a
+CD-ROM&mdash;and select the Properties menu item. This will bring up
+the Resource Properties dialog box. Select the Sharing tab at the top
+of the dialog box, and enable the resource as Shared As. From here,
+you can configure how the shared resource will appear to individual
+users, as well as assign whether the resource will appear as
+read-only, read/write, or a mix, depending on the password that is
+supplied.</p>
+
+<p>You might be thinking that this security model is not a good fit for
+Samba&mdash;and you would be right. In fact, if you set the
+<tt class="literal">security</tt> <tt class="literal">=</tt>
+<tt class="literal">share</tt> option in the Samba configuration file,
+Samba will still reuse the username/password combinations in the
+system password files to authenticate access. More precisely, Samba
+will take the following steps when a client requests a connection
+using share-level security:</p>
+
+<ol><li>
+<p>When a connection is requested, Samba will accept the password and
+(if sent) the username of the client.</p>
+</li><li>
+<p>If the share is <tt class="literal">guest</tt> <tt class="literal">only</tt> ,
+the user is immediately granted access to the share with the rights
+of the user specified by the <tt class="literal">guest</tt>
+<tt class="literal">account</tt> parameter; no password checking is
+performed.</p>
+</li><li>
+<p>For other shares, Samba appends the username to a list of users who
+are allowed access to the share. It then attempts to validate the
+password given in association with that username. If successful,
+Samba grants the user access to the share with the rights assigned to
+that user. The user will not need to authenticate again unless a
+<tt class="literal">revalidate</tt> <tt class="literal">=</tt>
+<tt class="literal">yes</tt> option has been set inside the share.</p>
+</li><li>
+<p>If the authentication is unsuccessful, Samba attempts to validate the
+password against the list of users previously compiled during
+attempted connections, as well as those specified under the share in
+the configuration file. If the password matches that of any username
+(as specified in the system password file, typically
+<em class="filename">/etc/passwd </em>), the user is granted access to the
+share under that username.</p>
+</li><li>
+<p>However, if the share has a <tt class="literal">guest</tt>
+<tt class="literal">ok</tt> or <tt class="literal">public</tt> option set, the
+user will default to access with the rights of the user specified by
+the <tt class="literal">guest</tt> <tt class="literal">account</tt> option.</p>
+</li></ol>
+<p>You can indicate in the configuration file which users should be
+initially placed on the share-level security user list by using the
+<tt class="literal">username</tt> configuration option, as shown here:</p>
+
+<blockquote><pre class="code">[global]
+ security = share
+
+[accounting1]
+ path = /home/samba/accounting1
+ guest ok = no
+ writable = yes
+ username = davecb, pkelly, andyo</pre></blockquote>
+
+<p>Here, when a user attempts to connect to a share, Samba verifies the
+sent password against each user in its own list, in addition to the
+passwords of users <tt class="literal">davecb</tt>,
+<tt class="literal">pkelly</tt>, and <tt class="literal">andyo</tt>. If any of
+the passwords match, the connection is verified, and the user is
+allowed. Otherwise, connection to the specific share will fail.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-3.2"/>
+
+<h3 class="head2">Share-Level Security Options</h3>
+
+<p><a href="ch09.html#samba2-CHP-9-TABLE-4">Table 9-4</a> shows the options typically associated
+with <em class="firstterm">share-level
+security</em><a name="INDEX-60"/>.</p>
+
+<a name="samba2-CHP-9-TABLE-4"/><h4 class="head4">Table 9-4. Share-level access options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">only user</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, usernames specified by
+<tt class="literal">username</tt> are the only ones allowed</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">username</tt> (<tt class="literal">user</tt> or
+<tt class="literal">users</tt>)</p>
+</td>
+<td>
+<p>string (list of usernames)</p>
+</td>
+<td>
+<p>Users against which a client's password is tested</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-3.2.1"/>
+
+<a name="INDEX-61"/><h3 class="head3">only user</h3>
+
+<p>This Boolean option indicates whether Samba will allow connections to
+a share using share-level security based solely on the individuals
+specified in the <tt class="literal">username</tt> option, instead of those
+users compiled on Samba's internal list. The default
+value for this option is <tt class="literal">no</tt>. You can override it
+per share as follows:</p>
+
+<blockquote><pre class="code">[global]
+ security = share
+[data]
+ username = andy, peter, valerie
+ only user = yes</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-3.2.2"/>
+
+<a name="INDEX-62"/><h3 class="head3">username</h3>
+
+<p>This option presents a list of usernames and/or group names against
+which Samba tests a connection password to allow access. It is
+typically used with clients that have share-level security to allow
+connections to a particular service based solely on a qualifying
+password&mdash;in this case, one that matches a password set up for a
+specific user:</p>
+
+<blockquote><pre class="code">[global]
+ security = share
+[data]
+ username = andy, peter, terry</pre></blockquote>
+
+<p>You can enter a list of usernames and/or group names. If a name is
+prefixed by an at sign (<tt class="literal">@</tt>), it is interpreted as a
+group name, with NIS groups searched before Unix groups. If the name
+is prefixed by a plus sign (<tt class="literal">+</tt>), it is interpreted
+as the name of a Unix group, and NIS is not searched. If the name is
+prefixed by an ampersand (<tt class="literal">&amp;</tt>), it is
+interpreted as an NIS group name rather than a Unix group name. The
+plus sign and ampersand can be used together to specify whether NIS
+or Unix groups are searched first. When Samba encounters a group name
+in this option, it attempts to authenticate each user in the group
+until if finds one that succeeds. Beware that this can be very
+inefficient.</p>
+
+<p>We recommend against using this option unless you are implementing a
+Samba server with share-level security.</p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-3.3"/>
+
+<h3 class="head2">User-Level Security</h3>
+
+<p>The default mode of security with Samba is <em class="firstterm">user-level
+security</em><a name="INDEX-63"/>. With this method, each share is
+assigned specific users that can access it. When a user requests a
+connection to a share, Samba authenticates by validating the given
+username and password with the authorized users in the configuration
+file and the passwords in the password database of the Samba server.
+As mentioned earlier in the chapter, one way to isolate which users
+are allowed access to a specific share is by using the
+<tt class="literal">valid</tt> <tt class="literal">users</tt> option for each
+share:</p>
+
+<blockquote><pre class="code">[global]
+ security = user
+
+[accounting1]
+ writable = yes
+ valid users = bob, joe, sandy</pre></blockquote>
+
+<p>Each user listed can connect to the share if the password provided
+matches the password stored in the system password database on the
+server. Once the initial authentication succeeds, the client will not
+need to supply a password again to access that share unless the
+<tt class="literal">revalidate</tt> <tt class="literal">=</tt>
+<tt class="literal">yes</tt> option has been set.</p>
+
+<p>Passwords can be sent to the Samba server in either an encrypted or a
+nonencrypted format. If you have both types of systems on your
+network, you should ensure that the passwords represented by each
+user are stored both in a traditional account database and
+Samba's encrypted password database. This way,
+authorized users can gain access to their shares from any type of
+client.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> However, we recommend that you
+move your system to encrypted passwords and abandon nonencrypted
+passwords if security is an issue. <a href="ch09.html#samba2-CHP-9-SECT-4">Section 9.4</a> of this chapter
+explains how to use encrypted as well as nonencrypted passwords.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-3.4"/>
+
+<h3 class="head2">Server-Level Security</h3>
+
+<p><em class="firstterm">Server-level
+security</em><a name="INDEX-64"/> is similar to user-level security.
+However, with server-level security, Samba delegates password
+authentication to another SMB password server&mdash;typically another
+Samba server or a Windows NT/2000 server acting as a PDC on the
+network. Note that Samba still maintains its list of shares and their
+configuration in its <em class="filename">smb.conf</em> file. When a
+client attempts to make a connection to a particular share, Samba
+validates that the user is indeed authorized to connect to the share.
+Samba then attempts to validate the password by passing the username
+and password to the SMB password server. If the password is accepted,
+a session is established with the client. See <a href="ch09.html#samba2-CHP-9-FIG-2">Figure 9-2</a> for an illustration of this setup.</p>
+
+<div class="figure"><a name="samba2-CHP-9-FIG-2"/><img src="figs/sam2_0902.gif"/></div><h4 class="head4">Figure 9-2. A typical system setup using server-level security</h4>
+
+<p>You can configure Samba to use a separate password server under
+server-level security with the use of the
+<tt class="literal">password</tt><a name="INDEX-65"/> <tt class="literal">server</tt>
+global configuration option, as follows:</p>
+
+<blockquote><pre class="code">[global]
+ security = server
+ password server = mixtec toltec</pre></blockquote>
+
+<p>Note that you can specify more than one machine as the target of the
+<tt class="literal">password</tt> <tt class="literal">server</tt>; Samba moves
+down the list of servers in the event that its first choice is
+unreachable. The servers identified by the
+<tt class="literal">password</tt> <tt class="literal">server</tt> option are
+given as NetBIOS names, not their DNS names or equivalent IP
+addresses. Also, if any of the servers reject the given password, the
+connection automatically fails&mdash;Samba will not attempt another
+server.</p>
+
+<p>One caveat: when using this option, you still need an account
+representing that user on the regular Samba server. This is because
+the Unix operating system needs a username to perform various I/O
+operations. The preferable method of handling this is to give the
+user an account on the Samba server but disable the
+account's password by replacing it in the system
+password file (e.g., <em class="filename">/etc/passwd </em>) with an
+asterisk (*).</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-3.5"/>
+
+<h3 class="head2">Domain-Level Security</h3>
+
+<p>With <em class="firstterm">domain-level
+security</em><a name="INDEX-66"/>, the Samba server acts as a member of
+a Windows domain. Recall from <a href="ch01.html">Chapter 1</a> that each
+domain has a primary domain controller, which can be a Windows
+NT/2000 or Samba server offering password authentication. The domain
+controller keeps track of users and passwords in its own database and
+authenticates each user when she first logs on and wishes to access
+another machine's shares.</p>
+
+<p>As mentioned earlier in this chapter, Samba has a similar ability to
+offer user-level security, but that option is Unix-centric and
+assumes that the authentication occurs via Unix password files. If
+the Unix machine is part of an NIS or NIS+ domain, Samba
+authenticates users transparently against a shared password file in
+typical Unix fashion. Samba then provides access to the NIS or NIS+
+domain from Windows. There is, of course, no relationship between the
+NIS concept of a domain and a Windows NT domain.</p>
+
+<p>Configuring Samba for domain-level security is covered in <a href="ch04.html">Chapter 4</a> in <a href="ch04.html#samba2-CHP-4-SECT-7">Section 4.7</a>. <a name="INDEX-67"/></p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-9-SECT-4"/>
+
+<h2 class="head1">Passwords</h2>
+
+<p><a name="INDEX-68"/>Passwords
+are a thorny issue with Samba. So much so, in fact, that they are
+often the first major problem that users encounter when they install
+Samba. At this point, we need to delve deeper into Samba to discover
+what is happening on the network.</p>
+
+<p>Passwords sent from individual clients can be either encrypted or
+nonencrypted. Encrypted passwords are, of course, more secure. A
+nonencrypted, plain-text password can be easily read with a
+packet-sniffing program, such as the modified
+<em class="emphasis">tcpdump</em> program for Samba that we used in <a href="ch01.html">Chapter 1</a>. Whether passwords are encrypted by default
+depends on the operating system that the client is using to connect
+to the Samba server. <a href="ch09.html#samba2-CHP-9-TABLE-5">Table 9-5</a> lists which
+<a name="INDEX-69"/>Windows operating
+systems encrypt their passwords and which send plain-text passwords
+by default.</p>
+
+<a name="samba2-CHP-9-TABLE-5"/><h4 class="head4">Table 9-5. Windows operating systems with encrypted passwords</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Operating system</p>
+</th>
+<th>
+<p>Encrypted or plain text</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>Windows for Workgroups</p>
+</td>
+<td>
+<p>Plain text</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows 95</p>
+</td>
+<td>
+<p>Plain text</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows 95 with SMB Update</p>
+</td>
+<td>
+<p>Encrypted</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows 98</p>
+</td>
+<td>
+<p>Encrypted</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows Me</p>
+</td>
+<td>
+<p>Encrypted</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows NT 3.x</p>
+</td>
+<td>
+<p>Plain text</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows NT 4.0 before SP <tt class="literal">3</tt></p>
+</td>
+<td>
+<p>Plain text</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows NT 4.0 after SP 3</p>
+</td>
+<td>
+<p>Encrypted</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows 2000</p>
+</td>
+<td>
+<p>Encrypted</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Windows XP</p>
+</td>
+<td>
+<p>Encrypted</p>
+</td>
+</tr>
+
+</table>
+
+<p>Three different encryption methods are used. Windows 95/98/Me clients
+use a method inherited from Microsoft's LAN Manager
+network software. Windows NT/2000/XP systems use a newer system,
+called NT LAN Manager, or NTLM. A newer version of this (called NT
+LAN Manager Version 2, or NTLMv2) uses a different method for
+password hashing.</p>
+
+<p>If encrypted passwords are supported, Samba stores the encrypted
+passwords in a file called <em class="filename">smbpasswd</em>. By
+default, this file is located in the <em class="filename">private</em>
+directory of the Samba distribution (typically
+<em class="filename">/usr/local/samba/private</em>). At the same time, the
+client stores an encrypted version of a user's
+password on its own system. The plain-text password is never stored
+on either system. Each system encrypts the password automatically
+using a standard algorithm when the password is set or changed.</p>
+
+<p>When a client requests a connection to an SMB server that supports
+encrypted passwords (such as Samba or Windows NT/2000/XP), the two
+computers undergo the following negotiations:</p>
+
+<ol><li>
+<p>The client attempts to negotiate a protocol with the server.</p>
+</li><li>
+<p>The server responds with a protocol and indicates that it supports
+encrypted passwords. At this time, it sends back a randomly generated
+8-byte challenge string.</p>
+</li><li>
+<p>The client uses the challenge string as a key to encrypt its already
+encrypted password using an algorithm predefined by the negotiated
+protocol. It then sends the result to the server.</p>
+</li><li>
+<p>The server does the same thing with the encrypted password stored in
+its database. If the results match, the passwords are equivalent, and
+the user is authenticated.</p>
+</li></ol>
+<p>Note that even though the original passwords are not involved in the
+authentication process, you need to be very careful that the
+encrypted passwords located inside the <em class="filename">smbpasswd</em>
+file are guarded from unauthorized users. If they are compromised, an
+unauthorized user can break into the system by replaying the steps of
+the previous algorithm. The encrypted passwords are just as sensitive
+as the plain-text passwords&mdash;this is known as
+<em class="firstterm">plain-text-equivalent</em> data in the cryptography
+world. Of course, your local security policy should require that the
+clients safeguard their plain-text-equivalent passwords as well.</p>
+
+<p>You can configure Samba to accept encrypted passwords with the
+following global additions to <em class="filename">smb.conf</em>. Note
+that we explicitly name the location of the Samba password file:</p>
+
+<blockquote><pre class="code">[global]
+ security = user
+ encrypt passwords = yes
+ smb passwd file = /usr/local/samba/private/smbpasswd</pre></blockquote>
+
+<p>Samba, however, will not accept any users until the
+<em class="filename">smbpasswd</em> file has been created and the users
+have been added to it with the <em class="emphasis">smbpasswd</em>
+command, as we showed you in <a href="ch02.html">Chapter 2</a>.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-4.1"/>
+
+<h3 class="head2">Disabling Encrypted Passwords on the Client</h3>
+
+<p><a name="INDEX-70"/><a name="INDEX-71"/>While Unix authentication has been
+in use for decades&mdash;including the use of
+<em class="emphasis">telnet</em> and <em class="emphasis">rlogin</em> access
+across the Internet&mdash;it embodies well-known security risks.
+Plaintext passwords are sent over the Internet and can be retrieved
+from TCP packets by malicious snoopers. However, if you feel that
+your network is secure and you wish to use standard Unix
+<em class="filename">/etc/passwd</em> authentication for all clients, you
+can do so, but you must disable encrypted passwords on those Windows
+clients that default to using them.</p>
+
+<p>To do this, you must modify the Windows registry on each client
+system. The Samba distribution includes the <em class="filename">.reg</em>
+files you need for this, located in the source
+distribution's <em class="filename">/docs/Registry</em>
+directory. Depending on the platform, you use one of the following
+files:</p>
+
+<blockquote class="simplelist">
+
+<p><em class="filename">Win95_PlainPassword.reg</em></p>
+
+<p><em class="filename">Win98_PlainPassword.reg</em></p>
+
+<p><em class="filename">WinME_PlainPassword.reg</em></p>
+
+<p><em class="filename">NT_PlainPassword.reg</em></p>
+
+<p><em class="filename">Win2000_PlainPassword.reg</em></p>
+
+</blockquote>
+
+<p>(For Windows XP, use the <em class="filename">.reg</em> file for Windows
+2000.) You can perform the installation by copying the appropriate
+<em class="filename">.reg</em> file to a DOS floppy, inserting the floppy
+in the client's floppy drive, and running the
+<em class="filename">.reg</em> file from the Run menu item in the
+client's Start menu. (Or you can just double-click
+the file's icon.)</p>
+
+<p>After you reboot the machine, the client will not encrypt its hashed
+passwords before sending them to the server. This means that the
+plain-text passwords can been seen in the TCP packets that are
+broadcast across the network. Again, we encourage you not to do this
+unless you are absolutely sure that your network is secure.</p>
+
+<p>If passwords are not encrypted, use these two lines in your Samba
+configuration file:</p>
+
+<blockquote><pre class="code">[global]
+ security = user
+ encrypt passwords = no</pre></blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-4.2"/>
+
+<h3 class="head2">The smbpasswd File</h3>
+
+<p>Samba stores its encrypted passwords in a file called
+<em class="filename">smbpasswd</em><a name="INDEX-72"/>,
+which by default resides in the
+<em class="filename">/usr/local/samba/private</em> directory. The
+<em class="filename">smbpasswd</em> file should be guarded as closely as
+the Unix system's password file (either
+<em class="filename">/etc/passwd</em> or
+<em class="filename">/etc/shadow</em>). Only the root user should have
+read/write access to the <em class="filename">private</em> directory, and
+no other users should have access to it at all. In addition, the
+<em class="filename">smbpasswd</em> file should have all access denied to
+all users except for root. When things are set up for good security,
+long listings of the <em class="filename">private</em> directory and
+<em class="filename">smbpasswd</em> file look like the following:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>ls -ld /usr/local/samba/private</b></tt>
+drwx- - - - - - 2 root root 4096 Nov 26 01:11 /usr/local/samba/private
+# <tt class="userinput"><b>ls -l /usr/local/samba/private/smbpasswd</b></tt>
+-rw- - - - - - - 1 root root 204 Nov 26 01:11 /usr/local/samba/private/smbpasswd</pre></blockquote>
+
+<p>Before you can use encrypted passwords, you need to create an entry
+for each Unix user in the <em class="filename">smbpasswd</em> file. The
+structure of the file is somewhat similar to a Unix
+<em class="filename">passwd</em> file, but has different fields. <a href="ch09.html#samba2-CHP-9-FIG-3">Figure 9-3</a> illustrates the layout of the
+<em class="filename">smbpasswd</em> file; the entry shown is actually one
+line in the file.</p>
+
+<div class="figure"><a name="samba2-CHP-9-FIG-3"/><img src="figs/sam2_0903.gif"/></div><h4 class="head4">Figure 9-3. Structure of the smbpasswd file entry (actually one line)</h4>
+
+<p>Normally, entries in the <em class="filename">smbpasswd</em> file are
+created automatically by the <em class="emphasis">smbpasswd</em> command.
+Still, you might like to know how to interpret data within the
+<em class="filename">smbpasswd</em> file, in case you'd
+like to see what accounts are stored in it or even modify it
+manually. Here is a breakdown of the individual fields:</p>
+
+<dl>
+<dt><b>Username</b></dt>
+<dd>
+<p>This is the username of the account. It is taken directly from the
+system password file.</p>
+</dd>
+
+
+
+<dt><b>UID</b></dt>
+<dd>
+<p>This is the user ID (UID) of the account. Like the username, it is
+taken directly from the system password file and must match the UID
+there.</p>
+</dd>
+
+
+
+<dt><b>LAN Manager Password Hash</b></dt>
+<dd>
+<p>This is a 32-bit hexadecimal sequence that represents the password
+Windows 95/98/Me clients will use. It is derived by splitting the
+password into two 7-character strings, with all lowercase letters
+forced into uppercase. If fewer than 14 characters are in the
+password, the strings are padded with nulls. Then each 7-character
+string is converted to a 56-bit DES key and used to encrypt the
+constant string <tt class="literal">KGS!@#$%</tt>. The two 64-bit results
+are concatenated and stored as the password hash.</p>
+
+
+<p>If there is currently no password for the user, the first 11
+characters of the hash will consist of the sequence
+<tt class="literal">NO</tt> <tt class="literal">PASSWORD</tt> followed by
+<tt class="literal">X</tt> characters for the remainder. If the password
+has been disabled, it will consist of 32 <tt class="literal">X</tt>
+characters.</p>
+</dd>
+
+
+<dt><b>NT LAN Manager (NTLM) Password Hash</b></dt>
+<dd>
+<p>This is a 32-bit hexadecimal sequence that represents the password
+Windows NT/2000/XP clients will use. It is derived by hashing the
+user's password (represented as a 16-bit
+little-endian Unicode sequence) with an MD4 hash. The password is not
+converted to uppercase letters first.</p>
+</dd>
+
+
+
+<dt><b>Account Flags</b></dt>
+<dd>
+<p>This field consists of 11 characters between two braces ( [ ] ). Any
+of the following characters can appear in any order; the remaining
+characters should be spaces:</p>
+
+
+<dl>
+<dt><b>U</b></dt>
+<dd>
+<p>This account is a standard user account.</p>
+</dd>
+
+
+
+<dt><b>D</b></dt>
+<dd>
+<p>This account is currently disabled, and Samba should not allow any
+logins.</p>
+</dd>
+
+
+
+<dt><b>N</b></dt>
+<dd>
+<p>This account has no password associated with it.</p>
+</dd>
+
+
+
+<dt><b>W</b></dt>
+<dd>
+<p>This is a workstation trust account that can be used to configure
+Samba as a PDC when allowing Windows NT machines to join its domain.</p>
+</dd>
+
+</dl>
+</dd>
+
+
+<dt><b>Last Change Time</b></dt>
+<dd>
+<p>This code consists of the characters <tt class="literal">LCT-</tt> followed
+by a hexadecimal representation of the number of seconds since the
+epoch (midnight on January 1, 1970) that the entry was last changed.
+<a name="INDEX-73"/></p>
+</dd>
+
+</dl>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-4.3"/>
+
+<h3 class="head2">Password Synchronization</h3>
+
+<p><a name="INDEX-74"/><a name="INDEX-75"/>Having a regular password (either in
+<em class="filename">/etc/passwd</em> or <em class="filename">/etc/shadow</em>)
+and an encrypted version of the same password (in the
+<em class="filename">smbpasswd</em> file) can be troublesome when you need
+to change both of them. Luckily, Samba affords you a limited ability
+to keep your passwords synchronized. Samba has a pair of
+configuration options to update a user's regular
+Unix password automatically when the encrypted password is changed on
+the system. The feature can be activated by specifying the
+<tt class="literal">unix</tt><a name="INDEX-76"/> <tt class="literal">password</tt>
+<tt class="literal">sync</tt> global configuration option:</p>
+
+<blockquote><pre class="code">[global]
+ unix password sync = yes</pre></blockquote>
+
+<p>With this option enabled, Samba attempts to change the
+user's regular password (as <tt class="literal">root</tt>)
+when the encrypted version is changed with
+<em class="filename">smbpasswd</em>. However, two other options have to be
+set correctly for this to work.</p>
+
+<p>The easier of the two is <tt class="literal">passwd</tt>
+<tt class="literal">program</tt>. This option simply specifies the Unix
+command used to change a user's standard system
+password. It is set to <tt class="literal">/bin/passwd</tt>
+<tt class="literal">%u</tt> by default. With some Unix systems, this is
+sufficient, and you do not need to change anything. Others, such as
+Red Hat Linux, use <em class="emphasis">/usr/bin/passwd</em> instead. In
+addition, you might want to change this to another program or script
+at some point in the future. For example, let's
+assume that you want to use a script called
+<em class="emphasis">changepass</em> to change a user's
+password. Recall that you can use the variable <tt class="literal">%u</tt>
+to represent the current Unix username. So the example becomes:</p>
+
+<blockquote><pre class="code">[global]
+ unix password sync = yes
+ passwd program = changepass %u</pre></blockquote>
+
+<p>Note that this program is called as the <tt class="literal">root</tt> user
+when the <tt class="literal">unix</tt> <tt class="literal">password</tt>
+<tt class="literal">sync</tt> option is set to <tt class="literal">yes</tt>. This
+is because Samba does not necessarily have the old plain-text
+password of the user.</p>
+
+<p>The harder option to configure is
+<tt class="literal">passwd</tt><a name="INDEX-77"/> <tt class="literal">chat</tt>. The
+<tt class="literal">passwd</tt> <tt class="literal">chat</tt> option works like a
+Unix chat script. It specifies a series of strings to send, as well
+as responses to expect from the program specified by the
+<tt class="literal">passwd</tt> <tt class="literal">program</tt> option. For
+example, this is what the default <tt class="literal">passwd</tt>
+<tt class="literal">chat</tt> looks like. The delimiters are the spaces
+between each grouping of characters:</p>
+
+<blockquote><pre class="code">passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed*</pre></blockquote>
+
+<p>The first grouping represents a response expected from the
+password-changing program. Note that it can contain wildcards
+(<tt class="literal">*</tt>), which help to generalize the chat programs to
+handle a variety of similar outputs. Here,
+<tt class="literal">*old*password*</tt> indicates that Samba is expecting
+any line from the password program containing the letters
+<tt class="literal">old</tt> followed by the letters
+<tt class="literal">password</tt>, without regard for what comes before,
+after, or between them. If Samba does not receive the expected
+response, the password change will fail.</p>
+
+<p>The second grouping indicates what Samba should send back once the
+data in the first grouping has been matched. In this case, you see
+<tt class="literal">%o\n</tt>. This response is actually two items: the
+variable <tt class="literal">%o</tt> represents the old password, while the
+<tt class="literal">\n</tt> is a newline character. So, in effect, this
+will &quot;type&quot; the old password into
+the standard input of the password-changing program, and then
+&quot;press&quot; Enter.</p>
+
+<p>Following that is another response grouping, followed by data that
+will be sent back to the password-changing program. (In fact, this
+response/send pattern continues indefinitely in any standard Unix
+<em class="emphasis">chat</em> script.) The script continues until the
+final pattern is matched.</p>
+
+<p>You can help match the response strings sent from the password
+program with the characters listed in <a href="ch09.html#samba2-CHP-9-TABLE-6">Table 9-6</a>.
+In addition, you can use the characters listed in <a href="ch09.html#samba2-CHP-9-TABLE-7">Table 9-7</a> to help formulate your response.</p>
+
+<a name="samba2-CHP-9-TABLE-6"/><h4 class="head4">Table 9-6. Password chat response characters</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Character</p>
+</th>
+<th>
+<p>Definition</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">*</tt></p>
+</td>
+<td>
+<p>Zero or more occurrences of any character.</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>&quot;<tt class="literal"> </tt>&quot;</p>
+</td>
+<td>
+<p>Allows you to include matching strings that contain spaces. Asterisks
+are still considered wildcards even inside of quotes, and you can
+represent a null response with empty quotes.</p>
+</td>
+</tr>
+
+</table>
+
+<a name="samba2-CHP-9-TABLE-7"/><h4 class="head4">Table 9-7. Password chat send characters</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Character</p>
+</th>
+<th>
+<p>Definition</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">%o</tt></p>
+</td>
+<td>
+<p>The user's old password</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%n</tt></p>
+</td>
+<td>
+<p>The user's new password</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">\n</tt></p>
+</td>
+<td>
+<p>The linefeed character</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">\r</tt></p>
+</td>
+<td>
+<p>The carriage-return character</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">\t</tt></p>
+</td>
+<td>
+<p>The tab character</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">\s</tt></p>
+</td>
+<td>
+<p>A space</p>
+</td>
+</tr>
+
+</table>
+
+<p>For example, you might want to change your password chat to the
+following entry. This handles scenarios in which you do not have to
+enter the old password. In addition, this also handles the new
+<tt class="literal">all</tt> <tt class="literal">tokens</tt>
+<tt class="literal">updated</tt> <tt class="literal">successfully</tt> string
+that Red Hat Linux sends:</p>
+
+<blockquote><pre class="code">passwd chat = *New password* %n\n *new password* %n\n *success*</pre></blockquote>
+
+<p>Again, the default chat should be sufficient for many Unix systems.
+If it isn't, you can use the
+<tt class="literal">passwd</tt> <tt class="literal">chat</tt>
+<tt class="literal">debug</tt> global option to set up a new chat script
+for the password change program. The <tt class="literal">passwd</tt>
+<tt class="literal">chat</tt> <tt class="literal">debug</tt> option logs
+everything during a password chat. This option is a simple Boolean,
+as shown here:</p>
+
+<blockquote><pre class="code">[global]
+ unix password sync = yes
+ passwd chat debug = yes
+ log level = 100</pre></blockquote>
+
+<p>After you activate the password chat debug feature, all I/O received
+by Samba through the password chat can be sent to the
+<em class="filename">log.smbd</em> Samba log file with a debug level of
+100, which is why we entered a new <tt class="literal">log</tt>
+<tt class="literal">level</tt> option as well. As this can often generate
+multitudes of error logs, it can be more efficient to use your own
+script&mdash;by setting the <tt class="literal">passwd</tt>
+<tt class="literal">program</tt> option&mdash;in place of
+<em class="filename">/bin/passwd</em> to record what happens during the
+exchange. Be careful because the log file contains the passwords in
+plain text. Keeping files containing plain-text passwords can (or
+<em class="emphasis">should</em>) be against local security policy in your
+organization, and it also might raise serious legal issues. Make sure
+to protect your log files with strict file permissions and to delete
+them as soon as you've grabbed the information you
+need. If possible, use the <tt class="literal">passwd</tt>
+<tt class="literal">chat</tt> <tt class="literal">debug</tt> option only while
+your own password is being changed.</p>
+
+<p>The operating system on which Samba is running might have strict
+requirements for valid passwords to make them more impervious to
+dictionary attacks and the like. Users should be made aware of these
+restrictions when changing their passwords.</p>
+
+<p>Earlier we said that password synchronization is limited. This is
+because there is no reverse synchronization of the encrypted
+<em class="filename">smbpasswd</em> file when a standard Unix password is
+updated by a user. There are various strategies to get around this,
+including NIS and freely available implementations of the Pluggable
+Authentication Modules (PAM) standard, but none of them really solves
+all the problems.</p>
+
+<p>More information regarding passwords can be found in the in the Samba
+source distribution file
+<em class="filename">docs/htmldocs/ENCRYPTION.html</em>.<a name="INDEX-80"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-4.4"/>
+
+<h3 class="head2">Password Configuration Options</h3>
+
+<p><a name="INDEX-81"/><a name="INDEX-82"/>The options in <a href="ch09.html#samba2-CHP-9-TABLE-8">Table 9-8</a> will help you work with passwords in Samba.</p>
+
+<a name="samba2-CHP-9-TABLE-8"/><h4 class="head4">Table 9-8. Password configuration options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">encrypt</tt> <tt class="literal">passwords</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, enables encrypted passwords.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">unix password</tt> <tt class="literal">sync</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, updates the standard Unix password
+database when a user changes his encrypted password.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">passwd chat</tt></p>
+</td>
+<td>
+<p>string (chat commands)</p>
+</td>
+<td>
+<p>Sequence of commands sent to the password program.</p>
+</td>
+<td>
+<p>See earlier section on this option</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">passwd chat</tt> <tt class="literal">debug</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, sends debug logs of the password-change
+process to the log files with a level of 100.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">passwd program</tt></p>
+</td>
+<td>
+<p>string (Unix command)</p>
+</td>
+<td>
+<p>Program to be used to change passwords.</p>
+</td>
+<td>
+<p><tt class="literal">/bin/passwd</tt> <tt class="literal">%u</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">password level</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Number of capital-letter permutations to attempt when matching a
+client's password.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">update</tt> <tt class="literal">encrypted</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, updates the encrypted password file when a
+client connects to a share with a plain-text password.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">null passwords</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, allows access for users with null
+passwords.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">smb passwd file</tt></p>
+</td>
+<td>
+<p>string (filename)</p>
+</td>
+<td>
+<p>Name of the encrypted password file.</p>
+</td>
+<td>
+<p><tt class="literal">/usr/local/samba/private/smbpasswd</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">hosts equiv</tt></p>
+</td>
+<td>
+<p>string (filename)</p>
+</td>
+<td>
+<p>Name of a file that contains hosts and users that can connect without
+using a password.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">use rhosts</tt></p>
+</td>
+<td>
+<p>string (filename)</p>
+</td>
+<td>
+<p>Name of a .<em class="emphasis">rhosts</em> file that allows users to
+connect without using a password.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-4.4.1"/>
+
+<h3 class="head3">encrypt passwords</h3>
+
+<p>The <tt class="literal">encrypt</tt><a name="INDEX-83"/>
+<tt class="literal">passwords</tt> global option switches Samba from using
+plain-text passwords to encrypted passwords for authentication.
+Encrypted passwords will be expected from clients if the option is
+set to <tt class="literal">yes</tt>:</p>
+
+<blockquote><pre class="code">encrypt passwords = yes</pre></blockquote>
+
+<p>In Samba 2.2.x versions and with previous versions, encrypted
+passwords are disabled by default. This was changed in Samba 3.0 to
+make encrypted passwords enabled by default.</p>
+
+<p>If you use encrypted passwords, you must have a valid
+<em class="filename">smbpasswd</em> file in place and populated with
+usernames that authenticate with encrypted passwords. (See <a href="ch09.html#samba2-CHP-9-SECT-4.2">Section 9.4.2</a> earlier in
+this chapter.) In addition, Samba must know the location of the
+<em class="filename">smbpasswd</em> file; if it is not in the default
+location (typically
+<em class="filename">/usr/local/samba/private/smbpasswd</em> ), you can
+explicitly name it using the <tt class="literal">smb</tt>
+<tt class="literal">passwd</tt> <tt class="literal">file</tt> option.</p>
+
+<p>If you wish, you can use <tt class="literal">update</tt>
+<tt class="literal">encrypted</tt> to force Samba to update the
+<em class="filename">smbpasswd</em> file with encrypted passwords each
+time a client connects using a nonencrypted password.</p>
+
+<p>If you have a mixture of clients on your network, with some of them
+using encrypted passwords and others using plain-text passwords, you
+can use the <tt class="literal">include</tt> option to make Samba treat
+each client appropriately. To do this, create individual
+configuration files based on the client name (<tt class="literal">%m</tt>).
+These host-specific configuration files can contain an
+<tt class="literal">encrypted</tt> <tt class="literal">passwords</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> option that activates
+only when those clients are connecting to the server.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-4.4.2"/>
+
+<a name="INDEX-84"/><h3 class="head3">unix password sync</h3>
+
+<p>The <tt class="literal">unix</tt> <tt class="literal">password</tt>
+<tt class="literal">sync</tt> global option allows Samba to update the
+standard Unix password file when a user changes her encrypted
+password. The encrypted password is stored on a Samba server in the
+<em class="filename">smbpasswd</em> file, which is located by default in
+<em class="filename">/usr/local/samba/private</em>. You can activate this
+feature as follows:</p>
+
+<blockquote><pre class="code">[global]
+ unix password sync = yes</pre></blockquote>
+
+<p>If this option is enabled, Samba changes the encrypted password and,
+in addition, attempts to change the standard Unix password by passing
+the username and new password to the program specified by the
+<tt class="literal">passwd</tt> <tt class="literal">program</tt> option
+(described earlier). Note that Samba does not necessarily have access
+to the plain-text password for this user, so the password changing
+program must be invoked as <tt class="literal">root</tt>.<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a> If the Unix password change does not
+succeed, for whatever reason, the SMB password is not changed either.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-4.4.3"/>
+
+<a name="INDEX-85"/><h3 class="head3">passwd chat</h3>
+
+<p>This option specifies a series of send/response strings similar to a
+Unix chat script, which interface with the password-changing program
+on the Samba server. <a href="ch09.html#samba2-CHP-9-SECT-4.3">Section 9.4.3</a> earlier in this
+chapter covers this option in detail.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-4.4.4"/>
+
+<h3 class="head3">passwd chat debug</h3>
+
+<p>If set to <tt class="literal">yes</tt>, the
+<tt class="literal">passwd</tt><a name="INDEX-86"/> <tt class="literal">chat</tt>
+<tt class="literal">debug</tt> global option logs everything sent or
+received by Samba during a password chat. All the I/O received by
+Samba through the password chat is sent to the Samba logs with a
+debug level of 100; you must specify <tt class="literal">log</tt>
+<tt class="literal">level</tt> <tt class="literal">=</tt> <tt class="literal">100</tt>
+for the information to be recorded. <a href="ch09.html#samba2-CHP-9-SECT-4.3">Section 9.4.3</a> earlier in this
+chapter describes this option in more detail. Be aware that if you do
+set this option, the plain-text passwords will be visible in the
+debugging logs, which could be a security hazard if they are not
+properly secured. It is against the security policy of some
+organizations for system administrators to have access to
+users' passwords.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-4.4.5"/>
+
+<h3 class="head3">passwd program</h3>
+
+<p>The <tt class="literal">passwd</tt><a name="INDEX-87"/>
+<tt class="literal">program</tt> option specifies a program on the Unix
+Samba server that Samba can use to update the standard system
+password file when the encrypted password file is updated. This
+option defaults to the standard <em class="emphasis">passwd</em> program,
+usually located in the <em class="filename">/bin</em> directory. The
+<tt class="literal">%u</tt> variable is typically used as the requesting
+user when the command is executed. The actual handling of input and
+output to this program during execution is handled through the
+<tt class="literal">passwd</tt> <tt class="literal">chat</tt> option. <a href="ch09.html#samba2-CHP-9-SECT-4.3">Section 9.4.3</a> earlier in this
+chapter covers this option in detail.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-4.4.6"/>
+
+<a name="INDEX-88"/><h3 class="head3">password level</h3>
+
+<p>With SMB, nonencrypted (or plain-text) passwords are sent with
+capital letters, just like the usernames mentioned previously. Many
+Unix users, however, choose passwords with both upper- and lowercase
+letters. Samba, by default, only attempts to match the password
+entirely in lowercase letters and not capitalizing the first letter.</p>
+
+<p>Like <tt class="literal">username</tt> <tt class="literal">level</tt>, a
+<tt class="literal">password</tt> <tt class="literal">level</tt> option can be
+used to attempt various permutations of the password with capital
+letters. This option takes an integer value that specifies how many
+letters in the password should be capitalized when attempting to
+connect to a share. You can specify this option as follows:</p>
+
+<blockquote><pre class="code">[global]
+ password level = 3</pre></blockquote>
+
+<p>In this case, Samba then attempts all permutations of the password it
+can compute having three capital letters. The larger the number, the
+more computations Samba has to perform to match the password, and the
+longer a connection to a specific share might take.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-4.4.7"/>
+
+<a name="INDEX-89"/><h3 class="head3">update encrypted</h3>
+
+<p>For sites switching over to the encrypted password format, Samba
+provides an option that should help with the transition. The
+<tt class="literal">update</tt> <tt class="literal">encrypted</tt> option allows
+a site to ease into using encrypted passwords from plain-text
+passwords. You can activate this option as follows:</p>
+
+<blockquote><pre class="code">[global]
+ update encrypted = yes</pre></blockquote>
+
+<p>This instructs Samba to create an encrypted version of each
+user's Unix password in the
+<em class="filename">smbpasswd</em> file each time she connects to a
+share. When this option is enabled, you must have the
+<tt class="literal">encrypt</tt> <tt class="literal">passwords</tt> option set to
+<tt class="literal">no</tt> so that the client passes plain-text passwords
+to Samba to update the files. Once each user has connected at least
+once, you can set <tt class="literal">encrypted</tt>
+<tt class="literal">passwords</tt> <tt class="literal">=</tt>
+<tt class="literal">yes</tt>, allowing you to use only the encrypted
+passwords. The user must already have a valid entry in the
+<em class="filename">smbpasswd</em> file for this option to work.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-4.4.8"/>
+
+<a name="INDEX-90"/><h3 class="head3">null passwords</h3>
+
+<p>This global option tells Samba whether to allow access from users
+that have null passwords (encrypted or nonencrypted) set in their
+accounts. The default value is <tt class="literal">no</tt>. You can
+override it as follows:</p>
+
+<blockquote><pre class="code">null passwords = yes</pre></blockquote>
+
+<p>We highly recommend against doing so because of the security risks
+this option can present to your system, including inadvertent access
+to system users (such as <tt class="literal">bin</tt>) in the system
+password file who have null passwords set.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-4.4.9"/>
+
+<a name="INDEX-91"/><h3 class="head3">smb passwd file</h3>
+
+<p>This global option identifies the location of the encrypted password
+database. By default, it is set to
+<em class="filename">/usr/local/samba/private/smbpasswd</em>. You can
+override it as follows:</p>
+
+<blockquote><pre class="code">[global]
+ smb passwd file = /etc/samba/smbpasswd</pre></blockquote>
+
+<p>This location, for example, is common on many Red Hat distributions
+on which Samba has been installed using an RPM package.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-4.4.10"/>
+
+<a name="INDEX-92"/><h3 class="head3">hosts equiv</h3>
+
+<p>This global option specifies the name of a standard Unix
+<em class="filename">hosts.equiv</em> file that allows hosts or users to
+access shares without specifying a password. You can specify the
+location of such a file as follows:</p>
+
+<blockquote><pre class="code">[global]
+ hosts equiv = /etc/hosts.equiv</pre></blockquote>
+
+<p>The default value for this option does not specify any
+<em class="filename">hosts.equiv</em> file. Because using a
+<em class="filename">hosts.equiv</em> file is a huge security risk, we
+strongly recommend against using this option.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-4.4.11"/>
+
+<a name="INDEX-93"/><h3 class="head3">use rhosts</h3>
+
+<p>This global option specifies the name of a standard Unix
+user's <em class="filename">.rhosts</em> file that allows
+foreign hosts to access shares without specifying a password. You can
+specify the location of such a file as follows:</p>
+
+<blockquote><pre class="code">[global]
+ use rhosts = /home/dave/.rhosts</pre></blockquote>
+
+<p>The default value for this option does not specify any
+<em class="filename">.rhosts</em> file. Like the <tt class="literal">hosts</tt>
+<tt class="literal">equiv</tt> option discussed earlier, using such a file
+is a security risk. We highly recommend that you do not use this
+option unless you are confident in the security of your network.
+<a name="INDEX-94"/>
+<a name="INDEX-95"/><a name="INDEX-96"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-9-SECT-5"/>
+
+<h2 class="head1">Authentication with winbind</h2>
+
+<p><a name="INDEX-97"/><a name="INDEX-98"/>In <a href="ch03.html">Chapter 3</a>, we
+showed you how to add Windows clients to a network in which user
+accounts were maintained on the Samba server. We added a user account
+to the Windows client using the same username and password as an
+account on the Unix system. This method works well in many computing
+environments. However, if a Samba server is added to a Windows
+network that already has a Windows NT/2000 primary domain controller,
+the PDC has a preexisting database of user accounts and group
+information that is used for authentication. It can be a big chore to
+transfer that database manually to the Unix server, and later
+maintain and synchronize the Unix and Windows databases.</p>
+
+<p>In <a href="ch04.html">Chapter 4</a>, we showed you how to add a Samba
+server as a domain member server to a network having a Windows
+NT/2000 primary domain controller. We set <tt class="literal">security</tt>
+<tt class="literal">=</tt> <tt class="literal">domain</tt> in the Samba
+configuration file to have the Samba server hand off authentication
+to the Windows PDC. Using that method, passwords are kept only on the
+PDC, but it is still necessary to set up user accounts on the Unix
+side to make sure each client has a valid Unix UID and group ID
+(GID). This is necessary for maintaining the file ownerships and
+permissions of the Unix security model. Whenever Samba performs an
+operation on the Unix filesystem on behalf of the Windows client, the
+user must have a valid UID and GID on the local Unix system.</p>
+
+<p>A facility that has recently been added to Samba, winbind, allows the
+Windows <a name="INDEX-99"/>PDC to handle
+not only authentication, but the user and group information as well.
+Winbind works by extending the Unix user and group databases beyond
+the standard <em class="filename">/etc/passwd</em> and
+<em class="filename">/etc/group</em> files such that users and groups on
+the Windows PDC also exist as valid users and groups on the Unix
+system. The extension applies to the entire Unix system and allows
+users who are members of a Windows domain to perform any action on
+the Unix system that a local user would, including logging in to the
+Unix system by <em class="emphasis">telnet</em> or even on the local
+system, using their domain usernames and passwords.</p>
+
+<p>When winbind is in use, administration of user accounts can be done
+on the Windows PDC, without having to repeat the tasks on the Unix
+side. This includes password expiration and allowing users to change
+their passwords, which would otherwise not be practical. Aside from
+simplifying domain administration and being a great time saver,
+winbind lets Samba be used in computing environments where it
+otherwise might not be allowed.</p>
+<a name="samba2-CHP-9-NOTE-143"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>Because this is a chapter on security, we want to point out that some
+issues might relate to allowing a Windows system to authenticate
+users accessing a Unix system! Whatever you might think of the
+relative merits of Unix and Windows security models (and even more
+importantly, their <em class="emphasis">implementations</em>), one thing
+is certain: adding winbind support to your Samba server greatly
+complicates the authentication system overall&mdash;and quite
+possibly allows more opportunities for crackers.</p>
+
+<p>We present winbind in this chapter not as a means of improving
+security, but rather as a further example of Samba's
+ability to integrate itself into a modern Windows environment.</p>
+</blockquote>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-5.1"/>
+
+<h3 class="head2">Installing winbind</h3>
+
+<p><a name="INDEX-100"/>Installing
+and configuring winbind is fairly complicated and involves the
+following steps:</p>
+
+<ol><li>
+<p>Reconfigure, recompile, and reinstall Samba&mdash;to add support for
+winbind.</p>
+</li><li>
+<p>Configure the Unix name server switch.</p>
+</li><li>
+<p>Modify the Samba configuration file.</p>
+</li><li>
+<p>Start and test the <em class="emphasis">winbindd</em> daemon.</p>
+</li><li>
+<p>Configure the system to start and stop the
+<em class="emphasis">winbindd</em> daemon automatically.</p>
+</li><li>
+<p>Optionally, configure PAM for use with winbind.</p>
+</li></ol>
+<p>At the time this book was written, winbind was supported only on
+Linux, so all of the following directions are specific to it. Other
+Unix flavors might be supported at a later time. In addition, we
+assume you have a Windows NT/2000 primary domain controller running
+on your network.</p>
+
+<p>First, you will need to configure and compile Samba using the
+<tt class="literal">--with-winbind</tt> configure option. Directions for
+doing this are included in <a href="ch02.html">Chapter 2</a> in <a href="ch02.html#samba2-CHP-2-SECT-3">Section 2.3</a>. As usual, run
+<em class="emphasis">make install</em> to reinstall the Samba binaries.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-5.2"/>
+
+<h3 class="head2">Configuring nsswitch</h3>
+
+<p><a name="INDEX-101"/>When
+Samba is compiled after being configured with the
+<tt class="literal">--with-winbind</tt> option, the compilation process
+produces a library called
+<em class="filename">libnss_winbind.so</em><a name="INDEX-102"/> in the
+<em class="filename">source/nsswitch</em> directory. This library needs to
+be copied to the <em class="filename">/lib</em> directory:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>cp nsswitch/libnss_winbind.so /lib</b></tt></pre></blockquote>
+
+<p>Also, a symbolic link must be created for winbind to be fully
+functional:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</b></tt></pre></blockquote>
+
+<a name="samba2-CHP-9-NOTE-144"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>The name of this symbolic link is correct for Samba 2.2.3 and Red Hat
+7.1. The name might change&mdash;with a higher version number in the
+extension&mdash;in future releases. See the
+<em class="emphasis">winbindd</em> manual page for details.</p>
+</blockquote>
+
+<p>Next, we need to modify <em class="filename">/etc/nsswitch.conf</em> to
+make the lines for <tt class="literal">passwd</tt> and
+<tt class="literal">group</tt> look like this:</p>
+
+<blockquote><pre class="code">passwd: files winbind
+group: files winbind</pre></blockquote>
+
+<p>Then activate these changes by issuing the following command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>/sbin/ldconfig</b></tt></pre></blockquote>
+
+<p>What we've just done is reconfigure the Linux name
+service switch, which allows name service and other tasks to be
+configured to use the traditional method (files in the
+<em class="filename">/etc</em> directory) or an extension coded in a
+library, such as the <em class="filename">libnss_winbind.so</em> library
+we've just installed. We've
+specified in our configuration that Samba will search for user and
+group information first in the <em class="filename">/etc/passwd</em> and
+<em class="filename">/etc/group files</em>, and if they are not found
+there, in the winbind service.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-5.3"/>
+
+<h3 class="head2">Modifying smb.conf</h3>
+
+<p><a name="INDEX-103"/><a name="INDEX-104"/>To use winbind, we must have our Samba
+server added to the Windows NT domain as a domain member server (as
+we described in <a href="ch04.html">Chapter 4</a>) and also add some
+parameters to the Samba configuration file to configure winbind. In
+addition to the options required to configure Samba as a domain
+member server, we need:</p>
+
+<blockquote><pre class="code">[global]
+ winbind uid = 10000-20000
+ winbind gid = 10000-20000</pre></blockquote>
+
+<p>The <tt class="literal">winbind</tt> <tt class="literal">uid</tt> and
+<tt class="literal">winbind</tt> <tt class="literal">gid</tt> options tell
+winbind how to map between Windows relative identifiers (RIDs) and
+Unix UIDs and GIDs. Windows uses RIDs to identify users and groups
+within the domain, and to function, the Unix system must have a UID
+and GID associated with every user and group RID that is received
+from the Windows primary domain controller. The
+<tt class="literal">winbind</tt> <tt class="literal">uid</tt> and
+<tt class="literal">winbind</tt> <tt class="literal">gid</tt> parameters simply
+provide winbind with a range of UIDs and GIDs, respectively, that are
+allocated by the system administrator for Windows NT domain users and
+groups. You can use whatever range you want for each; just make sure
+the lowest number in the range does not conflict with any entries in
+your <em class="filename">/etc/passwd</em> or
+<em class="filename">/etc/group</em> files at any time, either now or in
+the future. It is important to be conservative about this. Once
+winbind adds an RID to UID/GID mapping to its database, it is very
+difficult to modify the mapping.</p>
+<a name="samba2-CHP-9-NOTE-145"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p><a name="INDEX-105"/>The file
+<em class="filename">/usr/local/samba/locks/winbindd_idmap.tdb</em>
+contains winbind's RID mapping file by default. We
+suggest you regard this file as extremely sensitive and make sure to
+guard it carefully against any kind of harm or loss. If you lose it,
+you will have to re-create it manually, which can be a very
+labor-intensive task.</p>
+</blockquote>
+
+<a name="samba2-CHP-9-NOTE-145a"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>Be careful when adding local users after domain users have started
+accessing the Samba server. The domain users will have entries
+created for them by winbind in <em class="filename">/etc/passwd,</em> with
+UIDs in the range you specify. If you are using a method of creating
+new accounts that automatically assigns UIDs, it might choose UIDs by
+adding 1 to the highest UID assigned thus far, which will be the most
+recent UID added by winbind. (This is the case on Red Hat Linux, with
+the <em class="emphasis">useradd</em> script, for example.) The UID for
+the new local user will be within the range allocated for winbind,
+which will have undesired effects. Make sure to add new local users
+using a method that assigns them UIDs in the proper range. For
+example, you can use the <em class="emphasis">-u</em> option of
+<em class="emphasis">useradd</em> to specify the UID to assign to the new
+user.</p>
+</blockquote>
+
+<p>Restart the Samba daemons to put your changes to the configuration
+file into effect. If you have not already done so while adding your
+Samba server as a domain member server, you must issue the command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbpasswd -j </b></tt><em class="replaceable">domain</em><tt class="userinput"><b> -r </b></tt><em class="replaceable">pdc</em><tt class="userinput"><b> -U Administrator</b></tt></pre></blockquote>
+
+<p>as we described in <a href="ch04.html">Chapter 4</a>. At this point, you
+can start the <em class="emphasis">winbindd</em> daemon:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>winbindd</b></tt></pre></blockquote>
+
+<p><a name="INDEX-106"/>You might want to
+run a <em class="emphasis">ps ax</em> command to see that the
+<em class="emphasis">winbindd</em> daemon is running. Now, to make sure
+everything we've done up to this point works, we can
+use Samba's <em class="emphasis">wbinfo</em> command:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>wbinfo -u</b></tt>
+METRAN\Administrator
+METRAN\bebe
+METRAN\Guest
+METRAN\jay
+METRAN\linda
+$ <tt class="userinput"><b>wbinfo -g</b></tt>
+METRAN\Domain Admins
+METRAN\Domain Guests
+METRAN\Domain Users</pre></blockquote>
+
+<p>The <em class="emphasis">-u</em> option queries the domain controller for
+a list of domain users, and the <em class="emphasis">-g</em> option asks
+for the list of groups. The output shows that the Samba host system
+can query the Windows PDC through winbind.</p>
+
+<p>Another thing to check is the list of users and groups, using the
+<em class="emphasis">getent</em> command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>getent passwd</b></tt>
+root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:
+daemon:x:2:2:daemon:/sbin:
+ <i class="lineannotation">... deleted ...</i>
+jay:x:500:500:Jay Ts:/home/jay:/bin/bash
+rik:x:501:501::/home/rik:/bin/bash
+METRAN\Administrator:x:10000:10000::/home/METRAN/administrator:/bin/bash
+METRAN\bebe:x:10001:10000:Bebe Larta:/home/METRAN/bebe:/bin/bash
+METRAN\Guest:x:10002:10000::/home/METRAN/guest:/bin/bash
+METRAN\jay:x:10003:10000:Jay Ts:/home/METRAN/jay:/bin/bash
+METRAN\linda:x:10004:10000:Linda Lewis:/home/METRAN/linda:/bin/bash
+
+# getent group
+root:x:0:root
+bin:x:1:root,bin,daemon
+daemon:x:2:root,bin,daemon
+ <i class="lineannotation">... deleted ...</i>
+jay:x:500:
+rik:x:501:
+METRAN\Domain Admins:x:10001:METRAN\Administrator
+METRAN\Domain Guests:x:10002:METRAN\Guest
+METRAN\Domain Users:x:10000:METRAN\Administrator,METRAN\jay,METRAN\linda,METRAN\bebe</pre></blockquote>
+
+<p>This shows that the Linux system is finding the domain users and
+groups through winbind, in addition to those in the
+<em class="filename">/etc/passwd</em> and <em class="filename">/etc/group</em>
+files. If this part doesn't work as shown earlier,
+with the domain users and groups listed after the local ones, check
+to make sure you made the symbolic link to
+<em class="filename">libnss_winbind.so</em> in <em class="filename">/lib</em>
+correctly.</p>
+
+<p>Now you can try connecting to a Samba share from a Windows system
+using a domain account. You can either log on to the domain from a
+Windows NT/2000/XP workstation or use <em class="emphasis">smbclient</em>
+with the <em class="emphasis">-U</em> option to specify a username.</p>
+
+<a name="samba2-CHP-9-NOTE-147"/><blockquote class="note"><h4 class="objtitle">NOTE</h4>
+<p>If you get errors while attempting to log on to the domain, it is
+probably because you had previously configured the client system with
+a computer account on another domain controller. Commonly, you get a
+dialog box that says, &quot;The domain
+<em class="replaceable">NAME</em> is not available.&quot;
+On a Windows 2000 system, the fix is to log in to the system as an
+administrative user and open the Control Panel, double-click the
+System icon, click the Network Identification tab, then click the
+Properties button. In the dialog that comes up, click the
+&quot;Workgroup:&quot; radio button and fill
+in the name of the workgroup (you can use the same name as the
+domain). Click the OK buttons in the dialogs, and reboot if
+requested.</p>
+
+<p>This removes the computer account from the primary domain controller.
+Now log in again as the administrative user and repeat the previous
+directions, but change from the workgroup back to the domain. This
+creates a new computer account that
+&quot;fits&quot; the workstation to the new
+primary domain controller. If your network has backup domain
+controllers, it will take up to 15 minutes for the new computer
+account to propagate to the BDCs.</p>
+
+<p>If you are using Windows NT/XP, the method is slightly different. For
+the exact procedure, see the section in <a href="ch04.html">Chapter 4</a>
+that is specific to your Windows version.</p>
+</blockquote>
+
+<p>After logging in as a domain user, try creating a file or two in a
+Samba share. (You might need to change the permissions on the shared
+directory&mdash;say, to 777&mdash;to allow this access. This is very
+permissive, but after you finish reading this section, you will
+understand how to change ownership and permissions on the directory
+to restrict access to selected domain users.) After
+you've created files by one or more domain users,
+take a look at the directory's contents from a Linux
+shell. You will see something like this:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ls -l /u</b></tt>
+-rwxrw-rw- 1 METRAN\b METRAN\D 0 Apr 13 00:00 bebes-file.doc
+-rwxrw-rw- 1 METRAN\l METRAN\D 0 Apr 12 23:58 lindas-file.doc
+drwxrwxr-x 6 jay jay 4096 Jan 15 05:12 snd
+<b class="emphasis-bold">$ ls -ln /u</b>
+total 4
+-rwxrw-rw- 1 10001 10000 0 Apr 13 00:00 bebes-file.doc
+-rwxrw-rw- 1 10004 10000 0 Apr 12 23:58 lindas-file.doc
+drwxrwxr-x 6 500 500 4096 Jan 15 05:12 snd</pre></blockquote>
+
+<p>We can even use the domain usernames and groups from the Linux shell:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>chown 'METRAN\linda:METRAN\Domain Users' /u</b></tt>
+# <tt class="userinput"><b>ls -ldu /u</b></tt>
+drwxrwxrwx 3 METRAN\l METRAN\D 4096 Apr 13 00:44 /u
+# <tt class="userinput"><b>ls -ldn /u</b></tt>
+drwxrwxrwx 3 10004 10000 4096 Apr 13 00:00 /u</pre></blockquote>
+
+<p>Notice how the owner and group are listed as being those of the
+domain user and group. Unfortunately, the GNU <em class="emphasis">ls</em>
+command won't show the full names of the domain
+users and groups, but we can use the <em class="emphasis">-ln</em> listing
+to show the UIDs and GIDs and then translate with the
+<em class="emphasis">wbinfo</em> command:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>wbinfo -s `wbinfo -U 10004`</b></tt>
+METRAN\LINDA 1
+$ <tt class="userinput"><b>wbinfo -s `wbinfo -G 10000`</b></tt>
+METRAN\Domain Users 2</pre></blockquote>
+
+<p>(It's a bit messy, but it works, and it shows that
+the winbind system is working!) At this point, you might want to
+modify your <em class="filename">/etc/rc.d/init.d/smb</em> script to start
+and stop the <em class="emphasis">winbindd</em> daemon automatically along
+with the <em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em>
+daemons. Starting with the script we presented in <a href="ch02.html">Chapter 2</a>, we first add this code to the
+<em class="emphasis">start( )</em> function:</p>
+
+<blockquote><pre class="code">echo -n $&quot;Starting WINBIND services: &quot;
+/usr/local/samba/bin/winbindd
+ERROR2=$?
+if [ $ERROR2 -ne 0 ]
+then
+ ERROR=1
+fi
+echo</pre></blockquote>
+
+<p>The previous code should be located after the code that starts
+<em class="emphasis">nmbd</em> and before the <em class="emphasis">return</em>
+statement.</p>
+
+<a name="samba2-CHP-9-NOTE-148"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>We start <em class="emphasis">winbindd</em> after
+<em class="emphasis">nmbd</em> because <em class="emphasis">winbindd</em> needs
+<em class="emphasis">nmbd</em> to be running to work properly.</p>
+</blockquote>
+
+<p>In the <tt class="function">stop( )</tt> function, we add the following:</p>
+
+<blockquote><pre class="code">echo -n $&quot;Shutting down WINBIND services: &quot;
+/bin/kill -TERM -a winbindd
+ERROR2=$?
+if [ $ERROR2 -ne 0 ]
+then
+ ERROR=1
+fi
+echo</pre></blockquote>
+
+<p>Again, this code should be located after the code that stops
+<em class="emphasis">nmbd</em> and before the <em class="emphasis">return</em>
+statement. <a name="INDEX-107"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-5.4"/>
+
+<h3 class="head2">Configuring PAM</h3>
+
+<p><a name="INDEX-108"/>Most
+popular Linux distributions use <a name="INDEX-109"/>Pluggable
+Authentication Modules (PAM), a suite of shared libraries that
+provide a centralized source of authentication for applications
+running on the Unix system. PAM can be configured differently for
+each application (or service) that uses it, without needing to
+recompile the application. As a hypothetical example, if an
+organization's security policy mandated the use of
+passwords exactly 10 characters in length, a PAM module could be
+written to check the length of passwords submitted by users and
+reject any attempts to use a longer or shorter password. PAM would
+then be reconfigured to include the new module for services such as
+<em class="emphasis">ftp</em>, console login, and GUI login that call upon
+PAM to authenticate users.</p>
+
+<p>If you are not already familiar with PAM, we suggest you read the
+documentation provided with the Linux PAM package before continuing.
+On most Linux systems, it is located in the
+<em class="filename">/usr/share/doc</em> directory hierarchy. Another
+resource is the <em class="citetitle">Linux-PAM System
+Administrator's
+Guide</em><a name="INDEX-110"/>, which you can find
+on the Internet at <a href="http://www.kernel.org/pub/linux/libs/pam">http://www.kernel.org/pub/linux/libs/pam</a>.</p>
+
+<p>The rest of this section is about using the PAM module provided in
+the Samba distribution to enable Windows domain users to authenticate
+on the Linux system hosting Samba. Depending on which services you
+choose to configure, this allows Windows domain users to log in on a
+local console (or through <em class="emphasis">telnet</em>), log in to a
+GUI desktop on the Linux system, authenticate with an FTP server
+running on the Linux system, or use other services normally limited
+to users who have an account on the Linux system. The PAM module
+authenticates Windows domain users by querying winbind, which passes
+the authentication off to a Windows NT domain controller.</p>
+
+<p>As an example, we will show how to allow Windows domain users to log
+in to a text console on the Linux system and get a command shell and
+home directory. The method used in our example can be applied (with
+variations) to other services.</p>
+
+<p>All users who can log in to the Linux system need a shell and a home
+directory. Unix and Linux keep this user information in the password
+file (<em class="filename">/etc/passwd</em> ), but information about
+Windows users isn't located there. Instead, in the
+Samba configuration file, we add the following to notify winbind what
+the shell and home directory for Windows domain users will be:</p>
+
+<blockquote><pre class="code">[global]
+ template shell = /bin/bash
+ template homedir = /home/%D/%U</pre></blockquote>
+
+<p>The first line sets the
+<tt class="literal">template</tt><a name="INDEX-111"/> <tt class="literal">shell</tt>
+parameter, which tells winbind what shell to use for domain users
+that are logging in to the Unix host. The
+<tt class="literal">template</tt><a name="INDEX-112"/>
+<tt class="literal">homedir</tt> parameter specifies the location of
+users' home directories. The <tt class="literal">%D</tt>
+variable is replaced by the name of the domain in which the
+user's account resides, and <tt class="literal">%U</tt> is
+replaced by the user's username in that domain.</p>
+
+<p>Before the domain users can successfully log in, their home
+directories must be created manually. To add a single account for
+<tt class="literal">linda</tt> in the METRAN domain, we would use these
+commands:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /home/METRAN</b></tt>
+# <tt class="userinput"><b>chmod 755 /home/METRAN</b></tt>
+
+# <tt class="userinput"><b>mkdir /home/METRAN/linda</b></tt>
+# <tt class="userinput"><b>chown 'METRAN\linda:METRAN\Domain Users' /home/METRAN/linda</b></tt>
+# <tt class="userinput"><b>chmod 700 /home/METRAN/linda</b></tt></pre></blockquote>
+<a name="samba2-CHP-9-NOTE-149"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>One side effect of creating the home directories is that if the Samba
+server is configured with a <tt class="literal">[homes]</tt> share, the
+domain users can see and access their home directories through
+Samba's file sharing.</p>
+</blockquote>
+
+<p>Next, we need to compile and install the PAM module in the Samba
+distribution. From the source directory in the Samba distribution,
+issue the following commands:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>make nsswitch/pam_winbind.so</b></tt>
+# <tt class="userinput"><b>cp nsswitch/pam_winbind.so /lib/security</b></tt></pre></blockquote>
+
+<p>and check that it was copied over correctly:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>ls /lib/security/pam_winbind.so</b></tt>
+/lib/security/pam_winbind.so</pre></blockquote>
+
+<p>On Red Hat Linux, the PAM configuration files reside in
+<em class="filename">/etc/pam.d</em>. Before making any modifications, we
+strongly advise making a backup of this directory:</p>
+
+<blockquote><pre class="code"># cp -pR /etc/pam.d /etc/pam.d.backup</pre></blockquote>
+
+<p>The reason for this is that we will be modifying the Linux
+system's means of authenticating logins, and if our
+configuration goes awry, all users (including
+<tt class="literal">root</tt>) will be locked out of the system. In case
+the worst happens, we would reboot into single-user mode (by typing
+<tt class="literal">linux</tt> <tt class="literal">single</tt> at the LILO:
+prompt) or boot a rescue disk, and then we would issue these two
+commands:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>mv /etc/pam.d /etc/pam.d.bad</b></tt>
+# <tt class="userinput"><b>mv /etc/pam.d.backup /etc/pam.d</b></tt></pre></blockquote>
+
+<p>Be very careful to make sure you can recover from any errors you make
+because when PAM encounters any configuration information it
+doesn't understand, its action is not to allow
+access. This means you must be sure to enter everything correctly!
+You might want to leave yourself logged in as root on a spare virtual
+terminal while you are modifying your PAM configuration to ensure
+yourself a means of easy recovery.</p>
+
+<p>In the <em class="filename">/etc/pam.d</em> directory, you will encounter
+a file for each service that uses PAM. We are interested only in the
+file corresponding to the login service, which is called
+<em class="filename">login</em>. It contains the following lines:</p>
+
+<blockquote><pre class="code">auth required /lib/security/pam_securetty.so
+auth required /lib/security/pam_stack.so service=system-auth
+auth required /lib/security/pam_nologin.so
+account required /lib/security/pam_stack.so service=system-auth
+password required /lib/security/pam_stack.so service=system-auth
+session required /lib/security/pam_stack.so service=system-auth
+session optional /lib/security/pam_console.so</pre></blockquote>
+
+<p>The lines starting with <tt class="literal">auth</tt> are related to the
+function of authentication&mdash;that is, printing a password prompt,
+accepting the password, verifying that it is correct, and matching
+the user to a valid user and group ID. The line starting with
+<tt class="literal">account</tt> is for account management, which allows
+access to be controlled by other factors, such as what times during
+the day a user is allowed access. We are not concerned with the lines
+starting with <tt class="literal">password</tt> or
+<tt class="literal">session</tt> because winbind does not add to either of
+those functions.</p>
+
+<p>The third column lists the PAM module, possibly with arguments, that
+is called in for the task. The
+<em class="filename">pam_stack.so</em><a name="INDEX-113"/> module has been added by Red Hat to act
+somewhat like a macro or a subroutine. It calls the file in the
+<em class="filename">pam.d</em> directory named by the service argument.
+In this case, the file <em class="filename">/etc/pam.d/system-auth</em>
+contains a common set of lines that are used as a default for many
+services. Because we want to customize the login service for winbind,
+we first replace the <em class="filename">pam_stack.so</em> lines for
+<tt class="literal">auth</tt> and <tt class="literal">account</tt> with the
+<tt class="literal">auth</tt> and <tt class="literal">account</tt> lines from
+<em class="filename">/etc/pam.d/system-auth</em>. This yields:</p>
+
+<blockquote><pre class="code">auth required /lib/security/pam_securetty.so
+<b class="emphasis-bold">auth required /lib/security/pam_env.so</b>
+<b class="emphasis-bold">auth sufficient /lib/security/pam_unix.so likeauth nullok</b>
+<b class="emphasis-bold">auth required /lib/security/pam_deny.so</b>
+auth required /lib/security/pam_nologin.so
+<b class="emphasis-bold">account required /lib/security/pam_unix.so</b>
+password required /lib/security/pam_stack.so service=system-auth
+session required /lib/security/pam_stack.so service=system-auth
+session optional /lib/security/pam_console.so</pre></blockquote>
+
+<p>To add winbind support, we need to add a line in both the
+<tt class="literal">auth</tt> and <tt class="literal">account</tt> sections to
+call the
+<em class="filename">pam_winbind.so</em><a name="INDEX-114"/> module:</p>
+
+<blockquote><pre class="code">auth required /lib/security/pam_securetty.so
+auth required /lib/security/pam_env.so
+<b class="emphasis-bold">auth sufficient /lib/security/pam_winbind.so</b>
+auth sufficient /lib/security/pam_unix.so <b class="emphasis-bold">use_first_pass</b> likeauth nullok
+auth required /lib/security/pam_deny.so
+auth required /lib/security/pam_nologin.so
+<b class="emphasis-bold">account sufficient /lib/security/pam_winbind.so</b>
+account required /lib/security/pam_unix.so
+password required /lib/security/pam_stack.so service=system-auth
+session required /lib/security/pam_stack.so service=system-auth
+session optional /lib/security/pam_console.so</pre></blockquote>
+
+<p>The keywords <tt class="literal">required</tt> and
+<tt class="literal">sufficient</tt> in the second column are significant.
+The keyword <tt class="literal">required</tt> specifies that the result
+returned by the module (either to pass or fail the authentication)
+must be taken into account, whereas the keyword
+<tt class="literal">sufficient</tt> specifies that if the module
+successfully authenticates the user, no further lines need to be
+processed. By specifying <tt class="literal">sufficient</tt> for the
+<em class="filename">pam_winbind.so</em> module, we let winbind attempt to
+authenticate users, and if it succeeds, the PAM system returns to the
+application. If the <em class="filename">pam_winbind.so</em> module
+doesn't find the user or the password does not
+match, the PAM system continues with the next line, which performs
+authentication according to the usual Linux user authentication. This
+way, both domain users and local users can log in.</p>
+
+<p>Notice that we also added the <tt class="literal">use_first_pass</tt>
+argument to the <em class="filename">pam_unix.so</em> module in the
+<tt class="literal">auth</tt> section. By default, both the
+<em class="filename">pam_winbind.so</em> and
+<em class="filename">pam_unix.so</em> modules print a password prompt and
+accept a password. In cases where users are logging in to the Linux
+system using their local accounts, this would require them to enter
+their password twice. The <tt class="literal">user_first_pass</tt> argument
+tells the <em class="filename">pam_unix.so</em> module to reuse the
+password that was given to the <em class="filename">pam_winbind.so</em>
+module, which results in users having to enter the password only
+once.</p>
+
+<p>After modifying the <em class="filename">login</em> configuration file,
+switch to a spare virtual console and make sure you can still log in
+using a regular Linux account. If not, check your modifications
+carefully and try again until you get it right. Then log in using a
+domain user account from the Windows PDC database to check that the
+winbind authentication works. You will need to specify the username
+in <em class="replaceable">DOMAIN</em>\<em class="replaceable">user</em>
+format, like this:</p>
+
+<blockquote><pre class="code">login: METRAN\linda
+Password:</pre></blockquote>
+
+<p>More information on configuring winbind can be found in the Samba
+source distribution file
+<em class="filename">docs/htmldocs/winbind.html</em>, and in the
+<em class="emphasis">winbindd</em> manual page. If you would like to learn
+more about configuring PAM, we recommend the web page <a href="http://www.kernel.org/pub/linux/libs/pam/">http://www.kernel.org/pub/linux/libs/pam/</a> as
+a starting place. Some of the documentation for Linux PAM, including
+Red Hat's extensions, can also be found on Red Hat
+Linux in
+<em class="filename">/usr/share/doc/pam-</em><em class="replaceable">version</em>.
+<a name="INDEX-115"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-9-SECT-5.5"/>
+
+<h3 class="head2">winbind Configuration Options</h3>
+
+<p><a href="chh09.html#samba2-CHP-9-TABLE-9">Table 9-9</a> <a name="INDEX-116"/><a name="INDEX-117"/>summarizes some commonly used options
+that you can use to configure winbind.</p>
+
+<a name="samba2-CHP-9-TABLE-9"/><h4 class="head4">Table 9-9. winbind options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">winbind</tt> <tt class="literal">separator</tt></p>
+</td>
+<td>
+<p>string (single character)</p>
+</td>
+<td>
+<p>Character to use as a separator in domain usernames and group names</p>
+</td>
+<td>
+<p>Backslash (<tt class="literal">\</tt>)</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">winbind uid</tt></p>
+</td>
+<td>
+<p>string (numeric range)</p>
+</td>
+<td>
+<p>Range of UIDs for RID-to-UID mapping</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">winbind gid</tt></p>
+</td>
+<td>
+<p>string (numeric range)</p>
+</td>
+<td>
+<p>Range of GIDs for RID-to-GID mapping</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">winbind cache time</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Number of seconds the <em class="emphasis">winbindd</em> daemon caches
+user and group data</p>
+</td>
+<td>
+<p><tt class="literal">15</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">template</tt> <tt class="literal">homedir</tt></p>
+</td>
+<td>
+<p>string (directory name)</p>
+</td>
+<td>
+<p>Directory to be used as the home directory of the logged-in domain
+user</p>
+</td>
+<td>
+<p><tt class="literal">/home/%D/%U</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">template</tt> <tt class="literal">shell</tt></p>
+</td>
+<td>
+<p>string (command name)</p>
+</td>
+<td>
+<p>The program to use as the logged-in domain user's
+shell</p>
+</td>
+<td>
+<p><tt class="literal">/bin/false</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-5.5.1"/>
+
+<a name="INDEX-118"/><h3 class="head3">winbind separator</h3>
+
+<p>On Windows systems, the backslash (<tt class="literal">\</tt>) is commonly
+used as a separator in file names, UNCs, and the names of domain
+users and groups. For example, an account in the METRAN domain with a
+username of <tt class="literal">linda</tt> would be written as
+<tt class="literal">METRAN\linda</tt>. On Unix systems, the backslash is
+commonly used as a metacharacter for quoting, so the account would
+have to be specified as <tt class="literal">METRAN\\linda</tt> or
+'<tt class="literal">METRAN\linda</tt>'. The winbind separator parameter
+allows another character to be used instead of the backslash
+character, making it much easier to type in domain user and group
+names. For example, with:</p>
+
+<blockquote><pre class="code">[global]
+ winbind separator = +</pre></blockquote>
+
+<p>the aforementioned account could be written simply as
+<tt class="literal">METRAN+linda</tt> on the Unix host, making it
+unnecessary to use additional backslashes or single quotes. Winbind
+then uses the same format for reporting domain user and group names.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-5.5.2"/>
+
+<a name="INDEX-119"/><h3 class="head3">winbind uid</h3>
+
+<p>As part of <em class="emphasis">winbindd</em> 's task of
+letting Windows NT domain users function as local users on the Unix
+host, <em class="emphasis">winbindd</em> supplies a Unix UID that is
+linked to the Windows RID of the domain user. The
+<tt class="literal">winbind</tt> <tt class="literal">uid</tt> parameter allows
+the Unix system administrator to allocate a range of UIDs for this
+purpose. It is very important that this range not overlap any UIDs
+used for other purposes on the Unix system, so we recommend you begin
+your range at a very high number, one much larger than the number of
+local users and NIS users that will ever exist. For example,
+<tt class="literal">winbind</tt> <tt class="literal">uid</tt> might be defined
+as:</p>
+
+<blockquote><pre class="code">[global]
+ winbind uid = 10000-15000</pre></blockquote>
+
+<p>on a system that would never have more than 9,999 local and NIS
+users, or for that matter, any other entries in
+<em class="filename">/etc/passwd</em> that would use up another UID.
+Because the example allocates 5,000 UIDs to
+<em class="emphasis">winbindd</em>, the assumption is that there will
+never be more than 5,000 domain users accessing the Samba host.</p>
+
+<p>If your method for adding new local users to the system assigns UIDs
+automatically, make sure it does not assign them within the range of
+UIDs allocated to winbind. This might happen if the algorithm used
+adds 1 to the highest UID assigned thus far.</p>
+
+<p>There is no default for <tt class="literal">winbind</tt>
+<tt class="literal">uid</tt>, so you must specify it in your Samba
+configuration file for winbind to work.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-5.5.3"/>
+
+<a name="INDEX-120"/><h3 class="head3">winbind gid</h3>
+
+<p>This option works like <tt class="literal">winbind</tt>
+<tt class="literal">uid</tt>, except that it is for allocating a range of
+GIDs for use with <em class="emphasis">winbindd</em>. You might not need
+to allocate as many GIDs as UIDs because you probably have relatively
+few domain groups that need corresponding GIDs. (In many cases, users
+are all members of the Domain Users group, requiring only one GID.)
+However, it is best to play it safe, so make sure to allocate many
+more GIDs than you think you will need.</p>
+
+<p>As with <tt class="literal">winbind</tt> <tt class="literal">uid</tt>, if you are
+using a method of adding new local users to your Unix host that
+automatically assigns GIDs, either make sure the method used
+doesn't conflict with winbind or set the GIDs
+manually.</p>
+
+<p>There is no default for <tt class="literal">winbind</tt>
+<tt class="literal">gid</tt>, so you must specify it in your Samba
+configuration file for winbind to work.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-5.5.4"/>
+
+<a name="INDEX-121"/><h3 class="head3">winbind cache time</h3>
+
+<p>The <em class="emphasis">winbindd</em> daemon maintains a cache of user
+and group data that has been retrieved from the Windows PDC to reduce
+network queries and increase performance. The
+<tt class="literal">winbind</tt> <tt class="literal">cache</tt>
+<tt class="literal">time</tt> parameter allows the amount of time (in
+seconds) <em class="emphasis">winbindd</em> can use the cached data before
+querying the PDC to check for an update. By default, this interval is
+set to 15 seconds. This means that when any part of a user or group
+account on the PDC is modified, it can take up to 15 seconds for
+<em class="emphasis">winbindd</em> to update its own database.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-5.5.5"/>
+
+<a name="INDEX-122"/><h3 class="head3">template homedir</h3>
+
+<p>When the local Unix system is configured to allow domain users to log
+in, the user must be provided with a home directory for many
+programs, including command shells, to function properly. The
+<tt class="literal">template</tt> <tt class="literal">homedir</tt> option is used
+to set the name of the home directory. In the name of the directory,
+<tt class="literal">%D</tt> is replaced by the name of the Windows NT
+domain the user is in, and <tt class="literal">%U</tt> is replaced by his
+username. By default, <tt class="literal">template</tt>
+<tt class="literal">homedir</tt> is set to <tt class="literal">/home/%D/%U</tt>,
+which works fine for a network in which there might be more than one
+Windows NT domain, and it is possible for different people in
+different domains to have the same username. If you are sure you will
+never have more than one Windows NT domain on your network, or you
+have more than one domain but know for sure that unique users have
+identical usernames in each multiple domain, you might prefer to set
+<tt class="literal">template</tt> <tt class="literal">homedir</tt> like this:</p>
+
+<blockquote><pre class="code">[global]
+ template homedir = /home/%U</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-9-SECT-5.5.6"/>
+
+<a name="INDEX-123"/><h3 class="head3">template shell</h3>
+
+<p>This option specifies the program to use as the shell for domain
+users who are logged in to the Unix host. By default, it is set to
+<em class="emphasis">/bin/false</em>, which effectively denies domain
+users to log in. If you wish to allow logins for domain users, set
+<tt class="literal">template</tt> <tt class="literal">shell</tt> to a valid
+command shell (or other program) that you want to act as the textual
+interface the domain users will receive when logged in. A common
+setting on Linux would be:</p>
+
+<blockquote><pre class="code">[global]
+ template shell = /bin/bash</pre></blockquote>
+
+<p>which would give users the Bash shell for their interactive login
+sessions. <a name="INDEX-124"/><a name="INDEX-125"/> <a name="INDEX-126"/><a name="INDEX-127"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> Having both encrypted and nonencrypted
+password clients on your network is one of the reasons why Samba
+allows you to include (or not include) various options in the Samba
+configuration file based on the client operating system or machine
+name variables.</p> <a name="FOOTNOTE-2"/>
+<p><a href="#FNPTR-2">[2]</a> This is because the Unix <em class="emphasis">passwd</em> program,
+which is the usual target for this operation, allows
+<tt class="literal">root</tt> to change a user's password
+without the security restriction that requests the old password of
+that user.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html>
diff --git a/docs/htmldocs/using_samba/ch10.html b/docs/htmldocs/using_samba/ch10.html
new file mode 100644
index 00000000000..7ba29b1e954
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch10.html
@@ -0,0 +1,1695 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 10. Printing</h1>
+
+
+
+<p><a name="INDEX-1"/>This
+chapter tackles the topic of setting up printers for use with Samba.
+Aside from the &quot;coolness factor&quot; of
+seeing documents from Windows word processing and graphics
+applications appearing in the output tray of the Unix printer, this
+facility can greatly increase the usefulness of your Samba server. In
+many organizations, using a Unix system as the print server has led
+to happier system administrators and users alike, due to the reduced
+frequency of problems.</p>
+
+<p>Samba allows client machines to share printers connected to the Samba
+host system, and Samba can also send Unix documents to printers
+shared by Windows systems. In this chapter, we discuss how to get
+printers configured to work in either direction.</p>
+
+<p>We focus in this chapter on getting Samba to serve up printers that
+are already functioning on the Unix host. We include just a few
+basics about setting up printers on Unix. Good references for this
+topic include <em class="citetitle">Network Printing</em>,
+<em class="citetitle">Essential System Administration</em>, and
+<em class="citetitle">Running Linux</em>, all by
+O'Reilly and Associates.</p>
+
+
+
+<div class="sect1"><a name="samba2-CHP-10-SECT-1"/>
+
+<h2 class="head1">Sending Print Jobs to Samba</h2>
+
+<p><a name="INDEX-2"/>A
+printer shared by the Samba server shows up in the list of shares
+offered in the Network Neighborhood. If the printer is registered on
+the client machine and the client has the correct printer driver
+installed, the client can effortlessly send print jobs to a printer
+attached to a Samba server. <a href="ch10.html#samba2-CHP-10-FIG-1">Figure 10-1</a> shows a
+Samba printer as it appears in the Network Neighborhood of a Windows
+client.</p>
+
+<div class="figure"><a name="samba2-CHP-10-FIG-1"/><img src="figs/sam2_1001.gif"/></div><h4 class="head4">Figure 10-1. A Samba printer in the Network Neighborhood</h4>
+
+<p>To administer printers with Samba, you should understand the basic
+process by which
+<a name="INDEX-3"/>printing
+takes place on a network. On the client system, the application
+software prints by utilizing the system's printer
+driver for the printer that will be creating the actual output. It is
+the printer driver software running on the client system that
+translates the application's high-level calls into a
+stream of binary data specific to the model of printer in use. In the
+case of a serial, parallel, or USB printer, the data is stored in a
+temporary file in the local system's printer queue
+and then sent through the respective port directly to the printer.
+For a network printer, the file is sent over the network.</p>
+
+<a name="samba2-CHP-10-NOTE-150"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Because the data has already been processed through a printer driver
+by the time it reaches the Samba host, make sure the printer on the
+Unix system is configured without any printer driver and that it will
+print whatever data it receives in raw form. If you already have the
+printer configured for use by Unix applications, you might need to
+set up another queue for it to print documents received from Windows
+clients correctly.</p>
+</blockquote>
+
+<p>Sending a <a name="INDEX-4"/>print job to a printer on a
+<a name="INDEX-5"/>Samba server involves four steps:</p>
+
+<ol><li>
+<p>Opening and authenticating a connection to the printer share</p>
+</li><li>
+<p>Copying the file over the network</p>
+</li><li>
+<p>Closing the connection</p>
+</li><li>
+<p>Printing and deleting the copy of the file</p>
+</li></ol>
+<p>When a print job arrives at a Samba server, the print data is
+temporarily written to disk in the directory specified by the
+<tt class="literal">path</tt> option of the printer share. Samba then
+executes a Unix print command to send that datafile to the printer.
+The job is then printed as the authenticated user of the share. Note
+that this can be the guest user, depending on how the share is
+configured.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-10-SECT-1.1"/>
+
+<h3 class="head2">Print Commands</h3>
+
+<p><a name="INDEX-6"/>To print the
+document, you'll need to inform Samba of the command
+used to print and delete a file. On Linux, which uses a BSD-style
+printing system, a command that does this is:</p>
+
+<blockquote><pre class="code">lpr -r -P<em class="replaceable">printer</em> <em class="replaceable">file</em></pre></blockquote>
+
+<p>This command tells <a name="INDEX-7"/><em class="emphasis">lpr</em> to retrieve the
+name of the printer in the system configuration file
+(<em class="filename">/etc/printcap</em>) and interpret the rules it finds
+there to decide how to process the data and which physical device to
+send it to. Note that because the <em class="emphasis">-r</em> option has
+been specified, the file will be deleted after it has been printed.
+Of course, the file removed is just a copy stored on the Samba
+server; the original document on the client is unaffected.</p>
+
+<p>The process is similar on System V Unix. Here, printing and deleting
+become a compound command:</p>
+
+<blockquote><pre class="code">lp -d<em class="replaceable">printer</em> -s <em class="replaceable">file</em>; rm <em class="replaceable">file</em></pre></blockquote>
+
+<p>In this case, the <em class="filename">/etc/printcap</em> file is replaced
+with a different set of configuration files residing in
+<em class="filename">/usr/spool/lp</em>. Because the
+<em class="emphasis">lp</em> command has no option to delete the file
+after it is printed, we have added the <em class="emphasis">rm</em>
+command.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-10-SECT-1.2"/>
+
+<h3 class="head2">A Minimal Printing Setup</h3>
+
+<p>Let's start with a simple yet illustrative
+<a name="INDEX-8"/>printing
+share. Assuming that you're on a Linux system and
+you have a printer called <tt class="literal">netprinter</tt> listed in the
+printer capabilities file, the following addition to your
+<em class="filename">smb.conf</em> file makes the printer accessible
+through the network:</p>
+
+<blockquote><pre class="code">[printer1]
+ printable = yes
+ print command = /usr/bin/lpr -P%p -r %s
+ printer = netprinter
+ printing = BSD
+ path = /var/tmp</pre></blockquote>
+
+<p>The variable <tt class="literal">%s</tt> in the
+<tt class="literal">print</tt><a name="INDEX-9"/> <tt class="literal">command</tt>
+option is replaced with the name of the file to be printed when Samba
+executes the command. There are four Samba configuration-file
+variables specifically for use with
+<a name="INDEX-10"/>printing
+options. They are shown in <a href="ch10.html#samba2-CHP-10-TABLE-1">Table 10-1</a>.</p>
+
+<a name="samba2-CHP-10-TABLE-1"/><h4 class="head4">Table 10-1. Printing variables</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Variable</p>
+</th>
+<th>
+<p>Definition</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">%s</tt></p>
+</td>
+<td>
+<p>The full pathname of the file on the Samba server to be printed</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%f</tt></p>
+</td>
+<td>
+<p>The name of the file itself (without the preceding path) on the Samba
+server to be printed</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%p</tt></p>
+</td>
+<td>
+<p>The name of the Unix printer to use</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%j</tt></p>
+</td>
+<td>
+<p>The number of the print job (for use with <tt class="literal">lprm</tt>,
+<tt class="literal">lppause</tt>, and <tt class="literal">lpresume</tt>)</p>
+</td>
+</tr>
+
+</table>
+
+<p>For other flavors of Unix, it is necessary to modify both the
+<tt class="literal">printing</tt> and <tt class="literal">print</tt>
+<tt class="literal">command</tt> options. For System V Unix, we would
+specify:</p>
+
+<blockquote><pre class="code">[printer1]
+ printing = SYSV
+ print command = lp -d%p -s %s; rm %s</pre></blockquote>
+
+<p>With the <tt class="literal">printing</tt> <tt class="literal">=</tt>
+<tt class="literal">SYSV</tt> parameter, we notify Samba that the local
+printing system uses the System V Unix method. As mentioned earlier,
+the <tt class="literal">%p</tt> variable resolves to the name of the
+printer, while the <tt class="literal">%s</tt> variable resolves to the
+name of the file.</p>
+
+<p>Clients might need to request the status of a print job sent to the
+Samba server. Because Samba sends print jobs to the Unix printing
+system for spooling, there might be a number of jobs in the queue at
+any given time. Consequently, Samba needs to communicate to the
+client not only the status of the current printing job, but also
+which documents are waiting to be printed on that printer. Samba also
+has to provide the client the ability to pause print jobs, resume
+print jobs, and remove print jobs from the printing queue. Samba
+provides options for each of these tasks. As you might expect, they
+borrow functionality from the following existing Unix commands:</p>
+
+<ul><li>
+<p><tt class="literal">lpq</tt><a name="INDEX-11"/></p>
+</li><li>
+<p><tt class="literal">lprm</tt><a name="INDEX-12"/></p>
+</li><li>
+<p><tt class="literal">lppause</tt><a name="INDEX-13"/></p>
+</li><li>
+<p><tt class="literal">lpresume</tt><a name="INDEX-14"/></p>
+</li></ul>
+<p>We cover these options in more detail later in this chapter. For the
+most part, Samba provides reasonable default values for them based on
+the value of the <tt class="literal">printing</tt> configuration option, so
+you can probably get by without having to formulate your own commands
+for them.</p>
+
+<p>Here are a few important items to remember about
+<a name="INDEX-15"/>printing shares:</p>
+
+<ul><li>
+<p>You must put
+<tt class="literal">printable</tt><a name="INDEX-16"/> <tt class="literal">=</tt>
+<tt class="literal">yes</tt> in all printer shares (even
+<tt class="literal">[printers]</tt>) so that Samba knows they are printer
+shares. If you forget, the shares will be unusable for printing and
+will instead be treated as disk shares.</p>
+</li><li>
+<p>If you set the <tt class="literal">path</tt> configuration option in the
+printer section, any files sent to the printer(s) will be copied to
+the directory you specify instead of to the default location of
+<em class="filename">/tmp</em>. Because the amount of disk space allocated
+to <em class="filename">/tmp</em> can be relatively small in some Unix
+operating systems, many administrators prefer to use
+<em class="filename">/var/tmp, /var/spool/tmp</em>, or some other
+directory instead.</p>
+</li><li>
+<p>If you set <tt class="literal">guest</tt> <tt class="literal">ok</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> in a printer share and
+Samba is configured for share-level security, anyone can send data to
+the printer as the <tt class="literal">guest</tt>
+<tt class="literal">account</tt> user.</p>
+</li></ul>
+<p>Using one or more Samba machines as a print server gives you a great
+deal of flexibility on your LAN. You can easily partition your
+available printers, restricting some to members of one department, or
+you can maintain a bank of printers available to all. In addition,
+you can restrict a printer to a select few by adding the
+<tt class="literal">valid</tt> <tt class="literal">users</tt> option to its share
+definition:</p>
+
+<blockquote><pre class="code">[deskjet]
+ printable = yes
+ path = /var/spool/samba/print
+ valid users = elizabeth cozy jack heather alexander lina emerald</pre></blockquote>
+
+<p>All the other share accessibility options work for printing shares as
+well.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-10-SECT-1.3"/>
+
+<h3 class="head2">The [printers] Share</h3>
+
+<p>If a share named
+<tt class="literal">[printers]</tt><a name="INDEX-17"/> is in the configuration file,
+Samba will automatically read in your printer capabilities file and
+create a printing share for each printer that appears in the file.
+For example, if the Samba server had <tt class="literal">lp</tt>,
+<tt class="literal">pcl</tt>, and <tt class="literal">ps</tt> printers in its
+printer capabilities file, Samba would provide three printer shares
+with those names, each configured with the options in the
+<tt class="literal">[printers]</tt> share.</p>
+
+<p>Recall that Samba obeys the following rules when a client requests a
+share that has not been created with an explicit share definition in
+the <em class="filename">smb.conf</em> file:</p>
+
+<ul><li>
+<p>If the share name matches a username in the system password file and
+a <tt class="literal">[homes]</tt> share exists, a new share is created
+with the name of the user and is initialized using the values given
+in the <tt class="literal">[homes]</tt> and <tt class="literal">[global]</tt>
+sections.</p>
+</li><li>
+<p>Otherwise, if the name matches a printer in the system printer
+capabilities file and a <tt class="literal">[printers]</tt> share exists, a
+new share is created with the name of the printer and initialized
+using the values given in the <tt class="literal">[printers]</tt> section.
+(Variables in the <tt class="literal">[global]</tt> section do not apply
+here.)</p>
+</li><li>
+<p>If neither of those succeeds, Samba looks for a
+<tt class="literal">default</tt> <tt class="literal">service</tt> share. If none
+is found, it returns an error.</p>
+</li></ul>
+<p>This brings to light an important point: be careful that you do not
+give a printer the same name as a user. Otherwise, users end up
+connecting to a disk share when they might have wanted a printer
+share instead.</p>
+
+<p>Here is an example
+<tt class="literal">[printers]</tt><a name="INDEX-18"/> share for a Linux system. Some of
+these options are already defaults; however, we have listed them
+anyway for illustrative purposes:</p>
+
+<blockquote><pre class="code">[printers]
+ printable = yes
+ printing = BSD
+ printcap name = /etc/printcap
+ print command = /usr/bin/lpr -P%p -r %s
+ path = /var/spool/lpd/tmp
+ min print space = 2000</pre></blockquote>
+
+<p>Here, we've given Samba global options that specify
+the printing type (BSD), a print command to send data to the printer
+and later remove the temporary file, the location of our printer
+capabilities file, and a minimum disk space for printing of 2MB.</p>
+
+<p>In addition, we've created a
+<tt class="literal">[printers]</tt> share for each system printer. Our
+temporary spooling directory is specified by the
+<tt class="literal">path</tt> option:
+<em class="filename">/var/spool/lpd/tmp</em>. Each share is marked as
+printable&mdash;this is a necessary option, even in the
+<tt class="literal">[printers]</tt> section.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-10-SECT-1.4"/>
+
+<h3 class="head2">Testing the Configuration</h3>
+
+<p><a name="INDEX-19"/>After running
+<em class="emphasis">testparm</em> and restarting the Samba daemons, you
+can check to make sure everything is set up correctly by using
+<em class="emphasis">smbclient</em><a name="INDEX-20"/><a name="INDEX-21"/> to send a file to the printer.
+Connect to the printer using the command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbclient /</b></tt><em class="replaceable">server</em><tt class="userinput"><b>/</b></tt><em class="replaceable">printshare</em></pre></blockquote>
+
+<p>and then use the <em class="emphasis">print</em> command to print a file:</p>
+
+<blockquote><pre class="code">smb: /&gt; <tt class="userinput"><b>print </b></tt><em class="replaceable">textfile</em></pre></blockquote>
+
+<a name="samba2-CHP-10-NOTE-151"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>If you connect to a print share served by a Windows 95/98/Me system
+configured to use user-mode security and cannot authenticate using
+what you know to be a correct username and password, try
+reconfiguring the Windows system to use share-mode security.</p>
+</blockquote>
+
+<p>When you print something through the Samba server via
+<em class="emphasis">smbclient</em>, the following actions should occur:</p>
+
+<ul><li>
+<p>The job appears (briefly) in the Samba spool directory specified by
+the path.</p>
+</li><li>
+<p>The job shows up in your print system's spool
+directory.</p>
+</li><li>
+<p>The job disappears from the spool directory that Samba used.</p>
+</li></ul>
+<p>If <em class="emphasis">smbclient</em> cannot print, you can reset the
+<tt class="literal">print</tt> <tt class="literal">command</tt> option to collect
+debugging information:</p>
+
+<blockquote><pre class="code">print command = echo &quot;printed %s on %p&quot; &gt;&gt;/tmp/printlog</pre></blockquote>
+
+<p>A <a name="INDEX-22"/>common
+problem with Samba printer configuration is forgetting to use the
+full pathnames for commands. Another frequent problem is not having
+the correct permissions on the spooling directory.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> As usual,
+check your Samba log files and system log files for error messages.
+If you use BSD printing, you can change the <tt class="literal">lp</tt>
+keyword in the printer's printcap entry to something
+other than <em class="filename">/dev/null</em>, allowing you to collect
+error messages from the printing system.</p>
+
+<a name="samba2-CHP-10-NOTE-152"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>More information on
+<a name="INDEX-23"/>debugging printers is in the file
+<em class="filename">docs/textdocs/Printing.txt</em> in the Samba source
+distribution. The Unix print systems are covered in detail in
+<a name="INDEX-24"/>&AElig;leen
+Frisch's <em class="emphasis">Essential Systems
+Administration</em> (published by O'Reilly).</p>
+</blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-10-SECT-1.5"/>
+
+<h3 class="head2">Enabling SMB Printer Sharing in Mac OS X</h3>
+
+<p>With Samba preinstalled with
+<a name="INDEX-25"/><a name="INDEX-26"/>Mac OS X, sharing access to a printer
+among Windows clients is easy. First, of course, you should set up
+local access using the Print Center application (located in
+<em class="filename">/Applications/Utilities</em>). Under the Printers
+menu, select Add Printer..., and make the appropriate selection from
+the pop-up menu. For example, if the printer is directly attached,
+select USB; if the printer is powered on, it should appear in the
+list. Choose the printer, and press the Add button.</p>
+
+<p>Edit <em class="filename">/etc/smb.conf</em>, uncommenting the
+<tt class="literal">[printers]</tt> share and making any additional
+configuration changes you feel are necessary. Finally, enable the
+Samba startup item as described in <a href="ch02.html">Chapter 2</a>,
+either by checking Windows File Sharing in Sharing Preferences or by
+manually editing <em class="filename">/etc/hostconfig</em>. Now your
+printer can be used by remote Windows clients.</p>
+
+<p>On Mac OS X and some other BSD-based systems, you can test your
+configuration using
+<em class="emphasis">smbutil</em><a name="INDEX-27"/>. The following will send the
+file named <em class="filename">print_test_file</em> to the printer named
+<em class="filename">printshare</em> on the server
+<em class="emphasis">bsdserver</em> :</p>
+
+<blockquote><pre class="code">% <tt class="userinput"><b>smbutil print //bsdserver/printshare print_test_file</b></tt></pre></blockquote>
+
+<p>See <a href="ch05.html">Chapter 5</a> for more information on using
+<em class="emphasis">smbutil</em>.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-10-SECT-1.6"/>
+
+<h3 class="head2">Setting Up and Testing a Windows Client</h3>
+
+<p><a name="INDEX-28"/>Now that Samba is
+offering a workable printer, you can set up your access to it on a
+Windows client. Browse through the Samba server in the Network
+Neighborhood. It should now show each printer that is available. For
+example, in <a href="ch10.html#samba2-CHP-10-FIG-1">Figure 10-1</a>, we saw a printer called
+<tt class="literal">lp</tt>.</p>
+
+<p>Next, you need to have the Windows client recognize the printer.
+Double-click the printer icon to get started. If you try to select an
+uninstalled printer (as you just did), Windows will ask you if it
+should help configure it for the Windows system. Click the Yes or OK
+button, and the Printer Wizard will open.</p>
+
+<p>If you are installing a printer on Windows 95/98/Me, the first thing
+the wizard will ask is whether you need to print from DOS.
+Let's assume you don't, so choose
+the &quot;No&quot; radio button and press the
+Next &gt; button to get to the manufacturer/model window, as shown in
+<a href="ch10.html#samba2-CHP-10-FIG-2">Figure 10-2</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-10-FIG-2"/><img src="figs/sam2_1002.gif"/></div><h4 class="head4">Figure 10-2. Setting the manufacturer and model of the printer</h4>
+
+<p>In this dialog box, you should see a large list of manufacturers and
+models for a huge number of printers. Select the manufacturer of your
+printer in the left side of the dialog box, and then the exact model
+of the printer in the list on the right side.</p>
+
+<p>In some cases, you might not find your printer in the list, or the
+version of the printer driver included with Windows might be out of
+date. In cases such as these, consult the printer
+manufacturer's documentation on how to install the
+driver. Typically, you will click the Have Disk... button to install
+the driver from a CD-ROM or disk file.</p>
+
+<p>If you don't see your printer on the list, but you
+know it's a PostScript printer, select Apple as the
+manufacturer and Apple LaserWriter as the model. This will give you
+the most basic PostScript printer setup&mdash;and arguably one of the
+most reliable. If you already have PostScript printers attached, you
+will be asked about replacing or reusing the existing driver. Be
+aware that if you replace it with a new one, you might make your
+other printers fail. Therefore, we recommend you keep using your
+existing printer drivers as long as they're working
+properly.</p>
+
+<p>Click the Next &gt; or OK button. On Windows 95/98/Me, the Printer
+Wizard asks you to name the printer. On Windows NT/2000/XP, you need
+to right-click the printer's icon and select
+Properties to assign the printer a name. <a href="ch10.html#samba2-CHP-10-FIG-3">Figure 10-3</a>
+shows how we've named our printer to show that
+it's shared by the <tt class="literal">mixtec</tt> Samba
+server.</p>
+
+<div class="figure"><a name="samba2-CHP-10-FIG-3"/><img src="figs/sam2_1003.gif"/></div><h4 class="head4">Figure 10-3. Setting the printer name</h4>
+
+<p>Finally, on Windows 95/98/Me the Printing Wizard asks if it should
+print a test page. Click the &quot;Yes&quot;
+radio button, then the Finish button, and you should be presented
+with the dialog box shown in <a href="ch10.html#samba2-CHP-10-FIG-4">Figure 10-4</a>. On Windows
+NT/2000/XP, the printer test function is also accessed through the
+printer's Properties dialog box.</p>
+
+<div class="figure"><a name="samba2-CHP-10-FIG-4"/><img src="figs/sam2_1004.gif"/></div><h4 class="head4">Figure 10-4. Sending a test page to the printer</h4>
+
+<p>If the test printing was unsuccessful, click the No button and the
+Printing Wizard will walk you through some debugging steps for the
+client side of the process. If the test printing does work, the
+remote printer will now be available to all Windows applications
+through the File and Print menu items.</p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-10-SECT-2"/>
+
+<h2 class="head1">Printing to Windows Printers</h2>
+
+<p><a name="INDEX-29"/>If you have printers
+connected to systems running Windows 95/98/Me or Windows NT/2000/XP,
+the printers can also be accessed from your Unix system using tools
+that are part of the Samba distribution. First, it is necessary to
+create a printer share on the Windows system. Then set up the printer
+on the Unix side by configuring a new printer and using a Samba
+printing program as the printer's filter.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-10-SECT-2.1"/>
+
+<h3 class="head2">Sharing Windows Printers</h3>
+
+<p>Sharing printers on Windows is not unlike sharing files. In fact, it
+is a little simpler. Open the Control Panel, then double-click the
+Printers icon to open the Printers window. Right-click the icon for
+the printer you want to share, and select Sharing.... This opens the
+dialog box shown in <a href="ch10.html#samba2-CHP-10-FIG-5">Figure 10-5</a> for a Windows 98
+system, or <a href="ch10.html#samba2-CHP-10-FIG-6">Figure 10-6</a> on a Windows 2000 system.
+(The dialog box appears slightly different on other Windows versions,
+but functions almost identically.)</p>
+
+<a name="samba2-CHP-10-NOTE-153"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>On Windows 95/98/Me systems, you may need to run file sharing in
+share-level (rather than user-level) access control mode to access a
+shared printer from Samba. To check or set this mode, go to Control
+Panel, then double-click on Network, then click on the Access Control
+tab. More detailed information on this can be found in <a href="ch05.html">Chapter 5</a>.</p>
+</blockquote>
+
+<div class="figure"><a name="samba2-CHP-10-FIG-5"/><img src="figs/sam2_1005.gif"/></div><h4 class="head4">Figure 10-5. Sharing printers on Windows 98</h4>
+
+<div class="figure"><a name="samba2-CHP-10-FIG-6"/><img src="figs/sam2_1006.gif"/></div><h4 class="head4">Figure 10-6. Sharing printers on Windows 2000</h4>
+
+<p>Click the &quot;Shared as&quot; radio button,
+then click the OK button. The printer is now accessible by other
+systems on the network.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-10-SECT-2.2"/>
+
+<h3 class="head2">Adding a Unix Printer</h3>
+
+<p><a name="INDEX-30"/>The Samba distribution comes with
+three programs that assist with printing on shared printers. The
+<em class="emphasis">smbprint</em><a name="INDEX-31"/> program works with systems that use the
+BSD printing system,
+<em class="emphasis">smbprint.sysv</em><a name="INDEX-32"/>
+works with systems that use System V printing, and
+<em class="emphasis">smbspool</em><a name="INDEX-33"/>
+works with systems that use the Common Unix Printing System (CUPS).
+In the following sections we show you how to install printers for
+each system.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.2.1"/>
+
+<h3 class="head3">BSD printers</h3>
+
+<p><a name="INDEX-34"/><a name="INDEX-35"/>The
+BSD printing system is used by many Unix variants, including Red Hat
+Linux. With BSD printing, all the printers on the system have an
+entry in the <em class="filename">/etc/printcap</em> file, which is the
+database of printer capabilities used by the <em class="emphasis">lpd</em>
+line printer daemon and other programs that assist with printing. The
+Red Hat Linux implementation is a bit different in that
+<em class="filename">/etc/printcap</em> is a machine-generated file, which
+is re-created every time the <em class="emphasis">lpd</em> daemon is
+restarted by the <em class="emphasis">/etc/rc.d/init.d/lpd</em> script.
+Instead of editing <em class="filename">/etc/printcap</em>, we will add an
+entry for our printer in <em class="filename">/etc/printcap.local</em>,
+which the system automatically includes verbatim when creating
+<em class="filename">/etc/printcap</em>.</p>
+
+<a name="samba2-CHP-10-NOTE-154"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>If you are using the version of Samba installed from an RPM file as
+on Red Hat Linux, you might be able to skip these directions and use
+the <em class="emphasis">printconf</em> tool, which has support for SMB
+printers. Unfortunately, this tool might not work correctly if you
+have installed Samba from the Samba source distribution.</p>
+</blockquote>
+
+<p>Here is the entry we added to our
+<em class="filename">/etc/printcap.local</em><a name="INDEX-36"/><a name="INDEX-37"/> file to support our Hewlett-Packard
+DeskJet 932C printer, which is shared by <tt class="literal">maya</tt>, a
+Windows 98 system:</p>
+
+<blockquote><pre class="code">lp|maya-hp932c:\
+ :cm=HP 932C on maya:\
+ :sd=/var/spool/lpd/maya:\
+ :af=/var/spool/lpd/maya/acct:\
+ :if=/usr/local/samba/bin/smbprint:\
+ :mx=0:\
+ :lp=/dev/null:</pre></blockquote>
+
+<p>The first line creates names for the printer. We are calling it both
+<tt class="literal">maya-hp932c</tt>, to describe its location on the
+network and the type of printer, and <tt class="literal">lp</tt> so that
+programs will use it as the default printer. The rest of the lines
+specify keywords and values. The <tt class="literal">cm</tt> keyword allows
+us to assign a comment string to the printer. The
+<tt class="literal">sd</tt> and <tt class="literal">af</tt> keywords assign the
+printer's spool directory and accounting files,
+respectively. The <tt class="literal">if</tt> keyword assigns the print
+filter. We are using the <em class="emphasis">smbprint</em> command to
+send the output to the shared SMB printer. The <tt class="literal">mx</tt>
+keyword is set to zero to allow any size file to be printed, and
+<tt class="literal">lp</tt> is set to <em class="filename">/dev/null</em> to
+discard error messages.</p>
+
+<p>You can follow our model to create an entry for your own printer. If
+you want to go beyond the capabilities we used, refer to your
+system's <em class="emphasis">printcap(5)</em> manual
+page for a complete listing of keywords.</p>
+
+<p>Go to your Samba source distribution's root
+directory, and install the <em class="emphasis">smbprint</em> program like
+this:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>cp examples/printing/smbprint /usr/local/samba/bin</b></tt></pre></blockquote>
+
+<p>We next create the printer's spool directory:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>cd /var/spool/lpd</b></tt>
+# <tt class="userinput"><b>mkdir maya</b></tt>
+# <tt class="userinput"><b>chown lp:lp maya</b></tt>
+# <tt class="userinput"><b>chmod 700 maya</b></tt></pre></blockquote>
+
+<p>The <em class="emphasis">smbprint</em> program looks for a file named
+<em class="filename">.config</em> in the printer's spool
+directory, which contains information on how to connect to the
+printer share. We create this file and then fill in the required
+information:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>cd maya</b></tt>
+# <tt class="userinput"><b>&gt;.config</b></tt>
+# <tt class="userinput"><b>chown lp:lp .config</b></tt>
+# <tt class="userinput"><b>chmod 600 .config</b></tt></pre></blockquote>
+
+<p>Use your preferred text editor to edit the
+<em class="filename">.config</em> file, and enter three lines, like this:</p>
+
+<blockquote><pre class="code">server=maya
+service=hp
+password=&quot;&quot;</pre></blockquote>
+
+<p>This is for our shared printer having a UNC of
+<em class="filename">\\maya\hp</em>. When we created the printer share, we
+did not give it a password, so we use a null password here. If your
+printer share is on a Windows NT/2000/XP system, use your domain
+password.</p>
+
+<p>Finally, restart the printer daemon:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>/etc/rc.d/init.d/lpd restart</b></tt></pre></blockquote>
+
+<p>You can now try printing something. Run the following command:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>lpr textfile</b></tt></pre></blockquote>
+
+<p>If you have everything set up correctly, the file prints on the
+shared printer. If you get &quot;stair
+stepping&quot; of text, caused by the printer not
+returning to the left margin at the beginning of every line, modify
+the <tt class="literal">if</tt> keyword in your printcap entry to run
+<em class="emphasis">smbprint</em> with the <em class="emphasis">-t</em>
+option. <a name="INDEX-38"/><a name="INDEX-39"/></p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.2.2"/>
+
+<h3 class="head3">System V printers</h3>
+
+<p><a name="INDEX-40"/><a name="INDEX-41"/>Sending print jobs from a System V Unix
+system is a little easier than with the BSD system. Here, you need to
+edit the <em class="filename">smbprint.sysv</em> script in the
+<em class="filename">examples/printing</em> directory of the Samba
+distribution and do the following:</p>
+
+<ol><li>
+<p>Change the <tt class="literal">server</tt>, <tt class="literal">service</tt>, and
+<tt class="literal">password</tt> parameters in the script to match the
+NetBIOS computer name, its shared printer service, and its password,
+respectively. For example, the following entries would be correct for
+the service in the previous example:</p>
+
+<blockquote><pre class="code">server = maya
+service = hp
+password = &quot;&quot;</pre></blockquote>
+</li>
+<li>
+<p>Run the following commands, which create a reference for the new
+printer (which we are naming <tt class="literal">hp_printer</tt>) in the
+printer capabilities file:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>lpadmin -p hp_printer -v /dev/null -i./smbprint.sysv</b></tt>
+# <tt class="userinput"><b>enable hp_printer</b></tt>
+# <tt class="userinput"><b>accept hp_printer</b></tt></pre></blockquote>
+</li></ol>
+<p>After you've done that, restart the Samba daemons
+and try printing to <tt class="literal">hp_printer</tt> using any standard
+Unix program.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.2.3"/>
+
+<h3 class="head3">CUPS printers</h3>
+
+<p><a name="INDEX-42"/><a name="INDEX-43"/><a name="INDEX-44"/>CUPS<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a> uses
+a set of modules, called
+<em class="firstterm">backends</em><a name="INDEX-45"/>, to send print jobs to various
+destinations, such as local printers attached to parallel, serial, or
+Universal Serial Bus (USB) ports, or over the network using Unix line
+printer daemon (LPD) protocol, Internet Printing Protocol (IPP),
+AppleTalk Printer Access Protocol (PAP), and so on. The software
+package does not come with a backend for SMB; the Samba suite
+includes the <em class="emphasis">smbspool</em>
+<a name="INDEX-46"/>utility for this purpose.</p>
+
+<p>To enable printing to remote SMB printers using CUPS, create a
+symbolic link named <em class="filename">smb</em> in the CUPS backend
+directory pointing to <em class="emphasis">smbspool</em>. Depending on
+installation options, these could be in a number of places in the
+directory hierarchy, so be sure to check your system. Using a common
+default installation, the command would look like this:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>ln -s /usr/local/samba/bin/smbspool /usr/lib/cups/backend/smb</b></tt></pre></blockquote>
+
+<p>Issue a HUP signal to the CUPS daemon, <em class="emphasis">cupsd</em>,
+and check for the existence of SMB support with the <em class="emphasis">lpinfo
+-v</em> command. Its output should now include a line that says
+<tt class="literal">network</tt> <tt class="literal">smb</tt>.</p>
+
+<p>To add a printer, use the CUPS web interface, accessible on the local
+system at <em class="emphasis">http://localhost:631/</em>,
+or use the <em class="emphasis">lpadmin</em> command:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>lpadmin -p hp932c -E -v smb://maya/hp932c -D &quot;HP 932C on maya&quot;</b></tt></pre></blockquote>
+
+<p>This creates and enables the new print spool called
+<tt class="literal">hp932c</tt>. The <em class="emphasis">-v</em> argument
+specifies the printer device, which in this case is accessed over the
+network using an SMB URI. If the printer is not guest-accessible,
+you'll need to provide a username and password in
+the URI. The full format is as follows:</p>
+
+<blockquote><pre class="code">smb://[<em class="replaceable">username</em>[:<em class="replaceable">password</em>]@][<em class="replaceable">workgroup</em>/]<em class="replaceable">server</em>/<em class="replaceable">printshare</em></pre></blockquote>
+
+<p>The <em class="emphasis">lpadmin</em><a name="INDEX-47"/> command makes changes to
+<em class="filename">/etc/cups/printers.conf</em> and sends a HUP signal
+to the <em class="emphasis">cupsd</em> daemon, resulting in the creation
+of a local raw printer spool. In this example, print data is passed
+in raw format to the Windows system, which has the necessary printer
+drivers and printer description files to format the data
+appropriately. The <em class="emphasis">-D</em> option is used to give the
+printer a comment string.</p>
+
+<p>Once you have the printer set up, it's time to test
+it out. CUPS understands both BSD-style and System V-style printing
+commands, so you can use whichever is more comfortable. Using the BSD
+<em class="emphasis">lpr</em> command, try something like:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>lpr -P hp932c textfile</b></tt></pre></blockquote>
+
+<p>You should now be set up to use the printer from any application on
+the Unix system. <a name="INDEX-48"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-10-SECT-2.3"/>
+
+<h3 class="head2">Samba Printing Options</h3>
+
+<p><a href="ch10.html#samba2-CHP-10-TABLE-2">Table 10-2</a> summarizes the Samba <a name="INDEX-49"/><a name="INDEX-50"/>printing
+options.</p>
+
+<a name="samba2-CHP-10-TABLE-2"/><h4 class="head4">Table 10-2. Printing configuration options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">printing</tt></p>
+</td>
+<td>
+<p><tt class="literal">bsd</tt>, <tt class="literal">sysv</tt>,
+<tt class="literal">cups</tt>, <tt class="literal">hpux</tt>,
+<tt class="literal">aix</tt>, <tt class="literal">qnx</tt>,
+<tt class="literal">plp</tt>, <tt class="literal">softq</tt>, or
+<tt class="literal">lprng</tt></p>
+</td>
+<td>
+<p>Printing system type of the Samba host</p>
+</td>
+<td>
+<p>System-dependent</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">printable</tt> <tt class="literal">(print ok)</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>Marks a share as a printing share</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">printer</tt> <tt class="literal">(printer name)</tt></p>
+</td>
+<td>
+<p>string (Unix printer name)</p>
+</td>
+<td>
+<p>Name for the printer that is shown to clients</p>
+</td>
+<td>
+<p>System-dependent</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lpq cache time</tt></p>
+</td>
+<td>
+<p>numeric (time in seconds)</p>
+</td>
+<td>
+<p>Amount of time in seconds that Samba will cache the printer queue
+status</p>
+</td>
+<td>
+<p><tt class="literal">10</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">postscript</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>Treats all print jobs as PostScript by prefixing
+<tt class="literal">%!</tt> at the beginning of each file</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">load printers</tt></p>
+</td>
+<td>
+<p>boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, automatically loads each printer in the
+<em class="emphasis">printcap</em> file as printing shares</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">print command</tt></p>
+</td>
+<td>
+<p>string (shell command)</p>
+</td>
+<td>
+<p>Unix command to perform printing</p>
+</td>
+<td>
+<p>See below</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lpq command</tt></p>
+</td>
+<td>
+<p>string (shell command)</p>
+</td>
+<td>
+<p>Unix command to return the status of the printing queue</p>
+</td>
+<td>
+<p>See below</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lprm command</tt></p>
+</td>
+<td>
+<p>string (shell command)</p>
+</td>
+<td>
+<p>Unix command to remove a job from the printing queue</p>
+</td>
+<td>
+<p>See below</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lppause command</tt></p>
+</td>
+<td>
+<p>string (shell command)</p>
+</td>
+<td>
+<p>Unix command to pause a job on the printing queue</p>
+</td>
+<td>
+<p>See below</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lpresume</tt> <tt class="literal">command</tt></p>
+</td>
+<td>
+<p>string (shell command)</p>
+</td>
+<td>
+<p>Unix command to resume a paused job on the printing queue</p>
+</td>
+<td>
+<p>See below</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">printcap name</tt></p>
+
+<p><tt class="literal">(printcap)</tt></p>
+</td>
+<td>
+<p>string (filename)</p>
+</td>
+<td>
+<p>Location of the printer capabilities file</p>
+</td>
+<td>
+<p>System-dependent</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">min print space</tt></p>
+</td>
+<td>
+<p>numeric (size in kilobytes)</p>
+</td>
+<td>
+<p>Minimum amount of free disk space that must be present to print</p>
+</td>
+<td>
+<p><tt class="literal">0</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">queuepause</tt> <tt class="literal">command</tt></p>
+</td>
+<td>
+<p>string (shell command)</p>
+</td>
+<td>
+<p>Unix command to pause a queue</p>
+</td>
+<td>
+<p>See below</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">queueresume</tt> <tt class="literal">command</tt></p>
+</td>
+<td>
+<p>string (shell command)</p>
+</td>
+<td>
+<p>Unix command to resume a queue</p>
+</td>
+<td>
+<p>See below</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.3.1"/>
+
+<h3 class="head3">printing</h3>
+
+<p>The <tt class="literal">printing</tt><a name="INDEX-51"/> configuration option tells
+Samba which <a name="INDEX-52"/>printing system to use. There are
+several different families of commands to control printing and print
+statusing. Samba supports seven different types, as shown in <a href="ch10.html#samba2-CHP-10-TABLE-3">Table 10-3</a>.</p>
+
+<a name="samba2-CHP-10-TABLE-3"/><h4 class="head4">Table 10-3. Printing system types</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Variable</p>
+</th>
+<th>
+<p>Definition</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>BSD</p>
+</td>
+<td>
+<p>Berkeley Unix system</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>SYSV</p>
+</td>
+<td>
+<p>System V</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>CUPS</p>
+</td>
+<td>
+<p>Common Unix Printing System</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>AIX</p>
+</td>
+<td>
+<p>IBM's AIX operating system</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>HPUX</p>
+</td>
+<td>
+<p>Hewlett-Packard Unix</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>QNX</p>
+</td>
+<td>
+<p>QNX Realtime Operating System</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>LPRNG</p>
+</td>
+<td>
+<p>LPR Next Generation</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>SOFTQ</p>
+</td>
+<td>
+<p>SOFTQ system</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>PLP</p>
+</td>
+<td>
+<p>Portable Line Printer</p>
+</td>
+</tr>
+
+</table>
+
+<p>The value for this option must be one of these seven selections. For
+example:</p>
+
+<blockquote><pre class="code">printing = SYSV</pre></blockquote>
+
+<p>The default value of this option is system-dependent and is
+configured when Samba is first compiled. For most systems, the
+<em class="filename">configure</em> script automatically detects the
+printing system to be used and configures it properly in the Samba
+makefile. However, if your system is a PLP, LPRNG, or QNX printing
+system, you need to specify this explicitly in the makefile or the
+printing share.</p>
+
+<p>The most common system types are BSD, SYSV, and CUPS. Each printer on
+a BSD Unix server is described in the printer capabilities
+file&mdash;normally <em class="filename">/etc/printcap</em>. See the
+section on the <tt class="literal">printcap</tt> <tt class="literal">file</tt>
+parameter for more information on this topic.</p>
+
+<p>Setting the <tt class="literal">printing</tt> configuration option
+automatically sets at least three other printing options for the
+service in question: <tt class="literal">print</tt>
+<tt class="literal">command</tt>, <tt class="literal">lpq</tt>
+<tt class="literal">command</tt>, and <tt class="literal">lprm</tt>
+<tt class="literal">command</tt>. If you are running Samba on a system that
+doesn't support any of the printing styles listed in
+<a href="ch10.html#samba2-CHP-10-TABLE-3">Table 10-3</a>, simply set the commands for each of
+these manually.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.3.2"/>
+
+<h3 class="head3">printable</h3>
+
+<p>The <tt class="literal">printable</tt><a name="INDEX-53"/> option must be set to
+<tt class="literal">yes</tt> to flag a share as a printing service. If this
+option is not set, the share will be treated as a disk share instead.
+You can set the option as follows:</p>
+
+<blockquote><pre class="code">[printer1]
+ printable = yes</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.3.3"/>
+
+<a name="INDEX-54"/><h3 class="head3">printer</h3>
+
+<p>The option, also called
+<tt class="literal">printer</tt><a name="INDEX-55"/> <tt class="literal">name</tt>,
+specifies the name of the printer on the server to which the share
+points. This option has no default and should be set explicitly in
+the configuration file, even though Unix systems themselves often
+recognize a default name such as <tt class="literal">lp</tt> for a printer.
+For example:</p>
+
+<blockquote><pre class="code">[deskjet]
+ printer = hpdkjet1</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.3.4"/>
+
+<h3 class="head3">lpq cache time</h3>
+
+<p>The global <tt class="literal">lpq</tt><a name="INDEX-56"/> <tt class="literal">cache</tt>
+<tt class="literal">time</tt> option allows you to set the number of
+seconds for which Samba will remember the current printer status.
+After this time elapses, Samba will issue an <em class="emphasis">lpq</em>
+command (or whatever command you specify with the
+<tt class="literal">lpq</tt> <tt class="literal">command</tt> option) to get a
+more up-to-date status that it can report to users. This defaults to
+10 seconds, but can be increased if your <tt class="literal">lpq</tt>
+<tt class="literal">command</tt> takes an unusually long time to run or you
+have lots of clients. A time setting of 0 disables caching of queue
+status. The following example resets the time to 30 seconds:</p>
+
+<blockquote><pre class="code">[deskjet]
+ lpq cache time = 30</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.3.5"/>
+
+<h3 class="head3">postscript</h3>
+
+<p>The <tt class="literal">postscript</tt><a name="INDEX-57"/> option forces the
+printer to treat all data sent to it as PostScript. It does this by
+prefixing the characters <tt class="literal">%!</tt> to the beginning of
+the first line of each job. It is normally used with PCs that insert
+a <tt class="literal">^D</tt> (control-D or
+&quot;end-of-file&quot; mark) in front of the
+first line of a PostScript file. It will not, obviously, turn a
+non-PostScript printer into a PostScript one. The default value of
+this options is <tt class="literal">no</tt>. You can override it as
+follows:</p>
+
+<blockquote><pre class="code">[deskjet]
+ postscript = yes</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.3.6"/>
+
+<h3 class="head3">load printers</h3>
+
+<p>The <tt class="literal">load</tt><a name="INDEX-58"/> <tt class="literal">printers</tt>
+option tells Samba to create shares for all known printer names and
+load those shares into the browse list. Samba will create and list a
+printer share for each printer name in
+<em class="filename">/etc/printcap</em> (or the system equivalent). For
+example, if your
+<em class="filename">printcap</em><a name="INDEX-59"/> file looks
+like this:<a name="FNPTR-3"/><a href="#FOOTNOTE-3">[3]</a></p>
+
+<blockquote><pre class="code">lp:\
+ :sd=/var/spool/lpd/lp:\ <i class="lineannotation">spool directory</i>
+ :mx#0:\ <i class="lineannotation">maximum file size (none)</i>
+ :sh:\ <i class="lineannotation">supress burst header (no)</i>
+ :lp=/dev/lp1:\ <i class="lineannotation">device name for output</i>
+ :if=/var/spool/lpd/lp/filter: <i class="lineannotation">text filter</i>
+
+laser:\
+ :sd=/var/spool/lpd/laser:\ <i class="lineannotation">spool directory</i>
+ :mx#0:\ <i class="lineannotation">maximum file size (none)</i>
+ :sh:\ <i class="lineannotation">supress burst header (no)</i>
+ :lp=/dev/laser:\ <i class="lineannotation">device name for output</i>
+ :if=/var/spool/lpd/lp/filter: <i class="lineannotation">text filter</i></pre></blockquote>
+
+<p>the shares <tt class="literal">[lp]</tt> and <tt class="literal">[laser]</tt> are
+automatically created as valid print shares when Samba is started.
+Both shares borrow the configuration options specified in the
+<tt class="literal">[printers]</tt> section to configure themselves and are
+available in the browse list for the Samba server. The default value
+for this option is <tt class="literal">yes</tt>. If you prefer to specify
+each printer explicitly in your configuration file, use the
+following:</p>
+
+<blockquote><pre class="code">[global]
+ load printers = no</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.3.7"/>
+
+<a name="INDEX-60"/><a name="INDEX-61"/><a name="INDEX-62"/><a name="INDEX-63"/><a name="INDEX-64"/><h3 class="head3">print command, lpq command, lprm command,lppause command, lpresume command</h3>
+
+<p>These options tell Samba which Unix commands control and send data to
+the printer. The Unix commands involved are: <em class="emphasis">lpr</em>
+(send to Line PRinter), <em class="emphasis">lpq</em> (List Printer
+Queue), <em class="emphasis">lprm</em> (Line Printer ReMove), and
+optionally <em class="emphasis">lppause</em> and
+<em class="emphasis">lpresume</em>. Samba provides an option named after
+each command, in case you need to override any of the system
+defaults. For example, consider the following:</p>
+
+<blockquote><pre class="code">lpq command = /usr/ucb/lpq %p</pre></blockquote>
+
+<p>This would set <tt class="literal">lpq</tt> <tt class="literal">command</tt> to
+use <em class="filename">/usr/ucb/lpq</em>. Similarly:</p>
+
+<blockquote><pre class="code">lprm command = /usr/local/bin/lprm -P%p %j</pre></blockquote>
+
+<p>would set the Samba printer remove command to
+<em class="filename">/usr/local/bin/lprm</em> and provide it the print job
+number using the <tt class="literal">%j</tt> variable.</p>
+
+<p>The default values for each option are dependent on the value of the
+<tt class="literal">printing</tt> option. <a href="ch10.html#samba2-CHP-10-TABLE-4">Table 10-4</a>
+shows the default commands for each printing option. The most popular
+printing system is BSD.</p>
+
+<a name="samba2-CHP-10-TABLE-4"/><h4 class="head4">Table 10-4. Default commands for various printing options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>BSD, AIX, PLP, LPRNG</p>
+</th>
+<th>
+<p>SYSV, HPUX</p>
+</th>
+<th>
+<p>QNX</p>
+</th>
+<th>
+<p>SOFTQ</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">print</tt> <tt class="literal">command</tt></p>
+</td>
+<td>
+<p><tt class="literal">lpr -r -P%p %s</tt></p>
+</td>
+<td>
+<p><tt class="literal">lp -c -d%p %s; rm</tt> <tt class="literal">%s</tt></p>
+</td>
+<td>
+<p><tt class="literal">lp -r -P%p %s</tt></p>
+</td>
+<td>
+<p><tt class="literal">lp -d%p -s %s; rm %s</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lpq</tt> <tt class="literal">command</tt></p>
+</td>
+<td>
+<p><tt class="literal">lpq -P%p</tt></p>
+</td>
+<td>
+<p><tt class="literal">lpstat -o%p</tt></p>
+</td>
+<td>
+<p><tt class="literal">lpq -P%p</tt></p>
+</td>
+<td>
+<p><tt class="literal">lpstat -o%p</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lprm</tt> <tt class="literal">command</tt></p>
+</td>
+<td>
+<p><tt class="literal">lprm -P%p %j</tt></p>
+</td>
+<td>
+<p><tt class="literal">cancel %p-%j</tt></p>
+</td>
+<td>
+<p><tt class="literal">cancel %p-%j</tt></p>
+</td>
+<td>
+<p><tt class="literal">cancel %p-%j</tt></p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lppause</tt> <tt class="literal">command</tt></p>
+</td>
+<td>
+<p><tt class="literal">lp -i %p-%j -H</tt> <tt class="literal">hold</tt></p>
+
+<p>(SYSV only)</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>None</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">lpresume</tt> <tt class="literal">command</tt></p>
+</td>
+<td>
+<p><tt class="literal">lp -i %p-%j -H</tt> <tt class="literal">resume</tt></p>
+
+<p>(SYSV only)</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p><tt class="literal">qstat -s -j%j -r</tt></p>
+</td>
+</tr>
+
+</table>
+
+<p>It is usually unnecessary to reset these options in Samba, with the
+possible exception of the <tt class="literal">print</tt>
+<tt class="literal">command</tt>. This option might need to be set
+explicitly if your printing system doesn't have a
+<em class="emphasis">-r</em> (remove after printing) option on the
+printing command. For example:</p>
+
+<blockquote><pre class="code">print command = /usr/local/lpr -P%p %s; /bin/rm %s</pre></blockquote>
+
+<p>With a bit of judicious programming, these
+<em class="filename">smb.conf</em> options can also be used for debugging:</p>
+
+<blockquote><pre class="code">print command = cat %s &gt;&gt;/tmp/printlog; lpr -r -P%p %s</pre></blockquote>
+
+<p>Using the previous configuration, it is possible to verify that files
+are actually being delivered to the Samba server. If they are, their
+contents will show up in the file <em class="filename">/tmp/printlog</em>.</p>
+
+<p>After BSD, the next most popular kind of printing system is SYSV (or
+System V) printing, plus some SYSV variants for
+IBM's AIX and Hewlett-Packard's
+HP-UX. These systems do not have an
+<em class="filename">/etc/printcap</em> file. Instead, the
+<tt class="literal">printcap</tt> <tt class="literal">file</tt> option can be set
+to an appropriate <em class="emphasis">lpstat</em> command for the system.
+This tells Samba to get a list of printers from the
+<em class="emphasis">lpstat</em> command. Alternatively, you can set the
+global configuration option <tt class="literal">printcap</tt>
+<tt class="literal">name</tt> to the name of a dummy
+<em class="filename">printcap</em> file you provide. In the latter case,
+the file must contain a series of lines such as:</p>
+
+<blockquote><pre class="code">lp|print1|My Printer 1
+print2|My Printer 2
+print3|My Printer 3</pre></blockquote>
+
+<p>Each line names a printer followed by aliases for it. In this
+example, the first printer is called <tt class="literal">lp</tt>,
+<tt class="literal">print1</tt>, or <tt class="literal">My</tt>
+<tt class="literal">Printer</tt> <tt class="literal">1</tt>, whichever the user
+prefers to use. The first name is used in place of
+<tt class="literal">%p</tt> in any command Samba executes for that printer.</p>
+
+<p>Two additional printer types are also supported by Samba: LPRNG (LPR
+New Generation) and PLP (Public Line Printer). These are public
+domain and open source printing systems and are used by many sites to
+overcome problems with vendor-supplied software. Samba also supports
+the printing systems of the SOFTQ and QNX real-time operating
+systems.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.3.8"/>
+
+<h3 class="head3">printcap name</h3>
+
+<p>If the <tt class="literal">printcap</tt><a name="INDEX-65"/><a name="INDEX-66"/>
+<tt class="literal">name</tt> option (also called
+<tt class="literal">printcap</tt>) appears in a printing share, Samba uses
+the file specified as the system printer capabilities file (normally
+<em class="filename">/etc/printcap</em>). However, you can reset it to a
+file consisting of only the printers you want to share over the
+network. The value must be the filename (with its complete path
+specified) of a printer capabilities file on the server:</p>
+
+<blockquote><pre class="code">[deskjet]
+ printcap name = /usr/local/samba/lib/printcap</pre></blockquote>
+
+<p>The CUPS printing system uses its own method of determining printer
+capabilities, rather than the standard <em class="filename">printcap</em>
+file. In this case, set <tt class="literal">printcap</tt>
+<tt class="literal">name</tt> as follows:</p>
+
+<blockquote><pre class="code">[global]
+ printing = cups
+ printcap name = cups</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.3.9"/>
+
+<h3 class="head3">min print space</h3>
+
+<p>The <tt class="literal">min</tt><a name="INDEX-67"/> <tt class="literal">print</tt>
+<tt class="literal">space</tt> option sets the amount of space that must be
+available on the disk that contains the spool directory if printing
+is to be allowed. Setting it to zero (the default) turns the check
+off; setting it to any other number sets the amount of free space in
+kilobytes required. This option helps to avoid having print jobs fill
+up the remaining disk space on the server, which can cause other
+processes to fail:</p>
+
+<blockquote><pre class="code">[deskjet]
+ min print space = 4000</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.3.10"/>
+
+<a name="INDEX-68"/><h3 class="head3">queuepause command</h3>
+
+<p>This configuration option specifies a command that tells Samba how to
+pause an entire print queue, as opposed to a single job on the queue.
+The default value depends on the printing type chosen. You should not
+need to alter this option.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-10-SECT-2.3.11"/>
+
+<a name="INDEX-69"/><h3 class="head3">queueresume command</h3>
+
+<p>This configuration option specifies a command that tells Samba how to
+resume a paused print queue, as opposed to resuming a single job on
+the print queue. The default value depends on the printing type
+chosen. You should not need to alter this option. <a name="INDEX-70"/> <a name="INDEX-71"/> <a name="INDEX-72"/><a name="INDEX-73"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> If
+you are using Linux, you can use the <em class="emphasis">checkpc</em>
+command to check for this type of error.</p> <a name="FOOTNOTE-2"/>
+<p><a href="#FNPTR-2">[2]</a> CUPS is open source software (<a href="http://www.opensource.org">http://www.opensource.org</a>) developed by Easy
+Software Products. For more information, visit <a href="http://www.cups.org">http://www.cups.org</a>.</p> <a name="FOOTNOTE-3"/> <p><a href="#FNPTR-3">[3]</a> We have placed annotated comments off to
+the right in case you've never dealt with this file
+before.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html>
diff --git a/docs/htmldocs/using_samba/ch11.html b/docs/htmldocs/using_samba/ch11.html
new file mode 100644
index 00000000000..026879db40e
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch11.html
@@ -0,0 +1,2123 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 11. Additional Samba Information</h1>
+
+
+<p>This chapter wraps up our coverage of the
+<em class="filename">smb.conf</em> configuration file with some
+miscellaneous options that can perform a variety of tasks. We talk
+briefly about options for time synchronization, internationalization,
+messages, and common Windows bugs. For the most part, you will use
+these options only in isolated circumstances.</p>
+
+
+
+<div class="sect1"><a name="samba2-CHP-11-SECT-1"/>
+
+<h2 class="head1">Time Synchronization</h2>
+
+<p>In a network of computers, the systems on the network must agree on
+the current time and also on what time files have been modified. One
+example of the importance of synchronization is the
+<a name="INDEX-1"/>roaming profiles we covered in
+<a href="ch04.html">Chapter 4</a>. It is vital for all clients accessing a
+roaming profile to agree on what time it is and which client last
+modified the user's profile.</p>
+
+<p><a name="INDEX-2"/>Time synchronization can also be
+very important to programmers. A useful group of settings consists of
+the following options:</p>
+
+<blockquote><pre class="code">[global]
+ time server = yes
+ dos filetimes = yes
+ fake directory create times = yes
+ dos filetime resolution = yes
+ delete readonly = yes</pre></blockquote>
+
+<p>If you set these options, Samba shares will provide compatibility of
+file-modification times that Visual C++, <em class="emphasis">nmake</em>,
+and other Microsoft programming tools require. Otherwise, PC
+<em class="emphasis">make</em> programs might think that all the files in
+a directory need to be recompiled every time. Obviously, this is not
+the behavior you want.</p>
+
+<p>In <a href="ch04.html">Chapter 4</a>, we showed you how to create a logon
+script that used the <em class="emphasis">net
+time</em><a name="INDEX-3"/> command to synchronize
+clients' clocks automatically when they log on to
+the domain. If your network is configured as a workgroup rather than
+a domain, you can still make use of <em class="emphasis">net time</em> by
+placing the command:</p>
+
+<blockquote><pre class="code">net time \\<em class="replaceable">sambaserver</em> /set /yes</pre></blockquote>
+
+<p>in a startup script on each client that is run when the system boots.
+Samba always provides time service&mdash;regardless of whether it is
+running as a primary domain controller&mdash;or the
+<tt class="literal">time</tt> <tt class="literal">service</tt> configuration file
+parameter is set.</p>
+
+<p>Assuming that domain users log on to the domain at least once per day
+and workgroup clients reboot frequently, the <em class="emphasis">net
+time</em> command can keep client systems'
+clocks fairly well synchronized. However, sometimes domain users stay
+logged on for longer periods, and workgroup clients can run for days
+between reboots. In the meantime, the systems'
+hardware clocks can wander enough to become a problem. It might be
+possible to work around this, depending on the version of Windows the
+client system is running. On Windows 98/Me, you can use the Task
+Scheduler to run the <em class="emphasis">net time</em> command at regular
+intervals. Likewise, on Windows 2000/XP you can use the MS-DOS
+<em class="emphasis">at</em> command. However, a better way to deal with
+this issue is to use Network Time Protocol, which we will discuss
+shortly.</p>
+
+<p>Proper time synchronization is also important when operating in an
+Active Directory domain because Active Directory uses
+<a name="INDEX-4"/>Kerberos authentication.
+When a Kerberos domain controller creates an authentication ticket
+for a client, the time is encoded into the challenge-and-response
+exchanges between the client and domain controller. If the
+client's clock disagrees with the
+server's clock, authentication can fail.</p>
+
+<p>To provide proper time synchronization in <a name="INDEX-5"/>Active Directory domains, Microsoft has
+adopted <a name="INDEX-6"/>Network Time Protocol (NTP), using the
+name Windows Time Service for its implementation. For further
+information, the Microsoft white paper entitled <em class="citetitle">The
+Windows Time Service</em> can be downloaded from <a href="http://www.microsoft.com">http://www.microsoft.com</a>.</p>
+
+<p>The nice thing about this is that NTP is the standard method for
+synchronizing Unix hosts on a network, so you can synchronize all
+your Unix systems (including the Samba server) and Windows systems
+with the following method:</p>
+
+<ol><li>
+<p>Run NTP on the Unix systems in your network. For more information on
+using NTP, refer to <a href="http://www.ntp.org">http://www.ntp.org</a>.</p>
+</li><li>
+<p>Use one of the Unix systems (such as the Samba host system) as an NTP
+server to serve Windows 2000/XP clients.</p>
+</li><li>
+<p>For other Windows clients, you might have to download an update from
+Microsoft to add <a name="INDEX-7"/><a name="INDEX-8"/>Windows Time Service client support or
+use a third-party application such as the free
+<a name="INDEX-9"/>analogX Atomic TimeSync (<a href="http://www.analogx.com">http://www.analogx.com</a>). Or you can use the
+<em class="emphasis">net time</em> command to update the
+client's clock periodically, as discussed
+previously.</p>
+</li></ol>
+
+<div class="sect2"><a name="samba2-CHP-11-SECT-1.1"/>
+
+<h3 class="head2">Time-Synchronization Options</h3>
+
+<p>To support roaming profiles, programmers accessing your Samba server,
+and other time-sensitive functions on your network,
+you'll want to be aware of the options listed in
+<a href="ch11.html#samba2-CHP-11-TABLE-1">Table 11-1</a>.</p>
+
+<a name="samba2-CHP-11-TABLE-1"/><h4 class="head4">Table 11-1. Time-synchronization options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">time server</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, announces <em class="emphasis">nmbd</em> as an
+SMB time service to Windows clients</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">time offset</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Adds a specified number of minutes to the reported time</p>
+</td>
+<td>
+<p><tt class="literal">0</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">dos filetimes</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Allows non-owners of a file to change its time if they can write to it</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">dos filetime</tt></p>
+
+<p><tt class="literal">resolution</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Causes file times to be rounded to the next even second</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">fake directory</tt> <tt class="literal">create times</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Sets directory times to avoid an MS <em class="emphasis">nmake</em> bug</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-1.1.1"/>
+
+<a name="INDEX-12"/><h3 class="head3">time server</h3>
+
+<p>Samba always operates as an SMB time server, matching the behavior of
+Windows systems. However, Samba's default is not to
+advertise itself as a time server to the network. When this option is
+set to <tt class="literal">yes</tt>, Samba advertises itself as an SMB time
+server:</p>
+
+<blockquote><pre class="code">[global]
+ time service = yes</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-1.1.2"/>
+
+<a name="INDEX-13"/><h3 class="head3">time offset</h3>
+
+<p>To deal with clients that don't properly process
+daylight savings time, Samba provides the <tt class="literal">time</tt>
+<tt class="literal">offset</tt> option. If set, it adds the specified
+number of minutes to the current time. This is handy if
+you're in Newfoundland and Windows
+doesn't know about the 30-minute time difference
+there:</p>
+
+<blockquote><pre class="code">[global]
+ time offset = 30</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-1.1.3"/>
+
+<a name="INDEX-14"/><h3 class="head3">dos filetimes</h3>
+
+<p>Traditionally, only the root user and the owner of a file can change
+its last-modified date on a Unix system. The share-level
+<tt class="literal">dos</tt> <tt class="literal">filetimes</tt> option allows the
+Samba server to mimic the characteristics of a DOS or Windows system:
+any user can change the last-modified date on a file in that share if
+she has write permission to it. To do this, Samba uses its root
+privileges to modify the timestamp on the file.</p>
+
+<p>By default, this option is disabled. Setting this option to
+<tt class="literal">yes</tt> is often necessary to allow PC
+<em class="emphasis">make</em> programs to work properly. Without it, they
+cannot change the last-modified date themselves. This often results
+in the program thinking <em class="emphasis">all</em> files need
+recompiling when they really don't.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-1.1.4"/>
+
+<h3 class="head3">dos filetime resolution</h3>
+
+<p>The <tt class="literal">dos</tt><a name="INDEX-15"/>
+<tt class="literal">filetime</tt> <tt class="literal">resolution</tt> parameter
+is a share-level option. If set to <tt class="literal">yes</tt>, Samba
+rounds file times to the closest 2-second boundary. This option
+exists primarily to satisfy a quirk in Windows that prevents Visual
+C++ from correctly recognizing that a file has not changed. You can
+enable it as follows:</p>
+
+<blockquote><pre class="code">[data]
+ dos filetime resolution = yes</pre></blockquote>
+
+<p>We recommend using this option only if you are using Microsoft Visual
+C++ on a Samba share that supports opportunistic locking.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-1.1.5"/>
+
+<h3 class="head3">fake directory create times</h3>
+
+<p>The <tt class="literal">fake</tt><a name="INDEX-16"/>
+<tt class="literal">directory</tt> <tt class="literal">create</tt>
+<tt class="literal">times</tt> option exists to keep PC
+<em class="emphasis">make</em> programs sane. VFAT and NTFS filesystems
+record the creation date of a specific directory, while Unix does
+not. Without this option, Samba takes the earliest recorded date it
+has for the directory (often the last-modified date of a file) and
+returns it to the client. If this is not sufficient, set the
+following option under a share definition:</p>
+
+<blockquote><pre class="code">[data]
+ fake directory create times = yes</pre></blockquote>
+
+<p>If set, Samba will adjust the directory create time it reports to the
+hardcoded value January 1, 1980. This is primarily used to convince
+the Visual C++ <em class="emphasis">nmake</em> program that any object
+files in its build directories are indeed younger than the creation
+date of the directory itself and need to be recompiled. <a name="INDEX-17"/> <a name="INDEX-18"/><a name="INDEX-19"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-11-SECT-2"/>
+
+<h2 class="head1">Magic Scripts</h2>
+
+<p><em class="firstterm">Magic scripts</em> are a method of running programs
+on Unix and redirecting the output back to the SMB client. These are
+essentially an experimental hack. However, some users and their
+programs still rely on these two options for their programs to
+function correctly. Magic scripts are not widely trusted, and their
+use is highly discouraged by the Samba Team.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-11-SECT-2.1"/>
+
+<h3 class="head2">Magic Script Options</h3>
+
+<p><a href="ch11.html#samba2-CHP-11-TABLE-2">Table 11-2</a> lists the options that deal with
+<a name="INDEX-20"/>magic scripts
+on the Samba server.</p>
+
+<a name="samba2-CHP-11-TABLE-2"/><h4 class="head4">Table 11-2. Magic script options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">magic</tt> <tt class="literal">script</tt></p>
+</td>
+<td>
+<p>string (filename)</p>
+</td>
+<td>
+<p>File to be executed by Samba, as the logged-on user, when closed</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">magic</tt> <tt class="literal">output</tt></p>
+</td>
+<td>
+<p>string (filename)</p>
+</td>
+<td>
+<p>File to log output from the magic file</p>
+</td>
+<td>
+<p><em class="emphasis">scriptname.out</em></p>
+</td>
+<td>
+<p>Share</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-2.1.1"/>
+
+<h3 class="head3">magic script</h3>
+
+<p>If the <tt class="literal">magic</tt><a name="INDEX-21"/>
+<tt class="literal">script</tt> option is set to a filename and the client
+creates a file by that name in that share, Samba will run the file as
+soon as the user has opened and closed it. For example,
+let's assume that the following option was created
+in the share <tt class="literal">[accounting]</tt>:</p>
+
+<blockquote><pre class="code">[accounting]
+ magic script = tally.sh</pre></blockquote>
+
+<p>Samba continually monitors the files in that share. If one by the
+name of <em class="emphasis">tally.sh</em> is closed (after being opened)
+by a user, Samba will execute the contents of that file locally. The
+file will be passed to the shell to execute; it must therefore be a
+legal Unix shell script. This means that it must have newline
+characters as line endings instead of Windows CRLFs. In addition, you
+need to use the <tt class="literal">#!</tt> directive at the beginning of
+the file to indicate under which shell or interpreter the script
+should run, unless the script is for the default shell on your
+system.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-2.1.2"/>
+
+<a name="INDEX-22"/><h3 class="head3">magic output</h3>
+
+<p>This option specifies an output file to which the script specified by
+the <tt class="literal">magic</tt> <tt class="literal">script</tt> option will
+send output. You must specify a filename in a writable directory:</p>
+
+<blockquote><pre class="code">[accounting]
+ magic script = tally.sh
+ magic output = /var/log/magicoutput</pre></blockquote>
+
+<p>If this option is omitted, the default output file is the name of the
+script (as stated in the <tt class="literal">magic</tt>
+<tt class="literal">script</tt> option) with the extension
+<em class="emphasis">.out</em> appended onto it.</p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-11-SECT-3"/>
+
+<h2 class="head1">Internationalization</h2>
+
+<p><a name="INDEX-23"/><a name="INDEX-24"/>Starting
+with Samba 3.0, Samba supports Unicode &quot;on the
+wire,&quot; requiring no additional effort on your part
+to support filenames and other text containing characters in
+international character sets.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-11-SECT-3.1"/>
+
+<h3 class="head2">Internationalization Options</h3>
+
+<p>Samba 2.2.x has a limited ability to speak foreign tongues: if you
+need to support filenames containing characters that
+aren't in standard ASCII, some options that can help
+you are shown in <a href="ch11.html#samba2-CHP-11-TABLE-3">Table 11-3</a>.</p>
+
+<a name="samba2-CHP-11-TABLE-3"/><h4 class="head4">Table 11-3. Internationalization options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">client code</tt> <tt class="literal">page</tt></p>
+</td>
+<td>
+<p>Described in this section</p>
+</td>
+<td>
+<p>Sets a code page to expect from clients</p>
+</td>
+<td>
+<p>850</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">character set</tt></p>
+</td>
+<td>
+<p>Described in this section</p>
+</td>
+<td>
+<p>Translates code pages into alternate Unix character sets</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">coding system</tt></p>
+</td>
+<td>
+<p>Described in this section</p>
+</td>
+<td>
+<p>Translates code page 932 into an Asian character set</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">valid chars</tt></p>
+</td>
+<td>
+<p>string (set of characters)</p>
+</td>
+<td>
+<p>Adds individual characters to a code page</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-3.1.1"/>
+
+<h3 class="head3">client code page</h3>
+
+<p>The character sets on Windows platforms hark back to the original
+concept of a <em class="emphasis">code page</em><a name="INDEX-25"/>. These code pages are used by DOS and
+Windows clients to determine rules for mapping lowercase letters to
+uppercase letters. Samba can be instructed to use a variety of code
+pages through the use of the global
+<tt class="literal">client</tt><a name="INDEX-26"/> <tt class="literal">code</tt>
+<tt class="literal">page</tt> option to match the corresponding code page
+in use on the client. This option loads a code page definition file
+and can take the values specified in <a href="ch11.html#samba2-CHP-11-TABLE-4">Table 11-4</a>.</p>
+
+<a name="samba2-CHP-11-TABLE-4"/><h4 class="head4">Table 11-4. Valid code pages with Samba 2.0</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Code page</p>
+</th>
+<th>
+<p>Definition</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">437</tt></p>
+</td>
+<td>
+<p>MS-DOS Latin (United States)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">737</tt></p>
+</td>
+<td>
+<p>Windows 95 Greek</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">850</tt></p>
+</td>
+<td>
+<p>MS-DOS Latin 1 (Western European)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">852</tt></p>
+</td>
+<td>
+<p>MS-DOS Latin 2 (Eastern European)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">861</tt></p>
+</td>
+<td>
+<p>MS-DOS Icelandic</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">866</tt></p>
+</td>
+<td>
+<p>MS-DOS Cyrillic (Russian)</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">932</tt></p>
+</td>
+<td>
+<p>MS-DOS Japanese Shift-JIS</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">936</tt></p>
+</td>
+<td>
+<p>MS-DOS Simplified Chinese</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">949</tt></p>
+</td>
+<td>
+<p>MS-DOS Korean Hangul</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">950</tt></p>
+</td>
+<td>
+<p>MS-DOS Traditional Chinese</p>
+</td>
+</tr>
+
+</table>
+
+<p>You can set the client code page as follows:</p>
+
+<blockquote><pre class="code">[global]
+ client code page = 852</pre></blockquote>
+
+<p>The default value of this option is 850, for MS-DOS Latin 1. You can
+use the <em class="emphasis">make_smbcodepage</em> tool that comes with
+Samba (by default in <em class="filename">/usr/local/samba/bin</em> ) to
+create your own SMB code pages, in the event that those listed
+earlier are not sufficient.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-3.1.2"/>
+
+<h3 class="head3">character set</h3>
+
+<p>The global <tt class="literal">character</tt><a name="INDEX-27"/>
+<tt class="literal">set</tt> option can be used to convert filenames
+offered through a DOS code page (see the previous section, <a href="ch11.html#samba2-CHP-11-SECT-3.1.1">Section 11.3.1.1</a>) to equivalents that can be
+represented by Unix character sets other than those in the United
+States. For example, if you want to convert the Western European
+MS-DOS character set on the client to a Western European Unix
+character set on the server, you can use the following in your
+configuration file:</p>
+
+<blockquote><pre class="code">[global]
+ client code page = 850
+ character set = ISO8859-1</pre></blockquote>
+
+<p>Note that you must include a <tt class="literal">client</tt>
+<tt class="literal">code</tt> <tt class="literal">page</tt> option to specify the
+character set from which you are converting. The valid character sets
+(and their matching code pages) that Samba accepts are listed in
+<a href="ch11.html#samba2-CHP-11-TABLE-5">Table 11-5</a>.</p>
+
+<a name="samba2-CHP-11-TABLE-5"/><h4 class="head4">Table 11-5. Valid character sets</h4><table border="1">
+
+
+
+
+<tr>
+<th>
+<p>Character set</p>
+</th>
+<th>
+<p>Matching code page</p>
+</th>
+<th>
+<p>Definition</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">ISO8859-1</tt></p>
+</td>
+<td>
+<p><tt class="literal">850</tt></p>
+</td>
+<td>
+<p>Western European Unix</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">ISO8859-2</tt></p>
+</td>
+<td>
+<p><tt class="literal">852</tt></p>
+</td>
+<td>
+<p>Eastern European Unix</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">ISO8859-5</tt></p>
+</td>
+<td>
+<p><tt class="literal">866</tt></p>
+</td>
+<td>
+<p>Russian Cyrillic Unix</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">ISO8859-7</tt></p>
+</td>
+<td>
+<p>737</p>
+</td>
+<td>
+<p>Greek Unix</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">KOI8-R</tt></p>
+</td>
+<td>
+<p><tt class="literal">866</tt></p>
+</td>
+<td>
+<p>Alternate Russian Cyrillic Unix</p>
+</td>
+</tr>
+
+</table>
+
+<p>Normally, the <tt class="literal">character</tt> <tt class="literal">set</tt>
+option is disabled completely.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-3.1.3"/>
+
+<h3 class="head3">coding system</h3>
+
+<p>The <tt class="literal">coding</tt><a name="INDEX-28"/> <tt class="literal">system</tt>
+option is similar to the <tt class="literal">character</tt>
+<tt class="literal">set</tt> option. However, its purpose is to determine
+how to convert a Japanese Shift JIS code page into an appropriate
+Unix character set. To use this option, the <tt class="literal">client</tt>
+<tt class="literal">code</tt> <tt class="literal">page</tt> option described
+previously must be set to page <tt class="literal">932</tt>. The valid
+coding systems that Samba accepts are listed in <a href="ch11.html#samba2-CHP-11-TABLE-6">Table 11-6</a>.</p>
+
+<a name="samba2-CHP-11-TABLE-6"/><h4 class="head4">Table 11-6. Valid coding-system parameters</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Character set</p>
+</th>
+<th>
+<p>Definition</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">SJIS</tt></p>
+</td>
+<td>
+<p>Standard Shift JIS</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">JIS8</tt></p>
+</td>
+<td>
+<p>Eight-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">J8BB</tt></p>
+</td>
+<td>
+<p>Eight-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">J8BH</tt></p>
+</td>
+<td>
+<p>Eight-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">J8@B</tt></p>
+</td>
+<td>
+<p>Eight-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">J8@J</tt></p>
+</td>
+<td>
+<p>Eight-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">J8@H</tt></p>
+</td>
+<td>
+<p>Eight-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">JIS7</tt></p>
+</td>
+<td>
+<p>Seven-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">J7BB</tt></p>
+</td>
+<td>
+<p>Seven-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">J7BH</tt></p>
+</td>
+<td>
+<p>Seven-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">J7@B</tt></p>
+</td>
+<td>
+<p>Seven-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">J7@J</tt></p>
+</td>
+<td>
+<p>Seven-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">J7@H</tt></p>
+</td>
+<td>
+<p>Seven-bit JIS codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">JUNET</tt></p>
+</td>
+<td>
+<p>JUNET codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">JUBB</tt></p>
+</td>
+<td>
+<p>JUNET codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">JUBH</tt></p>
+</td>
+<td>
+<p>JUNET codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">JU@B</tt></p>
+</td>
+<td>
+<p>JUNET codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">JU@J</tt></p>
+</td>
+<td>
+<p>JUNET codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">JU@H</tt></p>
+</td>
+<td>
+<p>JUNET codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">EUC</tt></p>
+</td>
+<td>
+<p>EUC codes</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">HEX</tt></p>
+</td>
+<td>
+<p>Three-byte hexadecimal code</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">CAP</tt></p>
+</td>
+<td>
+<p>Three-byte hexadecimal code (Columbia AppleTalk Program)</p>
+</td>
+</tr>
+
+</table>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-3.1.4"/>
+
+<h3 class="head3">valid chars</h3>
+
+<p>The <tt class="literal">valid</tt><a name="INDEX-29"/> <tt class="literal">chars</tt> option
+can be used to add individual characters to a code page. You can use
+this option as follows:</p>
+
+<blockquote><pre class="code">valid chars = &Icirc;
+valid chars = 0450:0420 0x0A20:0x0A00
+valid chars = A:a</pre></blockquote>
+
+<p>Each character in the list specified should be separated by spaces.
+If there is a colon between two characters or a numerical equivalent,
+the data to the left of the colon is considered an uppercase
+character, while the data to the right is considered the lowercase
+character. You can represent characters both by literals (if you can
+type them) and by octal, hexadecimal, or decimal Unicode equivalents.</p>
+
+<p>If you use this option, it must be listed after the
+<tt class="literal">client</tt> <tt class="literal">code</tt>
+<tt class="literal">page</tt> to which you wish to add the character.
+<a name="INDEX-30"/><a name="INDEX-31"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-11-SECT-4"/>
+
+<h2 class="head1">Windows Messenger Service</h2>
+
+<p>One of the odd features of SMB protocol is its ability to send text
+messages between computers. Although both the name and functionality
+are similar to that of Windows Messenger, the two are not the same.
+<a name="INDEX-32"/><a name="INDEX-33"/><a name="INDEX-34"/>Windows Messenger (also called MSN
+Messenger) is an Internet-oriented instant messenging service, while
+Windows Messenger Service is an older and simpler LAN-oriented
+service. Using the Windows Messenger Service, messages can be
+addressed to users, individual computers, or entire workgroups on the
+network.</p>
+
+<p>The <a name="INDEX-35"/>WinPopup
+tool (<em class="filename">Winpopup.exe</em>), shown in <a href="ch11.html#samba2-CHP-11-FIG-1">Figure 11-1</a>, can be used on Windows 95/98/Me to send or
+receive messages. WinPopup is a handy tool for sending messages.
+However, to receive messages, it must already be running when the
+message is sent from the remote system.</p>
+
+<div class="figure"><a name="samba2-CHP-11-FIG-1"/><img src="figs/sam2_1101.gif"/></div><h4 class="head4">Figure 11-1. Sending a message from a Windows 95/98/Me system (left); receiving a message (right)</h4>
+
+<p>On Windows NT/2000/XP, the messenger service lets you receive
+messages without having an application already running; messages will
+automatically appear in a small dialog box on the screen when
+received, as shown in <a href="ch11.html#samba2-CHP-11-FIG-2">Figure 11-2</a>.</p>
+
+<div class="figure"><a name="samba2-CHP-11-FIG-2"/><img src="figs/sam2_1102.gif"/></div><h4 class="head4">Figure 11-2. Receiving a message on a Windows 2000 system</h4>
+
+<p>To send messages, it is necessary to use the <em class="emphasis">net
+send</em> command from a command-prompt window, like this:</p>
+
+<blockquote><pre class="code">C:\&gt; <tt class="userinput"><b>net send maya &quot;Who's There?&quot;</b></tt>
+The message was successfully sent to MAYA.</pre></blockquote>
+
+
+<div class="sect2"><a name="samba2-CHP-11-SECT-4.1"/>
+
+<h3 class="head2">Windows Messenger Service Configuration Option</h3>
+
+<p>Samba has a single option to handle Windows Messenger Service,
+<tt class="literal">message</tt> <tt class="literal">command</tt>, as shown in
+<a href="ch11.html#samba2-CHP-11-TABLE-7">Table 11-7</a>.</p>
+
+<a name="samba2-CHP-11-TABLE-7"/><h4 class="head4">Table 11-7. Windows Messenger Service configuration option</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameter</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">message</tt> <tt class="literal">command</tt></p>
+</td>
+<td>
+<p>string (shell command)</p>
+</td>
+<td>
+<p>Sets a command to run on Unix when a WinPopup message is received</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-4.1.1"/>
+
+<h3 class="head3">message command</h3>
+
+<p>Samba's
+<tt class="literal">message</tt><a name="INDEX-36"/> <tt class="literal">command</tt>
+option defines the command that will run on the server when a Windows
+Messenger Service message arrives. The command will be executed as
+the <tt class="literal">guest</tt> <tt class="literal">account</tt> user. What to
+do with messages is questionable because most Samba hosts run as
+unattended servers. One solution is to mail the messages to root like
+this:</p>
+
+<blockquote><pre class="code">[global]
+ message command = /bin/mail -s &quot;SMB Message From %f on %m&quot; root &lt;%s; rm %s</pre></blockquote>
+
+<p>Note the use of variables here. The <tt class="literal">%s</tt> variable
+will be replaced by the name of the file in which the message
+resides. This file should be deleted when the command is finished
+with it; otherwise, a buildup of message files will collect on the
+Samba server. In addition, the command must either exit quickly or
+fork its own process (using an <tt class="literal">&amp;</tt> after the
+command); otherwise, the client might suspend and wait for
+notification that the command was sent successfully before
+continuing.</p>
+
+<p>In addition to the standard variables, <a href="ch11.html#samba2-CHP-11-TABLE-8">Table 11-8</a>
+shows the three unique variables that you can use in a
+<tt class="literal">message</tt> <tt class="literal">command</tt>.</p>
+
+<a name="samba2-CHP-11-TABLE-8"/><h4 class="head4">Table 11-8. message command variables</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Variable</p>
+</th>
+<th>
+<p>Definition</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">%s</tt></p>
+</td>
+<td>
+<p>The name of the file in which the message resides</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%f</tt></p>
+</td>
+<td>
+<p>The name of the system that sent the message</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">%t</tt></p>
+</td>
+<td>
+<p>The name of the system that is the destination of the message
+<a name="INDEX-37"/><a name="INDEX-38"/><a name="INDEX-39"/></p>
+</td>
+</tr>
+
+</table>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-11-SECT-5"/>
+
+<h2 class="head1">Miscellaneous Options</h2>
+
+<p>Many Samba options are available to deal with operating system issues
+on either Unix or Windows. In particular, some of these options are
+used for setting limits for clients' use of
+resources on the Unix server. The options shown in <a href="ch11.html#samba2-CHP-11-TABLE-9">Table 11-9</a> deal with some of these issues.</p>
+
+<a name="samba2-CHP-11-TABLE-9"/><h4 class="head4">Table 11-9. Miscellaneous options</h4><table border="1">
+
+
+
+
+
+
+<tr>
+<th>
+<p>Option</p>
+</th>
+<th>
+<p>Parameters</p>
+</th>
+<th>
+<p>Function</p>
+</th>
+<th>
+<p>Default</p>
+</th>
+<th>
+<p>Scope</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p><tt class="literal">deadtime</tt></p>
+</td>
+<td>
+<p>numeric (minutes)</p>
+</td>
+<td>
+<p>Number of minutes of inactivity before a connection should be
+terminated.</p>
+</td>
+<td>
+<p><tt class="literal">0</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">dfree command</tt></p>
+</td>
+<td>
+<p>string (command)</p>
+</td>
+<td>
+<p>Used to specify a command that returns free disk space in a format
+recognized by Samba.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">fstype</tt></p>
+</td>
+<td>
+<p><tt class="literal">NTFS</tt>, <tt class="literal">FAT</tt>, or
+<tt class="literal">Samba</tt></p>
+</td>
+<td>
+<p>Filesystem type reported by the server to the client.</p>
+</td>
+<td>
+<p><tt class="literal">NTFS</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">keepalive</tt></p>
+</td>
+<td>
+<p>numeric (seconds)</p>
+</td>
+<td>
+<p>Number of seconds between checks for an inoperative client.</p>
+</td>
+<td>
+<p><tt class="literal">300</tt> (none)</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">max disk size</tt></p>
+</td>
+<td>
+<p>numeric (MB)</p>
+</td>
+<td>
+<p>Largest disk size to return to a client, some of which have limits.
+Does not affect actual operations on the disk.</p>
+</td>
+<td>
+<p><tt class="literal">0</tt> (infinity)</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">max mux</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Maximum number of simultaneous SMB operations that clients can make.</p>
+</td>
+<td>
+<p><tt class="literal">50</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">max open files</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Limits number of open files to be below Unix limits.</p>
+</td>
+<td>
+<p><tt class="literal">10000</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">max xmit</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Specifies the maximum packet size that Samba will send.</p>
+</td>
+<td>
+<p><tt class="literal">65535</tt> or <tt class="literal">16644</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">nt pipe support</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Turns off an NT/2000/XP support feature; for benchmarking or in case
+of an error.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">nt smb support</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Turns off an NT/2000/XP support feature; for benchmarking or in case
+of an error.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">ole locking</tt> <tt class="literal">compatibility</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>Remaps out-of-range lock requests used on Windows to fit in allowable
+range on Unix. Turning it off causes Unix lock errors.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">panic action</tt></p>
+</td>
+<td>
+<p>string</p>
+</td>
+<td>
+<p>Command to run if Samba server fails; for debugging.</p>
+</td>
+<td>
+<p>None</p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">set directory</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, allows VMS clients to issue
+<tt class="literal">set</tt> <tt class="literal">dir</tt> commands.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">status</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, allows Samba to monitor status for
+<tt class="literal">smbstatus</tt> command.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">strict sync</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">no</tt>, ignores Windows application requests to
+perform a sync-to-disk.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">sync always</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, forces all client writes to be committed
+to disk before returning from the call.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">strip dot</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, strips trailing dots from Unix filenames.</p>
+</td>
+<td>
+<p><tt class="literal">no</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">change notify timeout</tt></p>
+</td>
+<td>
+<p>numeric (seconds)</p>
+</td>
+<td>
+<p>Interval between checks when a client asks to wait for a change in a
+specified directory.</p>
+</td>
+<td>
+<p><tt class="literal">60</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">stat cache</tt></p>
+</td>
+<td>
+<p>Boolean</p>
+</td>
+<td>
+<p>If <tt class="literal">yes</tt>, Samba will cache recent name mappings.</p>
+</td>
+<td>
+<p><tt class="literal">yes</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+<tr>
+<td>
+<p><tt class="literal">stat cache size</tt></p>
+</td>
+<td>
+<p>numeric</p>
+</td>
+<td>
+<p>Number of entries in the stat cache.</p>
+</td>
+<td>
+<p><tt class="literal">50</tt></p>
+</td>
+<td>
+<p>Global</p>
+</td>
+</tr>
+
+</table>
+
+
+<div class="sect2"><a name="samba2-CHP-11-SECT-5.1"/>
+
+<a name="INDEX-40"/><h3 class="head2">deadtime</h3>
+
+<p>This global option sets the number of minutes that Samba will wait
+for an inactive client before closing its session with the Samba
+server. A client is considered inactive when it has no open files and
+no data is being sent from it. The default value for this option is
+0, which means that Samba never closes any connection, regardless of
+how long they have been inactive. This can lead to unnecessary
+consumption of the server's resources by inactive
+clients. We recommend that you override the default as follows:</p>
+
+<blockquote><pre class="code">[global]
+ deadtime = 10</pre></blockquote>
+
+<p>This tells Samba to terminate any inactive client sessions after 10
+minutes. For most networks, setting this option as such will not
+inconvenience users because reconnections from the client are
+generally performed transparently to the user. See also the
+<tt class="literal">keepalive</tt> parameter.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.1"/>
+
+<a name="INDEX-41"/><h3 class="head3">dfree command</h3>
+
+<p>This global option is used on systems that incorrectly determine the
+free space left on the disk. So far, the only confirmed system that
+needs this option set is Ultrix. There is no default value for this
+option, which means that Samba already knows how to compute the free
+disk space on its own and the results are considered reliable. You
+can override it as follows:</p>
+
+<blockquote><pre class="code">[global]
+ dfree command = /usr/local/bin/dfree</pre></blockquote>
+
+<p>This option should point to a script that returns the total disk
+space in a block and the number of available blocks. The Samba
+documentation recommends the following as a usable script:</p>
+
+<blockquote><pre class="code">#!/bin/sh
+df $1 | tail -1 | awk '{print $2&quot; &quot;$4}'</pre></blockquote>
+
+<p>On System V machines, the following will work:</p>
+
+<blockquote><pre class="code">#!/bin/sh
+/usr/bin/df $1 | tail -1 | awk '{print $3&quot; &quot;$5}'</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.2"/>
+
+<a name="INDEX-42"/><h3 class="head3">fstype</h3>
+
+<p>This share-level option sets the type of filesystem that Samba
+reports when queried by the client. Three strings can be used as a
+value to this configuration option, as listed in <a href="ch11.html#samba2-CHP-11-TABLE-10">Table 11-10</a>.</p>
+
+<a name="samba2-CHP-11-TABLE-10"/><h4 class="head4">Table 11-10. Filesystem types</h4><table border="1">
+
+
+
+<tr>
+<th>
+<p>Value</p>
+</th>
+<th>
+<p>Definition</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>NTFS</p>
+</td>
+<td>
+<p>Microsoft Windows NT filesystem</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>FAT</p>
+</td>
+<td>
+<p>DOS FAT filesystem</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Samba</p>
+</td>
+<td>
+<p>Samba filesystem</p>
+</td>
+</tr>
+
+</table>
+
+<p>The default value for this option is <tt class="literal">NTFS</tt>, which
+represents a Windows NT filesystem. There probably
+isn't a need to specify any other type of
+filesystem. However, if you need to, you can override the default
+value per share as follows:</p>
+
+<blockquote><pre class="code">[data]
+ fstype = FAT</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.3"/>
+
+<a name="INDEX-43"/><h3 class="head3">keepalive</h3>
+
+<p>This global option specifies the number of seconds that Samba waits
+between sending NetBIOS <em class="emphasis">keepalive packets</em>. These
+packets are used to ping a client to detect whether it is still alive
+and on the network. The default value for this option is
+<tt class="literal">300</tt> (5 minutes), which you can override as
+follows:</p>
+
+<blockquote><pre class="code">[global]
+ keepalive = 600</pre></blockquote>
+
+<p>The value of <tt class="literal">600</tt> (10 minutes) is good for networks
+populated by reliable clients. If your network contains relatively
+unreliable clients, you might prefer to set
+<tt class="literal">keepalive</tt> to a lower value, such as
+<tt class="literal">30</tt>. If <tt class="literal">keepalive</tt> is set to 0,
+no NetBIOS keepalive packets will be sent. See also the
+<tt class="literal">deadtime</tt> parameter.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.4"/>
+
+<a name="INDEX-44"/><h3 class="head3">max disk size</h3>
+
+<p>This global option specifies an illusory limit, in megabytes, for
+each share that Samba is offering. It only affects how much disk
+space Samba reports the share as having and does not prevent more
+disk space from actually being available for use. You would typically
+set this option to prevent clients with older operating
+systems&mdash;or running buggy applications&mdash;from being confused
+by large disk spaces. For example, some older Windows applications
+become confused when they encounter a share larger than 1 gigabyte.
+To work around this problem, <tt class="literal">max</tt>
+<tt class="literal">disk</tt> <tt class="literal">size</tt> can be set as
+follows:</p>
+
+<blockquote><pre class="code">[global]
+ max disk size = 1000</pre></blockquote>
+
+<p>The default value for this option is <tt class="literal">0</tt>, which
+means there is no upper limit.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.5"/>
+
+<a name="INDEX-45"/><h3 class="head3">max mux</h3>
+
+<p>This global option specifies the maximum number of concurrent SMB
+operations Samba allows. The default value for this option is
+<tt class="literal">50</tt>. You can override it as follows:</p>
+
+<blockquote><pre class="code">[global]
+ max mux = 100</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.6"/>
+
+<a name="INDEX-46"/><h3 class="head3">max open files</h3>
+
+<p>This global option specifies the maximum number of open files that
+Samba should allow at any given time for all processes. This value
+must be equal to or less than the amount allowed by the operating
+system, which varies from system to system. The default value for
+this option is <tt class="literal">10000</tt>. You can override it as
+follows:</p>
+
+<blockquote><pre class="code">[global]
+ max open files = 8000</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.7"/>
+
+<a name="INDEX-47"/><h3 class="head3">max xmit</h3>
+
+<p>This global option sets the maximum size of packets that Samba
+exchanges with a client. In rare cases, setting a smaller maximum
+packet size can increase performance, especially with Windows for
+Workgroups. In Samba versions up to 2.2.5, the default value for this
+option is <tt class="literal">65535</tt>. In 2.2.7 and later versions, the
+default was changed to <tt class="literal">16644</tt> to match the behavior
+of Windows 2000 and improve support for Windows NT 4.0. You can
+override the default as follows:</p>
+
+<blockquote><pre class="code">[global]
+ max xmit = 4096</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.8"/>
+
+<a name="INDEX-48"/><h3 class="head3">nt pipe support</h3>
+
+<p>This global option is used by developers to allow or disallow Windows
+NT/2000/XP clients the ability to make connections to
+<a name="INDEX-49"/>NT-specific SMB IPC$ pipes. As a user, you
+should never need to override the default:</p>
+
+<blockquote><pre class="code">[global]
+ nt pipe support = yes</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.9"/>
+
+<a name="INDEX-50"/><h3 class="head3">nt smb support</h3>
+
+<p>This global option is used by developers to negotiate NT-specific SMB
+options with Windows NT/2000/XP clients. The Samba Team has
+discovered that slightly better performance comes from setting this
+value to <tt class="literal">no</tt>. However, as a user, you should
+probably not override the default:</p>
+
+<blockquote><pre class="code">[global]
+ nt smb support = yes</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.10"/>
+
+<a name="INDEX-51"/><h3 class="head3">ole locking compatibility</h3>
+
+<p>This global option turns off Samba's internal
+byte-range locking manipulation in files, which gives compatibility
+with Object Linking and Embedding (OLE) applications that use high
+byte-range locks as a method of interprocess communication. The
+default value for this option is <tt class="literal">yes</tt>. If you trust
+your Unix locking mechanisms, you can override it as follows:</p>
+
+<blockquote><pre class="code">[global]
+ ole locking compatibility = no</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.11"/>
+
+<a name="INDEX-52"/><h3 class="head3">panic action</h3>
+
+<p>This global option specifies a command to execute in the event that
+Samba encounters a fatal error when loading or running. There is no
+default value for this option. You can specify an action as follows:</p>
+
+<blockquote><pre class="code">[global]
+ panic action = /bin/csh -c
+ 'xedit &lt;&lt;: &quot;Samba has shutdown unexpectedly&quot;;:'</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.12"/>
+
+<a name="INDEX-53"/><h3 class="head3">set directory</h3>
+
+<p>This Boolean share-level option allows <a name="INDEX-54"/>Digital Pathworks clients to
+use the <em class="emphasis">setdir</em> command to change directories on
+the server. If you are not using the Digital Pathworks client, you
+should not need to alter this option. The default value for this
+option is <tt class="literal">no</tt>. You can override it per share as
+follows:</p>
+
+<blockquote><pre class="code">[data]
+ set directory = yes</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.13"/>
+
+<a name="INDEX-55"/><h3 class="head3">status</h3>
+
+<p>This global option indicates whether Samba should log all active
+connections to a status file. This file is used only by the
+<em class="emphasis">smbstatus</em> command. If you have no intentions of
+using this command, you can set this option to <tt class="literal">no</tt>,
+which can result in a small increase of speed on the server. The
+default value for this option is <tt class="literal">yes</tt>. You can
+override it as follows:</p>
+
+<blockquote><pre class="code">[global]
+ status = no</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.14"/>
+
+<a name="INDEX-56"/><h3 class="head3">strict sync</h3>
+
+<p>This share-level option determines whether Samba honors all requests
+to perform a disk sync when requested to do so by a client. Many
+Windows clients request a disk sync when they are really just trying
+to flush data to their own open files. In this case, a disk sync is
+generally unnecessary on Unix due to its high reliability, and it
+mostly has the effect of substantially reducing the performance of
+the Samba host system. The default value for this option is
+<tt class="literal">no</tt>, which allows the superfluous disk sync
+requests to be ignored. You can override the default as follows:</p>
+
+<blockquote><pre class="code">[data]
+ strict sync = yes</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.15"/>
+
+<a name="INDEX-57"/><h3 class="head3">sync always</h3>
+
+<p>This share-level option decides whether every write to disk should be
+followed by a disk synchronization before the write call returns
+control to the client. Even if the value of this option is
+<tt class="literal">no</tt>, clients can request a disk synchronization;
+see the earlier <tt class="literal">strict</tt> <tt class="literal">sync</tt>
+option. The default value for this option is <tt class="literal">no</tt>.
+You can override it per share as follows:</p>
+
+<blockquote><pre class="code">[data]
+ sync always = yes</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.16"/>
+
+<a name="INDEX-58"/><h3 class="head3">strip dot</h3>
+
+<p>This global option determines whether to remove the trailing dot from
+Unix filenames that are formatted with a dot at the end. The default
+value for this option is <tt class="literal">no</tt>. You can override it
+per share as follows:</p>
+
+<blockquote><pre class="code">[global]
+ strip dot = yes</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.17"/>
+
+<h3 class="head3">change notify timeout</h3>
+
+<p>The <tt class="literal">change</tt><a name="INDEX-59"/>
+<tt class="literal">notify</tt> <tt class="literal">timeout</tt> global option
+emulates a Windows NT/2000 SMB feature called <em class="firstterm">change
+notification</em><a name="INDEX-60"/>. This allows a client to request
+that a Windows NT/2000 server periodically monitor a specific
+directory on a share for any changes. If changes occur, the server
+will notify the client.</p>
+
+<p>Samba performs this function for its clients at an interval that
+defaults to 1 minute (60 seconds). Performing these checks too often
+can slow down the server considerably; however, you can use this
+option to specify an alternate time that Samba should wait between
+performing checks:</p>
+
+<blockquote><pre class="code">[global]
+ change notify timeout = 30</pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.18"/>
+
+<h3 class="head3">stat cache</h3>
+
+<p>The <tt class="literal">stat</tt><a name="INDEX-61"/> <tt class="literal">cache</tt> global
+option turns on caching of recent case-insensitive name mappings. The
+default is <tt class="literal">yes</tt>. The Samba Team recommends that you
+never change this parameter.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-11-SECT-5.1.19"/>
+
+<h3 class="head3">stat cache size</h3>
+
+<p>The <tt class="literal">stat</tt><a name="INDEX-62"/> <tt class="literal">cache</tt>
+<tt class="literal">size</tt> global option sets the number of cache
+entries to be used for the <tt class="literal">stat</tt>
+<tt class="literal">cache</tt> option. The default here is
+<tt class="literal">50</tt>. Again, the Samba Team recommends that you
+never change this parameter.</p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html>
diff --git a/docs/htmldocs/using_samba/ch12.html b/docs/htmldocs/using_samba/ch12.html
new file mode 100644
index 00000000000..6ba643fe738
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch12.html
@@ -0,0 +1,3341 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h1 class="head0">Chapter 12. Troubleshooting Samba</h1>
+
+
+<p><a name="INDEX-1"/><a name="INDEX-2"/>Samba is extremely robust. Once you have
+everything set up the way you want, you'll probably
+forget that it is running. When trouble occurs, it's
+typically during installation or when you're trying
+to reconfigure the server. Fortunately, a wide variety of resources
+are available to diagnose these troubles. While we
+can't describe in detail the solution to every
+problem you might encounter, you should be able to get a good start
+at resolving the problem by following the advice given in this
+chapter.</p>
+
+<p>The first section of this chapter lists the tool bag, a collection of
+tools available for troubleshooting Samba; the second section is a
+detailed how-to; the last section lists extra resources to track down
+particularly stubborn problems.</p>
+
+
+
+<div class="sect1"><a name="samba2-CHP-12-SECT-1"/>
+
+<h2 class="head1">The Tool Box</h2>
+
+<p><a name="INDEX-3"/><a name="INDEX-4"/>Sometimes Unix
+seems to be made up of a grab bag of applications and tools. There
+are tools to troubleshoot tools. And of course, there are several
+ways to accomplish the same task. When trying to solve a problem
+related to Samba, a good plan of attack is to use the following:</p>
+
+<ul><li>
+<p>Samba logs</p>
+</li><li>
+<p>Samba test utilities</p>
+</li><li>
+<p>Unix utilities</p>
+</li><li>
+<p>Fault tree</p>
+</li><li>
+<p>Documentation and FAQs</p>
+</li><li>
+<p>Samba newsgroups</p>
+</li><li>
+<p>Searchable mailing list archives</p>
+</li></ul>
+<p>Let's go over each of these one-by-one in the
+following sections.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-1.1"/>
+
+<h3 class="head2">Samba Logs</h3>
+
+<p><a name="INDEX-5"/><a name="INDEX-6"/>Your first line of attack should always
+be to check the log files. The Samba log files can help diagnose the
+vast majority of the problems faced by beginning- to
+intermediate-level Samba administrators. Samba is quite flexible when
+it comes to logging. You can set up the server to log as little or as
+much information as you want. Using substitution variables in the
+Samba configuration file allows you to isolate individual logs for
+each system, share, or combination thereof.</p>
+
+<p>Logs are placed in <em class="filename">/usr/local/samba/var/smbd.log</em>
+and <em class="filename">/usr/local/samba/var/nmbd.log</em> by default.
+You can specify a log directory to use with the
+<em class="emphasis">-l</em> flag on the command line when starting the
+Samba daemons. For example:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>smbd -l /var/log/samba</b></tt>
+# <tt class="userinput"><b>nmbd -l /var/log/samba</b></tt></pre></blockquote>
+
+<p>Alternatively, you can override the location and name using the
+<tt class="literal">log</tt><a name="INDEX-7"/> <tt class="literal">file</tt> configuration
+option in <em class="filename">smb.conf</em>. This option accepts all the
+substitution variables, so you could easily have the server keep a
+separate log for each connecting client system by specifying the
+following:</p>
+
+<blockquote><pre class="code">[global]
+ log file = %m.log</pre></blockquote>
+
+<p>Another useful trick is to have the server keep a log for each
+service (share) that is offered, especially if you suspect a
+particular share is causing trouble. To do this, use the
+<tt class="literal">%S</tt> variable, like this:</p>
+
+<blockquote><pre class="code">[global]
+ log file = %S.log</pre></blockquote>
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-1.1.1"/>
+
+<h3 class="head3">Log levels</h3>
+
+<p><a name="INDEX-8"/>The level of logging that Samba uses
+can be set in the <em class="filename">smb.conf</em> file using the global
+<tt class="literal">log</tt> <tt class="literal">level</tt> or
+<tt class="literal">debug</tt> <tt class="literal">level</tt> option; they are
+equivalent. The logging level is an integer that can range from 0 to
+10. At level 0, no logging is done. Higher values result in more
+voluminous logging. For example, let's assume that
+we will use a Windows client to browse a directory on a Samba server.
+For a small amount of log information, you can use
+<tt class="literal">log</tt> <tt class="literal">level</tt> <tt class="literal">=</tt>
+<tt class="literal">1</tt>, which instructs Samba to show only cursory
+information, in this case only the connection itself:</p>
+
+<blockquote><pre class="code">05/25/02 22:02:11 server (192.168.236.86) connect to service public as user pcguest
+(uid=503,gid=100) (pid 3377)</pre></blockquote>
+
+<p>Higher debug levels produce more detailed information. Usually, you
+won't need more than level 3, which is fully
+adequate for most Samba administrators. Levels above 3 are used by
+the developers and dump enormous amounts of cryptic information.</p>
+
+<p>Here is an example of output at levels 2 and 3 for the same
+operation. Don't worry if you don't
+understand the intricacies of an SMB connection; the point is simply
+to show you what types of information are shown at the different
+<a name="INDEX-9"/>logging levels:</p>
+
+<blockquote><pre class="code"> /* Level 2 */
+Got SIGHUP
+Processing section &quot;[homes]&quot;
+Processing section &quot;[public]&quot;
+Processing section &quot;[temp]&quot;
+Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$
+Allowed connection from 192.168.236.86 (192.168.236.86) to IPC/
+
+
+/* Level 3 */
+05/25/02 22:15:09 Transaction 63 of length 67
+switch message SMBtconX (pid 3377)
+Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$
+ACCEPTED: guest account and guest ok
+found free connection number 105
+Connect path is /tmp
+chdir to /tmp
+chdir to /
+05/25/02 22:15:09 server (192.168.236.86) connect to service IPC$ as user pcguest
+(uid=503,gid=100) (pid 3377)
+05/25/02 22:15:09 tconX service=ipc$ user=pcguest cnum=105
+05/25/02 22:15:09 Transaction 64 of length 99
+switch message SMBtrans (pid 3377)
+chdir to /tmp
+trans &lt;\PIPE\LANMAN&gt; data=0 params=19 setup=0
+Got API command 0 of form &lt;WrLeh&gt; &lt;B13BWz&gt; (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8)
+Doing RNetShareEnum
+RNetShareEnum gave 4 entries of 4 (1 4096 126 4096)
+05/25/02 22:15:11 Transaction 65 of length 99
+switch message SMBtrans (pid 3377)
+chdir to /
+chdir to /tmp
+trans &lt;\PIPE\LANMAN&gt; data=0 params=19 setup=0
+Got API command 0 of form &lt;WrLeh&gt; &lt;B13BWz&gt; (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8)
+Doing RNetShareEnum
+RNetShareEnum gave 4 entries of 4 (1 4096 126 4096)
+05/25/02 22:15:11 Transaction 66 of length 95
+switch message SMBtrans2 (pid 3377)
+chdir to /
+chdir to /pcdisk/public
+call_trans2findfirst: dirtype = 0, maxentries = 6, close_after_first=0, close_if_end
+= 0 requires_resume_key = 0 level = 260, max_data_bytes = 2432
+unix_clean_name [./DESKTOP.INI]
+unix_clean_name [desktop.ini]
+unix_clean_name [./]
+creating new dirptr 1 for path ./, expect_close = 1
+05/25/02 22:15:11 Transaction 67 of length 53
+switch message SMBgetatr (pid 3377)
+chdir to /
+
+<i class="lineannotation">[... deleted ...]</i></pre></blockquote>
+
+<p>We cut off this listing after the first packet because it runs on for
+many pages. However, be aware that log levels above 3 will quickly
+consume disk space with megabytes of excruciating detail concerning
+Samba's internal operations. Log level 3 is
+extremely useful for following exactly what the server is doing, and
+most of the time it will be obvious where an error occurs by glancing
+through the log file.</p>
+
+<p>Using a high log level (3 or above) will
+<em class="emphasis">seriously</em> slow down the Samba server. Remember
+that every log message generated causes a write to disk (an
+inherently slow operation) and log levels greater than 2 produce
+massive amounts of data. Essentially, you should turn on logging
+level 3 only when you're actively tracking a problem
+in the Samba server. <a name="INDEX-10"/></p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-1.1.2"/>
+
+<h3 class="head3">Activating and deactivating logging</h3>
+
+<p><a name="INDEX-11"/><a name="INDEX-12"/>To turn logging on and off,
+set the appropriate level in the <tt class="literal">[global]</tt> section
+of <em class="filename">smb.conf</em>. Then, you can either restart Samba
+or force the current daemon to reprocess the configuration file by
+sending it a hangup (HUP) signal. You also can send the
+<em class="emphasis">smbd</em> process a SIGUSR1 signal to increase its
+log level by one while it's running, like this:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>kill -SIGUSR1 1234</b></tt></pre></blockquote>
+
+<p>or a SIGUSR2 signal to decrease it by one:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>kill -SIGUSR2 1234</b></tt></pre></blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-1.1.3"/>
+
+<h3 class="head3">Logging by individual client systems or users</h3>
+
+<p>An effective way to diagnose problems without hampering other users
+is to assign different log levels for different systems in the
+<tt class="literal">[global]</tt> section of the
+<em class="filename">smb.conf</em> file. We can do this by building on the
+strategy we presented earlier:</p>
+
+<blockquote><pre class="code">[global]
+ log level = 0
+ log file = /usr/local/samba/var/log.%m
+ include = /usr/local/samba/lib/smb.conf.%m</pre></blockquote>
+
+<p>These options instruct Samba to use unique configuration and log
+files for each client that connects. Now all you have to do is create
+an <em class="filename">smb.conf</em> file for a specific client system
+with a <tt class="literal">log</tt> <tt class="literal">level</tt>
+<tt class="literal">=</tt> <tt class="literal">3</tt> entry in it (the others
+will pick up the default log level of 0) and use that log file to
+track down the problem.</p>
+
+<p>Similarly, if only particular users are experiencing a
+problem&mdash;and it travels from system to system with
+them&mdash;you can isolate logging to a specific user by adding the
+following to the <em class="filename">smb.conf</em> file:</p>
+
+<blockquote><pre class="code">[global]
+ log level = 0
+ log file = /usr/local/samba/var/log.%u
+ include = /usr/local/samba/lib/smb.conf.%u</pre></blockquote>
+
+<p>Then you can create a unique <em class="filename">smb.conf</em> file for
+each user you wish to monitor (e.g.,
+<em class="filename">/usr/local/samba/lib/smb.conf.tim</em>). Files
+containing the configuration option <tt class="literal">log</tt>
+<tt class="literal">level</tt> <tt class="literal">=</tt> <tt class="literal">3</tt>
+and only those users will get more detailed logging.<a name="INDEX-13"/><a name="INDEX-14"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-1.2"/>
+
+<h3 class="head2">Samba Test Utilities</h3>
+
+<p><a name="INDEX-15"/><a name="INDEX-16"/>A rigorous set of tests that exercise
+the major parts of Samba are described in various files in the
+<em class="emphasis">/docs/textdocs</em> directory of the Samba
+distribution kit, starting with <em class="emphasis">DIAGNOSIS.txt</em>.
+The fault tree in this chapter is a more detailed version of the
+basic tests suggested by the Samba Team, but it covers only
+installation and reconfiguration diagnosis, such as
+<em class="emphasis">DIAGNOSIS.txt</em>. The other files in the
+<em class="emphasis">/docs</em> subdirectories address specific problems
+and instruct you how to troubleshoot items not included in this book.
+If the fault tree doesn't suffice, be sure to look
+at
+<em class="emphasis">DIAGNOSIS.txt</em><a name="INDEX-17"/>
+and its friends.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-1.3"/>
+
+<h3 class="head2">Unix Utilities</h3>
+
+<p>Sometimes it's useful to use a tool outside the
+Samba suite to examine what's happening inside the
+server. Three diagnostic tools can be of particular help in debugging
+Samba troubles: <em class="emphasis">trace</em>,
+<em class="emphasis">tcpdump</em>, and <em class="emphasis">Ethereal</em>.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-1.3.1"/>
+
+<h3 class="head3">Using trace</h3>
+
+<p>The <em class="emphasis">trace</em><a name="INDEX-18"/> command masquerades under several
+different names, depending on the operating system you are using. On
+Linux it will be
+<em class="emphasis">strace</em><a name="INDEX-19"/>; on Solaris you'll use
+<em class="emphasis">truss</em><a name="INDEX-20"/>; SGI will have
+<em class="emphasis">padc</em><a name="INDEX-21"/> and
+<em class="emphasis">par</em><a name="INDEX-22"/>; and HP-UX will have
+<em class="emphasis">trace</em> or
+<em class="emphasis">tusc</em><a name="INDEX-23"/>. All have essentially the same
+function, which is to display each operating system function call as
+it is executed. This allows you to follow the execution of a program,
+such as the Samba server, and often pinpoints the exact call that is
+causing the difficulty.</p>
+
+<p>One problem that <em class="emphasis">trace</em> can highlight is an
+incorrect version of a dynamically linked library. This can happen if
+you've downloaded prebuilt binaries of Samba.
+You'll typically see the offending call at the end
+of the <em class="emphasis">trace</em>, just before the program
+terminates.</p>
+
+<p>A sample <em class="emphasis">strace</em> output for the Linux operating
+system follows. This is a small section of a larger file created
+during the opening of a directory on the Samba server. Each line
+lists a system call and includes its parameters and the return value.
+If there was an error, the error value (e.g.,
+<tt class="literal">ENOENT</tt>) and its explanation are also shown. You
+can look up the parameter types and the errors that can occur in the
+appropriate <em class="emphasis">trace</em> manual page for the operating
+system you are using.</p>
+
+<blockquote><pre class="code">chdir(&quot;/pcdisk/public&quot;) = 0
+stat(&quot;mini/desktop.ini&quot;, 0xbffff7ec) = -1 ENOENT (No such file or directory)
+stat(&quot;mini&quot;, {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
+stat(&quot;mini/desktop.ini&quot;, 0xbffff7ec) = -1 ENOENT (No such file or directory)
+open(&quot;mini&quot;, O_RDONLY) = 5
+fcntl(5, F_SETFD, FD_CLOEXEC) = 0
+fstat(5, {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
+lseek(5, 0, SEEK_CUR) = 0
+SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 196
+lseek(5, 0, SEEK_CUR) = 1024
+SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 0
+close(5) = 0
+stat(&quot;mini/desktop.ini&quot;, 0xbffff86c) = -1 ENOENT (No such file or directory)
+write(3, &quot;\0\0\0#\377SMB\10\1\0\2\0\200\1\0&quot;..., 39) = 39
+SYS_142(0xff, 0xbffffc3c, 0, 0, 0xbffffc08) = 1
+read(3, &quot;\0\0\0?&quot;, 4) = 4
+read(3, &quot;\377SMBu\0\0\0\0\0\0\0\0\0\0\0\0&quot;..., 63) = 63
+time(NULL) = 896143871</pre></blockquote>
+
+<p>This example shows several <em class="emphasis">stat() calls</em> failing
+to find the files they were expecting. You don't
+have to be an expert to see that the file
+<em class="emphasis">desktop.ini</em> is missing from that directory. In
+fact, many difficult problems can be identified by looking for
+obvious, repeatable errors with <em class="emphasis">trace</em>. Often,
+you need not look further than the last message before a crash.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-1.3.2"/>
+
+<h3 class="head3">Using tcpdump</h3>
+
+<p>The <em class="emphasis">tcpdump</em><a name="INDEX-24"/> program, as extended by Andrew
+<a name="INDEX-25"/>Tridgell,
+allows you to monitor SMB <a name="INDEX-26"/>network
+traffic in real time. A variety of output formats are available, and
+you can filter the output to look at only a particular type of
+traffic. You can examine all conversations between client and server,
+including SMB and NMB broadcast messages. While its troubleshooting
+capabilities lie mainly at the OSI network layer, you can still use
+its output to get a general idea of what the server and client are
+attempting to do.</p>
+
+<p>A sample <em class="emphasis">tcpdump</em> log follows. In this instance,
+the client has requested a directory listing, and the server has
+responded appropriately, giving the directory names
+<tt class="literal">homes</tt>, <tt class="literal">public</tt>,
+<tt class="literal">IPC$</tt>, and <tt class="literal">temp</tt>
+(we've added a few explanations on the right):</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>tcpdump -v -s 255 -i eth0 port not telnet</b></tt>
+SMB PACKET: SMBtrans (REQUEST) <i class="lineannotation"> Request packet</i>
+SMB Command = 0x25 <i class="lineannotation">Request was ls or dir</i>
+
+[000] 01 00 00 10 <i class="lineannotation">....</i>
+
+
+&gt;&gt;&gt; NBT Packet <i class="lineannotation">Outer frame of SMB packet</i>
+NBT Session Packet
+Flags=0x0
+Length=226
+[lines skipped]
+
+SMB PACKET: SMBtrans (REPLY) <i class="lineannotation">Beginning of a reply to request</i>
+SMB Command = 0x25 <i class="lineannotation">Command was an ls or dir</i>
+Error class = 0x0
+Error code = 0 <i class="lineannotation">No errors</i>
+Flags1 = 0x80
+Flags2 = 0x1
+Tree ID = 105
+Proc ID = 6075
+UID = 100
+MID = 30337
+Word Count = 10
+TotParamCnt=8
+TotDataCnt=163
+Res1=0
+ParamCnt=8
+ParamOff=55
+Res2=0
+DataCnt=163
+DataOff=63
+Res3=0
+Lsetup=0
+Param Data: (8 bytes)
+[000] 00 00 00 00 05 00 05 00 ........
+
+Data Data: (135 bytes) <i class="lineannotation">Actual directory contents:</i>
+[000] 68 6F 6D 65 73 00 00 00 00 00 00 00 00 00 00 00 homes... ........
+[010] 64 00 00 00 70 75 62 6C 69 63 00 00 00 00 00 00 d...publ ic......
+[020] 00 00 00 00 75 00 00 00 74 65 6D 70 00 00 00 00 ....u... temp....
+[030] 00 00 00 00 00 00 00 00 76 00 00 00 49 50 43 24 ........ v...IPC$
+[040] 00 00 00 00 00 00 00 00 00 00 03 00 77 00 00 00 ........ ....w...
+[050] 64 6F 6E 68 61 6D 00 00 00 00 00 00 00 00 00 00 donham.. ........
+[060] 92 00 00 00 48 6F 6D 65 20 44 69 72 65 63 74 6F ....Home Directo
+[070] 72 69 65 73 00 00 00 49 50 43 20 53 65 72 76 69 ries...I PC Servi
+[080] 63 65 20 28 53 61 6D ce (Sam</pre></blockquote>
+
+<p>This is more of the same debugging session as we saw before with the
+<em class="emphasis">trace</em> command: the listing of a directory. The options
+we used were <em class="emphasis">-v</em> (verbose), <em class="emphasis">-i
+eth0</em> to tell <em class="emphasis">tcpdump</em> on which
+interface to listen (an Ethernet port), and <em class="emphasis">-s
+255</em> to tell it to save the first 255 bytes of each packet
+instead of the default: the first 68. The option
+<tt class="literal">port</tt> <tt class="literal">not</tt>
+<tt class="literal">telnet</tt> is used to avoid screens of telnet traffic,
+because we were logged in to the server remotely. The
+<em class="emphasis">tcpdump</em> program actually has quite a number of
+options to filter just the traffic you want to look at. If
+you've used <em class="emphasis">snoop</em> or
+<em class="emphasis">etherdump</em>, it will look vaguely familiar.</p>
+
+<p>You can download the modified <em class="emphasis">tcpdump</em> from the
+Samba FTP server, located at
+<a href="ftp://samba.anu.edu.au/pub/samba/tcpdump-smb">ftp://samba.anu.edu.au/pub/samba/tcpdump-smb</a>.
+Other versions might not include support for the SMB protocol; if you
+don't see output such as that shown in the example,
+you'll need to use the SMB-enabled version.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-1.3.3"/>
+
+<h3 class="head3">Using Ethereal</h3>
+
+<p><a name="INDEX-27"/>Ethereal (<a href="http://www.ethereal.com">http://www.ethereal.com</a>) is a GUI-based
+utility that performs the same basic function as
+<em class="emphasis">tcpdump</em>. You might prefer Ethereal because it is
+much easier to use. Once you have Ethereal running, just do the
+following:</p>
+
+<ol><li>
+<p>Select Start from the Capture menu.</p>
+</li><li>
+<p>Click the OK button in the dialog box that appears. This will bring
+up a dialog box showing how many packets Ethereal has seen. Perform
+the actions on the system(s) in your network to reproduce the problem
+you are analyzing.</p>
+</li><li>
+<p>Click the Stop button in the Ethereal dialog box to make it finish
+collecting data.</p>
+</li><li>
+<p>In the main Ethereal window, click any item in the upper window to
+view it in the lower window. In the lower window, click any of the
+boxes containing a plus sign (<tt class="literal">+</tt>) to expand the
+view.</p>
+</li></ol>
+<p>Ethereal does a good job of translating the content of the packets it
+encounters into human-readable format, and you should have little
+trouble seeing what happened on the network during the capture
+period. <a name="INDEX-28"/><a name="INDEX-29"/></p>
+
+
+</div>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-12-SECT-2"/>
+
+<h2 class="head1">The Fault Tree</h2>
+
+<p><a name="INDEX-30"/><a name="INDEX-31"/><a name="INDEX-32"/><a name="INDEX-33"/>The fault
+tree presented in this section is for diagnosing and fixing problems
+that occur when you're installing and reconfiguring
+Samba. It's an expanded form of the trouble and
+diagnostic document <em class="filename">DIAGNOSIS.txt</em>, which is part
+of the Samba distribution.</p>
+
+<p>Before you set out to troubleshoot any part of the Samba suite, you
+should know the following information:</p>
+
+<ul><li>
+<p>Your client IP address (we use 192.168.236.10)</p>
+</li><li>
+<p>Your server IP address (we use 192.168.236.86)</p>
+</li><li>
+<p>The netmask for your network (typically 255.255.255.0)</p>
+</li><li>
+<p>Whether the systems are all on the same subnet (ours are)</p>
+</li></ul>
+<p>For clarity, we've renamed the server in the
+following examples to <tt class="literal">server.example.com</tt>, and the
+client system to <tt class="literal">client.example.com</tt>.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-2.1"/>
+
+<h3 class="head2">How to Use the Fault Tree</h3>
+
+<p>Start the tests here, without skipping forward; it
+won't take long (about 5 minutes) and might actually
+save you time backtracking. Whenever a test succeeds, you will be
+given a name of a section to which you can safely skip.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-2.2"/>
+
+<h3 class="head2">Troubleshooting Low-Level IP</h3>
+
+<p><a name="INDEX-34"/>The
+first series of tests is that of the low-level services that Samba
+needs to run. The tests in this section verify that:</p>
+
+<ul><li>
+<p>The IP software works</p>
+</li><li>
+<p>The Ethernet hardware works</p>
+</li><li>
+<p>Basic name service is in place</p>
+</li></ul>
+<p>Subsequent sections add TCP software, the Samba daemons
+<em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em>, host-based
+access control, authentication and per-user access control, file
+services, and browsing. The tests are described in considerable
+detail to make them understandable by both technically oriented end
+users and experienced systems and network administrators.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.2.1"/>
+
+<h3 class="head3">Testing the networking software with ping</h3>
+
+<p><a name="INDEX-35"/>The first command to enter
+on both the server and the client is
+<tt class="literal">ping</tt><a name="INDEX-36"/><a name="INDEX-37"/>
+<tt class="literal">127.0.0.1</tt>. This pings the loopback address and
+indicates whether any networking support is functioning. On Unix, you
+can use <tt class="literal">ping</tt> <tt class="literal">127.0.0.1</tt> with the
+statistics option and interrupt it after a few lines. On Sun
+workstations, the command is typically
+<tt class="literal">/usr/etc/ping</tt> <tt class="literal">-s</tt>
+<tt class="literal">127.0.0.1</tt>; on Linux, just <tt class="literal">ping</tt>
+<tt class="literal">127.0.0.1</tt>. On Windows clients, run
+<tt class="literal">ping</tt> <tt class="literal">127.0.0.1</tt> in an MS-DOS
+(command prompt) window, and it will stop by itself after four lines.</p>
+
+<p>Here is an example on a Linux server:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ping 127.0.0.1 </b></tt>
+PING localhost: 56 data bytes 64 bytes from localhost (127.0.0.1):
+icmp-seq=0. time=1. ms 64 bytes from localhost (127.0.0.1):
+icmp-seq=1. time=0. ms 64 bytes from localhost (127.0.0.1):
+icmp-seq=2. time=1. ms ^C
+----127.0.0.1 PING Statistics----
+3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)
+min/avg/max = 0/0/1</pre></blockquote>
+
+<p>If you get &quot;ping: no answer from . . .
+&quot; or &quot;100% packet
+loss,&quot; you have no IP networking installed on the
+system. The address <tt class="literal">127.0.0.1</tt> is the internal
+loopback address and doesn't depend on the computer
+being physically connected to a network. If this test fails, you have
+a serious local problem. TCP/IP either isn't
+installed or is seriously misconfigured. See your operating system
+documentation if it's a Unix server. If
+it's a Windows client, follow the instructions in
+<a href="ch03.html">Chapter 3</a> to install networking support.</p>
+
+<a name="samba2-CHP-12-NOTE-155"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>If <em class="emphasis">you're</em> the network manager,
+some good references are Craig Hunt's
+<em class="emphasis">TCP/IP Network Administration</em>, Chapter 11, and Craig Hunt and Robert Bruce
+Thompson's <em class="emphasis">Windows NT TCP/IP Network
+Administration</em>, both published by
+O'Reilly.</p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.2.2"/>
+
+<h3 class="head3">Testing local name services with ping</h3>
+
+<p><a name="INDEX-38"/>Next, try to ping
+<tt class="literal">localhost</tt> on the Samba server. The
+<tt class="literal">localhost</tt> hostname is the conventional hostname
+for the <tt class="literal">127.0.0.1</tt> loopback interface, and it
+should resolve to that address. After typing <tt class="literal">ping</tt>
+<tt class="literal">localhost</tt>, you should see output similar to the
+following:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ping localhost </b></tt>
+PING localhost: 56 data bytes 64 bytes from localhost (127.0.0.1):
+icmp-seq=0. time=0. ms 64 bytes from localhost (127.0.0.1):
+icmp-seq=1. time=0. ms 64 bytes from localhost (127.0.0.1):
+icmp-seq=2. time=0. ms ^C</pre></blockquote>
+
+<p>If this succeeds, try the same test on the client. Otherwise:</p>
+
+<ul><li>
+<p>If you get &quot;unknown host:
+localhost,&quot; there is a problem resolving the
+hostname <em class="filename">localhost</em> into a valid IP address.
+(This might be as simple as a missing entry in a local
+<em class="emphasis">hosts</em> file.) From here, skip down to
+<a href="ch03.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a> later in this chapter.</p>
+</li><li>
+<p>If you get &quot;ping: no answer,&quot; or
+&quot;100% packet loss,&quot; but pinging
+<tt class="literal">127.0.0.1</tt> worked, name services is resolving to an
+address, but it isn't the correct one. Check the
+file or database (typically <em class="filename">/etc/hosts</em> on a Unix
+system) that the name service is using to resolve addresses to ensure
+that the entry is correct.</p>
+</li></ul>
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.2.3"/>
+
+<h3 class="head3">Testing the networking hardware with ping</h3>
+
+<p><a name="INDEX-39"/>Next, ping the
+server's network IP address from itself. This should
+get you exactly the same results as pinging
+<tt class="literal">127.0.0.1</tt>:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ping 192.168.236.86 </b></tt>
+PING 192.168.236.86: 56 data bytes 64 bytes from 192.168.236.86 (192.168.236.86):
+icmp-seq=0. time=1. ms 64 bytes from 192.168.236.86 (192.168.236.86):
+icmp-seq=1. time=0. ms 64 bytes from 192.168.236.86 (192.168.236.86):
+icmp-seq=2. time=1. ms ^C
+----192.168.236.86 PING Statistics----
+3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)
+min/avg/max = 0/0/1</pre></blockquote>
+
+<p>If this works on the server, repeat it for the client. Otherwise:</p>
+
+<ul><li>
+<p>If <tt class="literal">ping</tt> <em class="replaceable">network_ip</em>
+fails on either the server or client, but <tt class="literal">ping</tt>
+<tt class="literal">127.0.0.1</tt> works on that system, you have a TCP/IP
+problem that is specific to the Ethernet network interface card on
+the computer. Check with the documentation for the network card or
+host operating system to determine how to configure it correctly.
+However, be aware that on some operating systems, the
+<em class="emphasis">ping</em> command appears to work even if the network
+is disconnected, so this test doesn't always
+diagnose all hardware problems.</p>
+</li></ul>
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.2.4"/>
+
+<h3 class="head3">Testing connections with ping</h3>
+
+<p><a name="INDEX-40"/>Now, ping the server by name (instead
+of its IP address)&mdash;once from the server and once from the
+client. This is the general test for working network hardware:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ping server </b></tt>
+PING server.example.com: 56 data bytes 64 bytes from server.example.com (192.168.236.86):
+icmp-seq=0. time=1. ms 64 bytes from server.example.com (192.168.236.86):
+icmp-seq=1. time=0. ms 64 bytes from server.example.com (192.168.236.86):
+icmp-seq=2. time=1. ms ^C
+----server.example.com PING Statistics----
+3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)
+min/avg/max = 0/0/1</pre></blockquote>
+
+<p>If successful, this test tells us five things:</p>
+
+<ul><li>
+<p>The hostname (e.g., <tt class="literal">server</tt>) is being found by your
+local name server.</p>
+</li><li>
+<p>The hostname has been expanded to the full name (e.g.,
+<tt class="literal">server.example.com</tt>).</p>
+</li><li>
+<p>Its address is being returned (<tt class="literal">192.168.236.86</tt>).</p>
+</li><li>
+<p>The client has sent the Samba server four 56-byte UDP/IP packets.</p>
+</li><li>
+<p>The Samba server has replied to all four packets.</p>
+</li></ul>
+<p>If this test isn't successful, one of several things
+can be wrong with the network:</p>
+
+<ul><li>
+<p>First, if you get <tt class="literal">ping</tt>: <tt class="literal">no</tt>
+<tt class="literal">answer</tt>, or <tt class="literal">100%</tt>
+<tt class="literal">packet</tt> <tt class="literal">loss</tt>,
+you're not connecting to the network, the other
+system isn't connecting, or one of the addresses is
+incorrect. Check the addresses that the <em class="emphasis">ping</em>
+command reports on each system, and ensure that they match the ones
+you set up initially.</p>
+
+<p>If not, there is at least one mismatched address between the two
+systems. Try entering the command <tt class="literal">arp</tt>
+<tt class="literal">-a</tt>, and see if there is an entry for the other
+system. (The <em class="emphasis">arp</em> command stands for the Address
+Resolution Protocol. The <tt class="literal">arp</tt> <tt class="literal">-a</tt>
+command lists all the addresses known on the local system.) Here are
+some things to try:</p>
+<ul><li>
+<p>If you receive a message like <tt class="literal">192.168.236.86</tt>
+<tt class="literal">at</tt> <tt class="literal">(incomplete)</tt>, the Ethernet
+address of 192.168.236.86 is unknown. This indicates a complete lack
+of connectivity, and you're likely having a problem
+at the very bottom of the TCP/IP protocol stack&mdash;the Ethernet
+interface layer. This is discussed in Chapters 5 and 6 of
+<em class="citetitle">TCP/IP Network Administration
+</em>(O'Reilly).</p>
+</li><li>
+<p>If you receive a response similar to server
+<tt class="literal">(192.168.236.86)</tt> <tt class="literal">at</tt>
+<tt class="literal">8:0:20:12:7c:94</tt>, the server has been reached at
+some time, or another system is answering on its behalf. However,
+this means that <em class="emphasis">ping</em> should have worked: you may
+have an intermittent networking or ARP problem.</p>
+</li><li>
+<p>If the IP address from ARP doesn't match the
+addresses you expected, investigate and correct the addresses
+manually.</p>
+</li>
+</ul>
+</li>
+
+<li>
+<p>If each system can ping itself but not another, something is wrong on
+the network between them.</p>
+</li><li>
+<p>If you get <tt class="literal">ping</tt>: <tt class="literal">network</tt>
+<tt class="literal">unreachable</tt> or <tt class="literal">ICMP</tt>
+<tt class="literal">Host</tt> <tt class="literal">Unreachable</tt>,
+you're not receiving an answer, and more than one
+network is probably involved.</p>
+
+<p>In principle, you shouldn't try to troubleshoot SMB
+clients and servers on different networks. Try to test a server and
+client that are on the same network:</p>
+
+<ol><li>
+<p>First, perform the tests for <tt class="literal">ping</tt>:
+<tt class="literal">no</tt> <tt class="literal">answer</tt> described earlier in
+this section. If this doesn't identify the problem,
+the remaining possibilities are the following: an address is wrong,
+your netmask is wrong, a network is down, or the packets have been
+stopped by a firewall.</p>
+</li>
+<li>
+<p>Check both the address and the netmasks on source and destination
+systems to see if something is obviously wrong. Assuming both systems
+really are on the same network, they both should have the same
+netmasks, and <em class="emphasis">ping</em> should report the correct
+addresses. If the addresses are wrong, you'll need
+to correct them. If they are correct, the programs might be confused
+by an incorrect netmask. See <a href="ch12.html#samba2-CHP-12-SECT-2.8.1">Section 12.2.8.1</a>, later in this chapter.</p>
+</li>
+<li>
+<p>If the commands are still reporting that the network is unreachable
+and neither of the previous two conditions are in error, one network
+really might be unreachable from the other. This, too, is an issue
+for the network manager.</p>
+</li></ol>
+</li><li>
+<p>If you get <tt class="literal">ICMP</tt>
+<tt class="literal">Administratively</tt> <tt class="literal">Prohibited</tt>,
+you've struck a firewall of some sort or a
+misconfigured router. You will need to speak to your network security
+officer.</p>
+</li><li>
+<p>If you get <tt class="literal">ICMP</tt> <tt class="literal">Host</tt>
+<tt class="literal">redirect</tt> and <em class="emphasis">ping</em> reports
+packets getting through, this is generally harmless:
+you're simply being rerouted over the network.</p>
+</li><li>
+<p>If you get a host redirect and no <em class="emphasis">ping</em>
+responses, you are being redirected, but no one is responding. Treat
+this just like the <tt class="literal">Network</tt>
+<tt class="literal">unreachable</tt> response, and check your addresses and
+netmasks.</p>
+</li><li>
+<p>If you get <tt class="literal">ICMP</tt> <tt class="literal">Host</tt>
+<tt class="literal">Unreachable</tt> <tt class="literal">from</tt>
+<tt class="literal">gateway</tt> <tt class="literal">gateway</tt>
+<tt class="literal">name</tt>, ping packets are being routed to another
+network, but the other system isn't responding and
+the router is reporting the problem on its behalf. Again, treat this
+like a <tt class="literal">Network</tt> <tt class="literal">unreachable</tt>
+response, and start checking addresses and netmasks.</p>
+</li><li>
+<p>If you get <tt class="literal">ping</tt>: <tt class="literal">unknown</tt>
+<tt class="literal">host</tt> <tt class="literal">hostname</tt>, your
+system's name is not known. This tends to indicate a
+name service problem, which didn't affect
+<tt class="literal">localhost</tt>. Have a look at <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this chapter.</p>
+</li><li>
+<p>If you get a partial success&mdash;with some pings failing but others
+succeeding&mdash;you have either an intermittent problem between the
+systems or an overloaded network. Ping a bit longer, and see if more
+than about three percent of the packets fail. If so, check it with
+your network manager: a problem might just be starting. However, if
+only a few fail, or if you happen to know some massive network
+program is running, don't worry unduly. The ICMP
+(and UDP) protocols used by <em class="emphasis">ping</em> are allowed to
+drop occasional packets.</p>
+</li><li>
+<p>If you get a response such as <tt class="literal">smtsvr.antares.net</tt>
+<tt class="literal">is</tt> <tt class="literal">alive</tt> when you actually
+pinged <tt class="literal">client.example.com</tt>, either
+you're using someone else's address
+or the system has multiple names and addresses. If the address is
+wrong, the name service is clearly the culprit;
+you'll need to change the address in the name
+service database to refer to the correct system. This is discussed in
+<a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this
+chapter.</p>
+
+<p>Servers are often <em class="emphasis">multihomed</em> &mdash;i.e.,
+connected to more than one network, with different names on each net.
+If you are getting a response from an unexpected name on a multihomed
+server, look at the address and see if it's on your
+network (see <a href="ch12.html#samba2-CHP-12-SECT-2.8.1">Section 12.2.8.1</a>, later in this chapter). If
+so, you should use that address, rather than one on a different
+network, for both performance and reliability reasons.</p>
+
+<p>Servers can also have multiple names for a single Ethernet address,
+especially if they are web servers. This is harmless, albeit
+startling. You probably will want to use the official (and permanent)
+name, rather than an alias that might change.</p>
+</li><li>
+<p>If everything works but the IP address reported is
+<tt class="literal">127.0.0.1</tt>, you have a name service error. This
+typically occurs when an operating-system installation program
+generates an <em class="filename">/etc/hosts</em> line similar to
+<tt class="literal">127.0.0.1</tt> <tt class="literal">localhost</tt>
+<em class="emphasis">hostname.domainname</em>. The localhost line should
+say <tt class="literal">127.0.0.1</tt> <tt class="literal">localhost</tt> or
+<tt class="literal">127.0.0.1</tt> <tt class="literal">localhost</tt>
+<tt class="literal">loghost</tt>. Correct it, lest it cause failures to
+negotiate who is the master browse list holder and who is the master
+browser. It can also cause (ambiguous) errors in later tests.</p>
+</li></ul>
+<p>If this worked from the server, repeat it from the client. <a name="INDEX-41"/>
+<a name="INDEX-42"/><a name="INDEX-43"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-2.3"/>
+
+<h3 class="head2">Troubleshooting TCP</h3>
+
+<p><a name="INDEX-44"/><a name="INDEX-45"/>Now that
+you've tested IP, UDP, and a name service with
+<em class="emphasis">ping</em>, it's time to test TCP.
+Browsing and <em class="emphasis">ping</em> use ICMP and UDP; file and
+print services (shares) use TCP. Both depend on IP as a lower layer,
+and all four depend on name services. Testing TCP is most
+conveniently done using the FTP program.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.3.1"/>
+
+<h3 class="head3">Testing TCP with FTP</h3>
+
+<p>Try connecting via FTP, once from the server to itself, and once from
+the client to the server:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ftp server</b></tt>
+Connected to server.example.com.
+220 server.example.com FTP server (Version 6.2/OpenBSD/Linux-0.10) ready.
+ Name (server:davecb):
+331 Password required for davecb.
+Password:
+230 User davecb logged in.
+ ftp&gt;<tt class="userinput"><b> quit </b></tt>
+221 Goodbye.</pre></blockquote>
+
+<p>If this worked, skip to the next section, <a href="ch12.html#samba2-CHP-12-SECT-2.4">Section 12.2.4</a>. Otherwise:</p>
+
+<ul><li>
+<p>If you received the message <tt class="literal">server</tt>:
+<tt class="literal">unknown</tt> <tt class="literal">host</tt>, name service has
+failed. Go back to the corresponding <em class="emphasis">ping</em> step,
+<a href="ch12.html#samba2-CHP-12-SECT-2.2.2">Section 12.2.2.2</a>, and rerun those tests
+to see why name lookup failed.</p>
+</li><li>
+<p>If you received <tt class="literal">ftp</tt>: <tt class="literal">connect</tt>:
+<tt class="literal">Connection</tt> <tt class="literal">refused</tt>, the system
+isn't running an FTP daemon. This is mildly unusual
+on Unix servers. Optionally, you might try this test by connecting to
+the system using <em class="emphasis">telnet</em> instead of
+<em class="emphasis">ftp</em>; the messages are very similar, and
+<em class="emphasis">telnet</em> uses TCP as well.</p>
+</li><li>
+<p>If there was a long pause, and then <tt class="literal">ftp</tt>:
+<tt class="literal">connect</tt>: <tt class="literal">Connection</tt>
+<tt class="literal">timed</tt> <tt class="literal">out</tt>, the system
+isn't reachable. Return to <a href="ch12.html#samba2-CHP-12-SECT-2.2.4">Section 12.2.2.4</a>.</p>
+</li><li>
+<p>If you received <tt class="literal">530</tt> <tt class="literal">Logon</tt>
+<tt class="literal">Incorrect</tt>, you connected successfully, but
+you've just found a different problem. You likely
+provided an incorrect username or password. Try again, making sure
+you use your username from the Unix server and type your password
+correctly.</p>
+</li></ul>
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-2.4"/>
+
+<h3 class="head2">Troubleshooting Server Daemons</h3>
+
+<p><a name="INDEX-46"/>Once
+you've confirmed that TCP networking is working
+properly, the next step is to make sure the daemons are running on
+the server. This takes three separate tests because no single one of
+the following will decisively prove that they're
+working correctly.</p>
+
+<p>To be sure they're running, you need to find out
+whether the daemons:</p>
+
+<ol><li>
+<p>Have started</p>
+</li><li>
+<p>Are registered or bound to a TCP/IP port by the operating system</p>
+</li><li>
+<p>Are actually paying attention</p>
+</li></ol>
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.4.1"/>
+
+<h3 class="head3">Tracking daemon startup</h3>
+
+<p><a name="INDEX-47"/>First, check the Samba logs. If
+you've started the daemons, the message
+<tt class="literal">smbd</tt> <tt class="literal">version</tt>
+<tt class="literal">number</tt> <tt class="literal">started</tt> should appear.
+If it doesn't, you need to restart the Samba
+daemons.</p>
+
+<p>If the daemon reports that it has indeed started, look out for
+<tt class="literal">bind</tt> <tt class="literal">failed</tt>
+<tt class="literal">on</tt> <tt class="literal">port</tt> <tt class="literal">139</tt>
+<tt class="literal">socket_addr=0</tt> <tt class="literal">(Address</tt>
+<tt class="literal">already</tt> <tt class="literal">in</tt>
+<tt class="literal">use)</tt>. This means another daemon has been started
+on port 139 (<em class="emphasis">smbd</em> ). Also,
+<em class="emphasis">nmbd</em> will report a similar failure if it cannot
+bind to port 137. Either you've started them twice,
+or the <em class="emphasis">inetd</em> server has tried to provide a
+daemon for you. If it's the latter,
+we'll diagnose that in a moment.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.4.2"/>
+
+<h3 class="head3">Looking for daemon processes with ps</h3>
+
+<p><a name="INDEX-48"/>Another way to make sure the daemons are
+running is to check their processes on the system. Use the
+<em class="emphasis">ps</em><a name="INDEX-49"/> command on the server with the
+&quot;long&quot; option for your system type
+(commonly <tt class="literal">ps</tt> <tt class="literal">ax</tt> or
+<tt class="literal">ps</tt> <tt class="literal">-ef</tt>), and see whether
+<em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em> are already
+running. This often looks like the following:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ps ax</b></tt>
+ PID TTY STAT TIME COMMAND
+ 1 ? S 0:03 init [2]
+ 2 ? SW 0:00 (kflushd)
+<i class="lineannotation">(...many lines of processes...) </i>
+ 234 ? S 0:14 nmbd -D3
+ 237 ? S 0:11 smbd -D3
+<i class="lineannotation">(...more lines, possibly including more smbd lines...)</i></pre></blockquote>
+
+<p>This example illustrates that <em class="emphasis">smbd</em> and
+<em class="emphasis">nmbd</em> have already started as standalone daemons
+(the <em class="emphasis">-D</em> option) at log level 3.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.4.3"/>
+
+<h3 class="head3">Looking for daemons bound to ports</h3>
+
+<p><a name="INDEX-50"/>Next, the daemons have to be registered
+with the operating system so that they can get access to TCP/IP
+ports. The <em class="emphasis">netstat</em> command will tell you if this
+has been done. Run the command <tt class="literal">netstat</tt>
+<tt class="literal">-a</tt> on the server, and look for lines mentioning
+<tt class="literal">netbios</tt>, <tt class="literal">137</tt>, or
+<tt class="literal">139</tt>:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>netstat -a </b></tt>
+Active Internet connections (including servers)
+Proto Recv-Q Send-Q Local Address Foreign Address (state)
+udp 0 0 *.137 *.*
+tcp 0 0 *.139 *.* LISTEN
+tcp 8370 8760 server.139 client.1439 ESTABLISHED</pre></blockquote>
+
+<p>Among similar lines, there should be at least one UDP line for
+<tt class="literal">*.netbios-</tt> or <tt class="literal">*.137</tt>. This
+indicates that the <em class="emphasis">nmbd</em> server is registered and
+(we hope) is waiting to answer requests. There should also be at
+least one TCP line mentioning <tt class="literal">*.netbios-</tt> or
+<tt class="literal">*.139</tt>, and it will probably be in the LISTEN
+state. This means that <em class="emphasis">smbd</em> is up and listening
+for connections.</p>
+
+<p>There might be other TCP lines indicating connections from
+<em class="emphasis">smbd</em> to clients, one for each client. These are
+usually in the ESTABLISHED state. If there are
+<em class="emphasis">smbd</em> lines in the ESTABLISHED state,
+<em class="emphasis">smbd</em> is definitely running. If there is only one
+line in the LISTEN state, we're not sure yet. If
+both of the lines are missing, a daemon has not succeeded in
+starting, so it's time to check the logs and then go
+back to <a href="ch02.html">Chapter 2</a>.</p>
+
+<p>If there is a line for each client, it might be coming either from a
+Samba daemon or from the master IP daemon,
+<em class="emphasis">inetd</em>. It's quite possible that
+your <em class="emphasis">inetd</em> startup file contains lines that
+start Samba daemons without your realizing it; for instance, the
+lines might have been placed there if you installed Samba as part of
+a Linux distribution. The daemons started by
+<em class="emphasis">inetd</em> prevent ours from running. This problem
+typically produces log messages such as <tt class="literal">bind</tt>
+<tt class="literal">failed</tt> <tt class="literal">on</tt>
+<tt class="literal">port</tt> <tt class="literal">139</tt>
+<tt class="literal">socket</tt> <tt class="literal">addr=0</tt>
+<tt class="literal">(Address</tt> <tt class="literal">already</tt>
+<tt class="literal">in</tt> <tt class="literal">use)</tt>.</p>
+
+<p>Check your <em class="filename">/etc/inetd.conf</em> ; unless
+you're intentionally starting the daemons from
+there, <tt class="literal">netbios-ns</tt> (UDP port 137) or
+<tt class="literal">netbios-ssn</tt> (tcp port 139) servers should be
+mentioned there. If your system is providing an SMB daemon via
+<em class="emphasis">inetd</em>, lines such as the following will appear
+in the <em class="filename">inetd.conf</em> file:</p>
+
+<blockquote><pre class="code">netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd
+netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd</pre></blockquote>
+
+<p>If your system uses <em class="emphasis">xinetd</em> instead of
+<em class="emphasis">inetd</em>, see <a href="ch02.html">Chapter 2</a> for
+details concerning its configuration.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.4.4"/>
+
+<h3 class="head3">Checking smbd with telnet</h3>
+
+<p><a name="INDEX-51"/><a name="INDEX-52"/><a name="INDEX-53"/>Ironically, the easiest way to test that
+the <em class="emphasis">smbd</em> server is actually working is to send
+it a meaningless message and see if it is rejected. Try something
+such as the following:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>echo &quot;hello&quot; | telnet localhost 139 </b></tt>
+Trying
+Trying 192.168.236.86 ...
+Connected to localhost. Escape character is '^]'.
+Connection closed by foreign host.</pre></blockquote>
+
+<p>This sends an erroneous but harmless message to
+<em class="emphasis">smbd</em>. If you get a <tt class="literal">Connected</tt>
+message followed by a <tt class="literal">Connection</tt>
+<tt class="literal">closed</tt> message, the test was a success. You have
+an <em class="emphasis">smbd</em> daemon listening on the port and
+rejecting improper connection messages. On the other hand, if you get
+<tt class="literal">telnet</tt>: <tt class="literal">connect</tt>:
+<tt class="literal">Connection</tt> <tt class="literal">refused</tt>, most likely
+no daemon is present. Check the logs and go back to <a href="ch02.html">Chapter 2</a>.</p>
+
+<p>Regrettably, there isn't an easy test for
+<em class="emphasis">nmbd</em>. If the <em class="emphasis">telnet</em> test
+and the <em class="emphasis">netstat</em> test both say that an
+<em class="emphasis">smbd</em> is running, there is a good chance that
+<em class="emphasis">netstat</em> will also be correct about
+<em class="emphasis">nmbd</em> running.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.4.5"/>
+
+<h3 class="head3">Testing daemons with testparm</h3>
+
+<p><a name="INDEX-54"/><a name="INDEX-55"/>Once you know
+there's a daemon, you should always run
+<em class="emphasis">testparm</em>, in hopes of getting something such as
+the following:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>testparm </b></tt>
+Load smb config files from /opt/samba/lib/smb.conf
+Processing section &quot;[homes]&quot;
+Processing section &quot;[printers]&quot; ...
+Processing section &quot;[tmp]&quot;
+Loaded services file OK. ...</pre></blockquote>
+
+<p>The <em class="emphasis">testparm</em> program normally reports the
+processing of a series of sections and responds with
+<tt class="literal">Loaded</tt> <tt class="literal">services</tt>
+<tt class="literal">file</tt> <tt class="literal">OK</tt> if it succeeds. If not,
+it reports one or more of the following messages, which also appear
+in the logs as noted:</p>
+
+<dl>
+<dt><b>Allow/Deny connection from account (n) to service</b></dt>
+<dd>
+<p>A <em class="emphasis">testparm</em>-only message produced if you have
+<tt class="literal">valid</tt> <tt class="literal">user</tt> or
+<tt class="literal">invalid</tt> <tt class="literal">user</tt> options set in
+your <em class="emphasis">smb.conf</em>. You will want to make sure that
+you are on the valid user list, and that <tt class="literal">root</tt>,
+<tt class="literal">bin</tt>, etc., are on the invalid user list. If you
+don't, you will not be able to connect, or users who
+shouldn't <em class="emphasis">will</em> be able to.</p>
+</dd>
+
+
+
+<dt><b>Warning: You have some share names that are longer than eight chars</b></dt>
+<dd>
+<p>For anyone using Windows for Workgroups and older clients. They fail
+to connect to shares with long names, producing an overflow message
+that sounds confusingly like a memory overflow.</p>
+</dd>
+
+
+
+<dt><b>Warning: [name] service MUST be printable!</b></dt>
+<dd>
+<p>A printer share lacks a <tt class="literal">printable</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> option.</p>
+</dd>
+
+
+
+<dt><b>No path in service name using [name]</b></dt>
+<dd>
+<p>A file share doesn't know which directory to provide
+to the user, or a print share doesn't know which
+directory to use for spooling. If no path is specified, the service
+will try to run with a path of <em class="emphasis">/tmp</em>, which might
+not be what you want.</p>
+</dd>
+
+
+
+<dt><b>Note: Servicename is flagged unavailable</b></dt>
+<dd>
+<p>Just a reminder that you have used the <tt class="literal">available</tt>
+<tt class="literal">=</tt> <tt class="literal">no</tt> option in a share.</p>
+</dd>
+
+
+
+<dt><b>Can't find include file [name] </b></dt>
+<dd>
+<p>A configuration file referred to by an <tt class="literal">include</tt>
+option did not exist. If you were including the file unconditionally,
+this is an error and probably a serious one: the share will not have
+the configuration you intended. If you were including it based on one
+of the <tt class="literal">%</tt> variables, such as <tt class="literal">%a</tt>
+(architecture), you will need to decide whether, for example, a
+missing Windows for Workgroups configuration file is a problem. It
+often isn't.</p>
+</dd>
+
+
+
+<dt><b>Can't copy service name, unable to copy to itself</b></dt>
+<dd>
+<p>You tried to copy an <em class="filename">smb.conf</em> section into
+itself.</p>
+</dd>
+
+
+
+<dt><b>Unable to copy service&mdash;source not found: [name]</b></dt>
+<dd>
+<p>Indicates a missing or misspelled section in a
+<tt class="literal">copy</tt> <tt class="literal">=</tt> option.</p>
+</dd>
+
+
+
+<dt><b>Ignoring unknown parameter name </b></dt>
+<dd>
+<p>Typically indicates an obsolete, misspelled, or unsupported option.</p>
+</dd>
+
+
+
+<dt><b>Global parameter name found in service section </b></dt>
+<dd>
+<p>Indicates that a global-only parameter has been used in an individual
+share. Samba ignores the parameter.</p>
+</dd>
+
+</dl>
+
+<p>After the <em class="emphasis">testparm</em> test, repeat it with
+(exactly) three parameters: the name of your
+<em class="filename">smb.conf</em> file, the name of your client, and its
+IP address:</p>
+
+<blockquote><pre class="code"># <tt class="userinput"><b>testparm /usr/local/samba/lib/smb.conf client 192.168.236.10</b></tt></pre></blockquote>
+
+<p>This will run one more test that checks the hostname and address
+against <tt class="literal">hosts</tt> <tt class="literal">allow</tt> and
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> options and might
+produce the <tt class="literal">Allow</tt> <tt class="literal">connection</tt>
+<tt class="literal">from</tt> <tt class="literal">hostname</tt>
+<tt class="literal">to</tt> <tt class="literal">service</tt> and/or
+<tt class="literal">Deny</tt> <tt class="literal">connection</tt>
+<tt class="literal">from</tt> <tt class="literal">hostname</tt>
+<tt class="literal">to</tt> <tt class="literal">service</tt> messages for the
+client system. These messages indicate that you have
+<tt class="literal">hosts</tt> <tt class="literal">allow</tt> and/or
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> options in your
+<em class="filename">smb.conf</em>, and they prohibit access from the
+client system. <a name="INDEX-56"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-2.5"/>
+
+<h3 class="head2">Troubleshooting SMB Connections</h3>
+
+<p><a name="INDEX-57"/><a name="INDEX-58"/>Now
+that you know the servers are up, you need to make sure
+they're running properly. We start by placing a
+simple <em class="filename">smb.conf</em> file in the
+<em class="filename">/usr/local/samba/lib</em> directory.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.5.1"/>
+
+<h3 class="head3">A minimal smb.conf file</h3>
+
+<p>In the following tests, we assume you have a
+<tt class="literal">[temp]</tt> share suitable for testing, plus at least
+one account. An <em class="filename">smb.conf</em> file that includes just
+these is as follows:</p>
+
+<blockquote><pre class="code">[global]
+ workgroup = <em class="replaceable">EXAMPLE</em>
+ security = user
+ browsable = yes
+ local master = yes
+[homes]
+ guest ok = no
+ browsable = no
+[temp]
+ path = /tmp
+ public = yes</pre></blockquote>
+<a name="samba2-CHP-12-NOTE-156"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
+<p>The <tt class="literal">public</tt> <tt class="literal">=</tt>
+<tt class="literal">yes</tt> option in the <tt class="literal">[temp]</tt> share
+is just for testing. You probably don't want people
+without accounts storing things on your Samba server, so you should
+comment it out when you're done.</p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.5.2"/>
+
+<h3 class="head3">Testing locally with smbclient</h3>
+
+<p><a name="INDEX-59"/><a name="INDEX-60"/>The first test is to ensure that the
+server can list its own services (shares). Run the command
+<tt class="literal">smbclient</tt> <em class="emphasis">-L</em>
+<tt class="literal">localhost</tt> <tt class="literal">-U%</tt> to connect to the
+server from itself, and specify the guest user. You should see the
+following:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L localhost -U% </b></tt>
+Server time is Wed May 27 17:57:40 2002 Timezone is UTC-4.0
+Server=[localhost]
+User=[davecb]
+Workgroup=[EXAMPLE]
+Domain=[EXAMPLE]
+ Sharename Type Comment
+ --------- ----- ----------
+ temp Disk
+ IPC$ IPC IPC Service (Samba 1.9.18)
+ homes Disk Home directories
+This machine does not have a browse list</pre></blockquote>
+
+<p>If you received this output, move on to the next section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.3">Section 12.2.5.3</a>. On the other hand, if you
+receive an error, check the following:</p>
+
+<ul><li>
+<p>If you get <tt class="literal">Get_hostbyname</tt>:
+<tt class="literal">unknown</tt> <tt class="literal">host</tt>
+<tt class="literal">localhost</tt>, either you've spelled
+its name wrong or there actually is a problem (which should have been
+seen back in <a href="ch12.html#samba2-CHP-12-SECT-2.2.2">Section 12.2.2.2</a>). In the
+latter case, move on to <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this chapter.</p>
+</li><li>
+<p>If you get <tt class="literal">Connect</tt> <tt class="literal">error</tt>:
+<tt class="literal">Connection</tt> <tt class="literal">refused</tt>, the server
+was found, but it wasn't running an
+<em class="emphasis">nmbd</em> daemon. Skip back to
+<a href="ch12.html#samba2-CHP-12-SECT-2.4">Section 12.2.4</a>,
+earlier in this chapter, and retest the daemons.</p>
+</li><li>
+<p>If you get the message <tt class="literal">Your</tt>
+<tt class="literal">server</tt> <tt class="literal">software</tt>
+<tt class="literal">is</tt> <tt class="literal">being</tt>
+<tt class="literal">unfriendly</tt>, the initial session request packet got
+a garbage response from the server. The server might have crashed or
+started improperly. The common causes of this can be discovered by
+scanning the logs for the following:</p>
+<ul><li>
+<p>Invalid command-line parameters to <em class="emphasis">smbd</em> ; see
+the <em class="emphasis">smbd</em> manual page.</p>
+</li><li>
+<p>A fatal problem with the <em class="filename">smb.conf</em> file that
+prevents the startup of <em class="emphasis">smbd</em>. Always check your
+changes with <em class="emphasis">testparm</em>, as was done in <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>, earlier in this chapter.</p>
+</li><li>
+<p>Missing directories where Samba is supposed to keep its log and lock
+files.</p>
+</li><li>
+<p>The presence of a server already on the port (139 for
+<em class="emphasis">smbd</em>, 137 for <em class="emphasis">nmbd</em> ),
+preventing the daemon from starting.</p>
+</li></ul>
+</li>
+<li>
+<p>If you're using <em class="emphasis">inetd</em> (or
+xinetd ) instead of standalone daemons, be sure to check your
+<em class="filename">/etc/inetd.conf</em> (or xinetd configuration files)
+and <em class="filename">/etc/services</em> entries against their manual
+pages for errors as well.</p>
+</li><li>
+<p>If you get a <tt class="literal">Password</tt>: prompt, your guest account
+is not set up properly. The <em class="emphasis">-U%</em> option tells
+<em class="emphasis">smbclient</em> to do a &quot;null
+login,&quot; which requires that the guest account be
+present but does not require it to have any privileges.</p>
+</li><li>
+<p>If you get the message <tt class="literal">SMBtconX</tt>
+<tt class="literal">failed</tt>. <tt class="literal">ERRSRV--ERRaccess</tt>, you
+aren't permitted access to the server. This normally
+means you have a <tt class="literal">hosts</tt> <tt class="literal">allow</tt>
+option that doesn't include the server or a
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> option that does.
+Recheck with the command <tt class="literal">testparm</tt>
+<tt class="literal">smb.conf</tt> <em class="replaceable">your_hostname</em>
+<em class="replaceable">your_ip_address</em> (see
+<a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>),
+and correct any unintended prohibitions.</p>
+</li></ul>
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.5.3"/>
+
+<h3 class="head3">Testing connections with smbclient</h3>
+
+<p><a name="INDEX-61"/><a name="INDEX-62"/>Run the command
+<tt class="literal">smbclient</tt>
+<tt class="literal">\\</tt><em class="replaceable">server</em><tt class="literal">\temp</tt>
+to connect to the server's <tt class="literal">[temp]</tt>
+share and to see if you can connect to a file service. You should get
+the following response:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient '\\server\temp' </b></tt>
+Server time is Tue May 5 09:49:32 2002 Timezone is UTC-4.0 Password:
+<b class="emphasis-bold">smb: \&gt; quit</b></pre></blockquote>
+<p>You might receive the following errors:</p>
+
+<ul><li>
+<p>If you get <tt class="literal">Get_Hostbyname</tt>:
+<tt class="literal">Unknown</tt> <tt class="literal">host</tt>
+<tt class="literal">name</tt>, <tt class="literal">Connect</tt>
+<tt class="literal">error</tt>: <tt class="literal">Connection</tt>
+<tt class="literal">refused</tt>, or <tt class="literal">Your</tt>
+<tt class="literal">server</tt> <tt class="literal">software</tt>
+<tt class="literal">is</tt> <tt class="literal">being</tt>
+<tt class="literal">unfriendly</tt>, see the previous section,
+<a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>, for
+the diagnoses.</p>
+</li><li>
+<p>If you get the message <tt class="literal">servertemp</tt>:
+<tt class="literal">Not</tt> <tt class="literal">enough</tt>
+<tt class="literal">`\</tt>'
+<tt class="literal">characters</tt> <tt class="literal">in</tt>
+<tt class="literal">service</tt>, you likely didn't quote
+the address, so Unix stripped off backslashes. You can also write the
+command:</p>
+
+<blockquote><pre class="code">smbclient \\\\<em class="replaceable">server</em>\\temp</pre></blockquote>
+
+<p>or:</p>
+<blockquote><pre class="code">smbclient //<em class="replaceable">server</em>/temp</pre></blockquote>
+</li>
+</ul>
+<p>Now, provide your Unix account password to the
+<tt class="literal">Password</tt>: prompt. If you then get an
+<tt class="literal">smb</tt>: <tt class="literal">\&gt;</tt> prompt, it worked.
+Enter <tt class="literal">quit</tt> and continue on to the next section,
+<a href="ch12.html#samba2-CHP-12-SECT-2.5.4">Section 12.2.5.4</a>. If
+you got <tt class="literal">SMBtconX</tt> <tt class="literal">failed</tt>.
+<tt class="literal">ERRSRV--ERRinvnetname</tt>, the problem can be any of
+the following:</p>
+
+<ul><li>
+<p>A wrong share name: you might have spelled it wrong, it might be too
+long, it might be in mixed case, or it might not be available. Check
+that it's what you expect with
+<em class="emphasis">testparm</em> (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>).</p>
+</li><li>
+<p>A <tt class="literal">security</tt> <tt class="literal">=</tt>
+<tt class="literal">share</tt> parameter in your Samba configuration file,
+in which case you might have to add <tt class="literal">-U</tt>
+<em class="replaceable">your_account</em> to the
+<em class="emphasis">smbclient</em> command.</p>
+</li><li>
+<p>An erroneous username.</p>
+</li><li>
+<p>An erroneous password.</p>
+</li><li>
+<p>An <tt class="literal">invalid</tt> <tt class="literal">users</tt> or
+<tt class="literal">valid</tt> <tt class="literal">users</tt> option in your
+<em class="emphasis">smb.conf</em> file that doesn't
+allow your account to connect. Recheck using
+<tt class="literal">testparm</tt> <tt class="literal">smb.conf</tt>
+<em class="replaceable">your_hostname your_ip_address</em> (see the
+earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>).</p>
+</li><li>
+<p>A <tt class="literal">valid</tt> <tt class="literal">hosts</tt> option that
+doesn't include the server, or an
+<tt class="literal">invalid</tt> <tt class="literal">hosts</tt> option that does.
+Also test this with <em class="emphasis">testparm</em>.</p>
+</li><li>
+<p>A problem in authentication, such as if shadow passwords or the
+Password Authentication Module (PAM) is used on the server, but Samba
+is not compiled to use it. This is rare, but it occasionally happens
+when a SunOS 4 Samba binary (with no shadow passwords) is run without
+recompilation on a Solaris system (with shadow passwords).</p>
+</li><li>
+<p>The <tt class="literal">encrypted</tt> <tt class="literal">passwords</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> option is in the
+configuration file, but no password for your account is in the
+<em class="emphasis">smbpasswd</em> file.</p>
+</li><li>
+<p>You have a null password entry, either in Unix
+<em class="filename">/etc/passwd</em> or in the
+<em class="emphasis">smbpasswd</em> file.</p>
+</li><li>
+<p>You are connecting to <tt class="literal">[temp]</tt>, and you do not have
+the <tt class="literal">guest</tt> <tt class="literal">ok</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> option in the
+<tt class="literal">[temp]</tt> section of the
+<em class="emphasis">smb.conf</em> file.</p>
+</li><li>
+<p>You are connecting to <tt class="literal">[temp]</tt> before connecting to
+your home directory, and your guest account isn't
+set up correctly. If you can connect to your home directory and then
+connect to <tt class="literal">[temp]</tt>, that's the
+problem. See <a href="ch02.html">Chapter 2</a> for more information on
+creating a basic Samba configuration file.</p>
+
+<p>A bad guest account will also prevent you from printing or browsing
+until after you've logged in to your home directory.</p>
+</li></ul>
+<p>There is one more reason for this failure that has nothing at all to
+do with passwords: the <tt class="literal">path</tt> parameter in your
+<em class="filename">smb.conf</em> file might point somewhere that
+doesn't exist. This will not be diagnosed by
+<em class="emphasis">testparm</em>, and most SMB clients
+can't distinguish it from other types of bad user
+accounts. You will have to check it manually.</p>
+
+<p>Once you have connected to <tt class="literal">[temp]</tt> successfully,
+repeat the test, this time logging in to your home directory (e.g.,
+map network drive
+<em class="replaceable">server</em><tt class="literal">\davecb</tt>). If you
+have to change anything to get that to work, retest
+<tt class="literal">[temp]</tt> again afterward.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.5.4"/>
+
+<h3 class="head3">Testing connections with net use</h3>
+
+<p><a name="INDEX-63"/><a name="INDEX-64"/>Run the command
+<tt class="literal">net</tt> <tt class="literal">use</tt> <tt class="literal">*</tt>
+<tt class="literal">\</tt><em class="replaceable">server</em><tt class="literal">\temp</tt>
+on the Windows client to see if it can connect to the server. You
+should be prompted for a password, then receive the response
+<tt class="literal">The</tt> <tt class="literal">command</tt>
+<tt class="literal">was</tt> <tt class="literal">completed</tt>
+<tt class="literal">successfully</tt>.</p>
+
+<p>If that worked, continue with the steps in the next section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.5">Section 12.2.5.5</a>. Otherwise:</p>
+
+<ul><li>
+<p>If you get <tt class="literal">The</tt> <tt class="literal">specified</tt>
+<tt class="literal">shared</tt> <tt class="literal">directory</tt>
+<tt class="literal">cannot</tt> <tt class="literal">be</tt>
+<tt class="literal">found</tt>, or <tt class="literal">Cannot</tt>
+<tt class="literal">locate</tt> <tt class="literal">specified</tt>
+<tt class="literal">share</tt> <tt class="literal">name</tt>, the directory name
+is either misspelled or not in the <em class="emphasis">smb.conf</em>
+file. This message can also warn of a name that is in mixed case,
+including spaces, or that is longer than eight characters.</p>
+</li><li>
+<p>If you get <tt class="literal">The</tt> <tt class="literal">computer</tt>
+<tt class="literal">name</tt> <tt class="literal">specified</tt>
+<tt class="literal">in</tt> <tt class="literal">the</tt>
+<tt class="literal">network</tt> <tt class="literal">path</tt>
+<tt class="literal">cannot</tt> <tt class="literal">be</tt>
+<tt class="literal">located</tt> or <tt class="literal">Cannot</tt>
+<tt class="literal">locate</tt> <tt class="literal">specified</tt>
+<tt class="literal">computer</tt>, the directory name has been misspelled,
+the name service has failed, there is a networking problem, or the
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> option includes your
+host.</p>
+<ul><li>
+<p>If it is not a spelling mistake, you need to double back at least to
+<a href="ch12.html#samba2-CHP-12-SECT-2.5.3">Section 12.2.5.3</a> to
+investigate why it doesn't connect.</p>
+</li><li>
+<p>If <em class="emphasis">smbclient</em> does work, there is a name service
+problem with the client name service, and you need to go forward to
+<a href="ch12.html#samba2-CHP-12-SECT-2.6.2">Section 12.2.6.2</a> and see if
+you can look up both the client and server with
+<em class="emphasis">nmblookup</em>.</p>
+</li>
+</ul>
+</li>
+
+<li>
+<p>If you get <tt class="literal">The</tt> <tt class="literal">password</tt>
+<tt class="literal">is</tt> <tt class="literal">invalid</tt>
+<tt class="literal">for</tt> <tt class="literal">\server\username</tt>, your
+locally cached copy on the client doesn't match the
+one on the server. You will be prompted for a replacement.</p>
+
+<a name="samba2-CHP-12-NOTE-157"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Each Windows 95/98/Me client keeps a local
+<em class="emphasis">password</em> file, but it's really
+just a cached copy of the password it sends to Samba and NT/2000/XP
+servers to authenticate you. That's what is being
+prompted for here. You can still log on to a Windows system without a
+password (but not to NT/2000/XP).</p>
+</blockquote>
+
+<p>If you provide your password and it still fails, your password is not
+being matched on the server, you have a <tt class="literal">valid</tt>
+<tt class="literal">users</tt> or <tt class="literal">invalid</tt>
+<tt class="literal">users</tt> list denying you permission, NetBEUI is
+interfering, or the encrypted password problem described in the next
+paragraph exists.</p>
+</li><li>
+<p>If your client is Windows NT 4.0, NT 3.5 with Patch 3, Windows 95
+with Patch 3, Windows 98, any of these with Internet Explorer 4.0, or
+any subsequent version of Windows, the system will default to
+Microsoft encryption for passwords. In general, if you have installed
+a major Microsoft product on any of the older Windows versions, you
+might have applied an update and turned on encrypted passwords. If
+the client is defaulting to encrypted passwords, you will need to
+specify <tt class="literal">encrypt</tt> <tt class="literal">passwords</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> in your Samba
+configuration file if you are using a version of Samba prior to Samba
+3.0.</p>
+
+<a name="samba2-CHP-12-NOTE-158"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Because of Internet Explorer's willingness to honor
+URLs such as <em class="filename">file://somehost/somefile</em> by making
+SMB connections, clients up to and including Windows 95 Patch Level 2
+would happily send your password, in plain text, to SMB servers
+anywhere on the Internet. This was considered a bad idea, and
+Microsoft switched to using only encrypted passwords in the SMB
+protocol. All subsequent releases of Microsoft's
+products have included this correction.</p>
+</blockquote>
+</li>
+
+<li>
+<p>If you have a mixed-case password on Unix, the client is probably
+sending it in all one case. If changing your password to all one case
+works, this was the problem. Regrettably, all but the oldest clients
+support uppercase passwords, so Samba will try once with the password
+in uppercase and once in lowercase. If you wish to use mixed-case
+passwords, see the <tt class="literal">password</tt>
+<tt class="literal">level</tt> option in <a href="ch09.html">Chapter 9</a> for a
+workaround.</p>
+</li><li>
+<p>You might have a <tt class="literal">valid</tt> <tt class="literal">users</tt>
+problem, as tested with <em class="emphasis">smbclient</em> (see the
+earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.3">Section 12.2.5.3</a>).</p>
+</li><li>
+<p>You might have the NetBEUI protocol bound to the Microsoft client.
+This often produces long timeouts and erratic failures and is known
+to have caused failures to accept passwords in the past. Unless you
+absolutely need the NetBEUI protocol, remove it.</p>
+</li></ul>
+<a name="samba2-CHP-12-NOTE-159"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>The term &quot;bind&quot; is used here to
+mean connecting one piece of software to another. When configured
+correctly, the Microsoft SMB client is &quot;bound
+to&quot; TCP/IP in the bindings section of the TCP/IP
+properties panel under the Windows 95/98/Me Network icon in the
+Control Panel. TCP/IP in turn is bound to an Ethernet card. This is
+not the same sense of the word as binding an SMB daemon to a TCP/IP
+port.</p>
+</blockquote>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.5.5"/>
+
+<h3 class="head3">Testing connections with Windows Explorer</h3>
+
+<p><a name="INDEX-65"/><a name="INDEX-66"/>Start Windows Explorer
+(not Internet Explorer), select Map Network Drive from the Tools
+menu, and specify the UNC for one of your shares on the Samba server
+to see if you can make Explorer connect to it. If so,
+you've succeeded and can skip to the next section,
+<a href="ch12.html#samba2-CHP-12-SECT-2.6">Section 12.2.6</a>.</p>
+
+<p>Windows Explorer is a rather poor diagnostic tool: it tells you that
+something's wrong, but rarely what it is. If you get
+a failure, you'll need to track it down with the
+Windows <em class="emphasis">net use</em> command, which has far superior
+error reporting:</p>
+
+<ul><li>
+<p>If you get <tt class="literal">The</tt> <tt class="literal">password</tt>
+<tt class="literal">for</tt> <tt class="literal">this</tt>
+<tt class="literal">connection</tt> <tt class="literal">that</tt>
+<tt class="literal">is</tt> <tt class="literal">in</tt> <tt class="literal">your</tt>
+<tt class="literal">password</tt> <tt class="literal">file</tt>
+<tt class="literal">is</tt> <tt class="literal">no</tt> <tt class="literal">longer</tt>
+<tt class="literal">correct</tt>, you might have any of the following:</p>
+<ul><li>
+<p>Your locally cached copy on the client doesn't match
+the one on the server.</p>
+</li><li>
+<p>You didn't provide a username and password when
+logging on to the client. Some versions of Explorer will continue to
+send a null username and password, even if you provide a password.</p>
+</li><li>
+<p>You have misspelled the password.</p>
+</li><li>
+<p>You have an <tt class="literal">invalid</tt> <tt class="literal">users</tt> or
+<tt class="literal">valid</tt> <tt class="literal">users</tt> list denying
+permission.</p>
+</li><li>
+<p>Your client is defaulting to encrypted passwords, but Samba is
+configured with the <tt class="literal">encrypt</tt>
+<tt class="literal">passwords</tt> <tt class="literal">=</tt>
+<tt class="literal">no</tt> configuration file parameter.</p>
+</li><li>
+<p>You have a mixed-case password, which the client is supplying in all
+one case.</p>
+</li>
+</ul>
+</li>
+<li>
+<p>If you get <tt class="literal">The</tt> <tt class="literal">network</tt>
+<tt class="literal">name</tt> <tt class="literal">is</tt>
+<tt class="literal">either</tt> <tt class="literal">incorrect</tt>,
+<tt class="literal">or</tt> <tt class="literal">a</tt> <tt class="literal">network</tt>
+<tt class="literal">to</tt> <tt class="literal">which</tt> <tt class="literal">you</tt>
+<tt class="literal">do</tt> <tt class="literal">not</tt> <tt class="literal">have</tt>
+<tt class="literal">full</tt> <tt class="literal">access</tt>, or
+<tt class="literal">Cannot</tt> <tt class="literal">locate</tt>
+<tt class="literal">specified</tt> <tt class="literal">computer</tt>, you might
+have any of the following:</p>
+<ul><li>
+<p>Misspelled name</p>
+</li><li>
+<p>Malfunctioning service</p>
+</li><li>
+<p>Failed share</p>
+</li><li>
+<p>Networking problem</p>
+</li><li>
+<p>Bad <tt class="literal">path</tt> parameter in
+<em class="filename">smb.conf</em></p>
+</li><li>
+<p><tt class="literal">hosts</tt> <tt class="literal">deny</tt> line that excludes
+you</p>
+</li>
+</ul>
+</li>
+<li>
+<p>If you get <tt class="literal">You</tt> <tt class="literal">must</tt>
+<tt class="literal">supply</tt> <tt class="literal">a</tt>
+<tt class="literal">password</tt> <tt class="literal">to</tt>
+<tt class="literal">make</tt> <tt class="literal">this</tt>
+<tt class="literal">connection</tt>, the password on the client is out of
+synchronization with the server, or this is the first time
+you've tried from this client system and the client
+hasn't cached it locally yet.</p>
+</li><li>
+<p>If you get <tt class="literal">Cannot</tt> <tt class="literal">locate</tt>
+<tt class="literal">specified</tt> <tt class="literal">share</tt>
+<tt class="literal">name</tt>, you have a wrong share name or a syntax
+error in specifying it, a share name longer than eight characters, or
+one containing spaces or in mixed case.</p>
+</li></ul>
+<p>Once you can reliably connect to the share, try again, this time
+using your home directory. If you have to change something to get
+home directories working, retest with the first share, and vice
+versa, as we showed in the earlier section, &quot;Testing
+connections with net use.&quot; As always, if Explorer
+fails, drop back to that section and debug the connection there.
+<a name="INDEX-67"/><a name="INDEX-68"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-2.6"/>
+
+<h3 class="head2">Troubleshooting Browsing</h3>
+
+<p><a name="INDEX-69"/><a name="INDEX-70"/>Finally, we
+come to browsing. We've left this for last, not
+because it is the most difficult, but because it's
+both optional and partially dependent on a protocol that
+doesn't guarantee delivery of a packet. Browsing is
+hard to diagnose if you don't already know that all
+the other services are running.</p>
+
+<p>Browsing is purely optional: it's just a way to find
+the servers on your network and the shares that they provide. Unix
+has nothing of the sort and happily does without. Browsing also
+assumes all your systems are on a local area network (LAN) where
+broadcasts are allowable.</p>
+
+<p>First, the browsing mechanism identifies a system using the
+unreliable UDP protocol; it then makes a normal (reliable) TCP/IP
+connection to list the shares the system provides.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.1"/>
+
+<h3 class="head3">Testing browsing with smbclient</h3>
+
+<p><a name="INDEX-71"/><a name="INDEX-72"/>We'll start with
+testing the reliable connection first. From the server, try listing
+its own shares using <em class="emphasis">smbclient</em> with a
+<tt class="literal">-L</tt> option and your server's name.
+You should get something resembling the following:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L server</b></tt>
+Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Server
+time is Tue Apr 28 09:57:28 2002 Timezone is UTC-4.0
+Password:
+Domain=[EXAMPLE] OS=[Unix] Server=[Samba 2.2.5]
+
+ Sharename Type Comment
+ --------- ---- -------
+ cdrom Disk CD-ROM
+ cl Printer Color Printer 1
+ davecb Disk Home Directories
+
+ Server Comment
+ --------- -------
+ SERVER Samba 2.2.5
+
+ Workgroup Master
+ --------- -------
+ EXAMPLE SERVER</pre></blockquote>
+
+<ul><li>
+<p>If you didn't get a Sharename list, the server is
+not allowing you to browse any shares. This should not be the case if
+you've tested any of the shares with Windows
+Explorer or the <em class="emphasis">net use</em> command. If you
+haven't done the <tt class="literal">smbclient</tt>
+<tt class="literal">-L</tt> <tt class="literal">localhost</tt>
+<tt class="literal">-U%</tt> test yet (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>), do it now. An erroneous
+guest account can prevent the shares from being seen. Also, check the
+<em class="filename">smb.conf</em> file to make sure you do not have the
+option <tt class="literal">browsable</tt> <tt class="literal">=</tt>
+<tt class="literal">no</tt> anywhere in it: we suggest using a minimal
+<em class="filename">smb.conf</em> file (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.1">Section 12.2.5.1</a>). You need to have
+<tt class="literal">browsable</tt> enabled (which is the default) to see
+the share.</p>
+</li><li>
+<p>If you didn't get a browse list, the server is not
+providing information about the systems on the network. At least one
+system on the net must support browse lists. Make sure you have
+<tt class="literal">local</tt> <tt class="literal">master</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> in the
+<em class="filename">smb.conf</em> file if you want Samba to be the local
+master browser.</p>
+</li><li>
+<p>If you got a browse list but didn't get
+<em class="emphasis">/tmp</em>, you probably have a
+<em class="filename">smb.conf</em> problem. Go back to <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>.</p>
+</li><li>
+<p>If you didn't get a workgroup list with your
+workgroup name in it, it is possible that your workgroup is set
+incorrectly in the <em class="filename">smb.conf</em> file.</p>
+</li><li>
+<p>If you didn't get a workgroup list at all, ensure
+that <tt class="literal">workgroup</tt> <tt class="literal">=</tt>
+<tt class="literal">EXAMPLE</tt> is present in the
+<em class="filename">smb.conf</em> file.</p>
+</li><li>
+<p>If you get nothing, try once more with the options
+<tt class="literal">-I</tt> <em class="emphasis">ip_address</em>
+<tt class="literal">-n</tt> <em class="emphasis">netbios_name</em>
+<tt class="literal">-W</tt> <em class="emphasis">workgroup</em>
+<tt class="literal">-d3</tt> with the NetBIOS and workgroup name in
+uppercase. (The <tt class="literal">-d3</tt> option sets the log /debugging
+level to 3.) Then check the Samba logs for clues.</p>
+</li></ul>
+<p>If you're still getting nothing, you
+shouldn't have gotten this far; double back to at
+least <a href="ch12.html#samba2-CHP-12-SECT-2.3.1">Section 12.2.3.1</a>, or perhaps
+<a href="ch12.html#samba2-CHP-12-SECT-2.2.4">Section 12.2.2.4</a>. On the other hand:</p>
+
+<ul><li>
+<p>If you get <tt class="literal">SMBtconX</tt> <tt class="literal">failed</tt>.
+<tt class="literal">ERRSRV--ERRaccess</tt>, you aren't
+permitted access to the server. This normally means you have a
+<tt class="literal">hosts</tt> <tt class="literal">allow</tt> option that
+doesn't include the server or a
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> option that does.</p>
+</li><li>
+<p>If you get <tt class="literal">Bad</tt> <tt class="literal">password</tt>, you
+presumably have one of the following:</p>
+<ul><li>
+<p>An incorrect <tt class="literal">hosts</tt> <tt class="literal">allow</tt> or
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> line</p>
+</li><li>
+<p>An incorrect <tt class="literal">invalid</tt> <tt class="literal">users</tt> or
+<tt class="literal">valid</tt> <tt class="literal">users</tt> line</p>
+</li><li>
+<p>A lowercase password and OS/2 or Windows for Workgroups clients</p>
+</li><li>
+<p>A missing or invalid guest account</p>
+</li></ul>
+<p>Check what your guest account is (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>), change or comment out any
+<tt class="literal">hosts</tt> <tt class="literal">allow</tt>,
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt>,
+<tt class="literal">valid</tt> <tt class="literal">users</tt>, or
+<tt class="literal">invalid</tt> <tt class="literal">users</tt> lines, and verify
+your <em class="filename">smb.conf</em> file with
+<tt class="literal">testparm</tt> <tt class="literal">smb.conf</tt>
+<em class="replaceable">your_hostname your_ip_address</em> (see the
+earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>).</p>
+</li><li>
+<p>If you get <tt class="literal">Connection</tt> <tt class="literal">refused</tt>,
+the <em class="emphasis">smbd</em> server is not running or has crashed.
+Check that it's up, running, and listening to the
+network with <em class="emphasis">netstat</em>. See the earlier section,
+<a href="ch12.html#samba2-CHP-12-SECT-2.4">Section 12.2.4</a>.</p>
+</li><li>
+<p>If you get <tt class="literal">Get_Hostbyname</tt>:
+<tt class="literal">Unknown</tt> <tt class="literal">host</tt>
+<tt class="literal">name</tt>, you've made a spelling
+error, there is a mismatch between the Unix and NetBIOS hostname, or
+there is a name service problem. Start name service debugging as
+discussed in the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.4">Section 12.2.5.4</a>. If this works, suspect a
+name mismatch, and go to the later section, <a href="ch12.html#samba2-CHP-12-SECT-2.9">Section 12.2.9</a>.</p>
+</li><li>
+<p>If you get <tt class="literal">Session</tt> <tt class="literal">request</tt>
+<tt class="literal">failed</tt>, the server refused the connection. This
+usually indicates an internal error, such as insufficient memory to
+fork a process.</p>
+</li><li>
+<p>If you get <tt class="literal">Your</tt> <tt class="literal">server</tt>
+<tt class="literal">software</tt> <tt class="literal">is</tt>
+<tt class="literal">being</tt> <tt class="literal">unfriendly</tt>, the initial
+session request packet received a garbage response from the server.
+The server might have crashed or started improperly. Go back to <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>, where the
+problem is first analyzed.</p>
+</li><li>
+<p>If you suspect the server is not running, go back to
+<a href="ch12.html#samba2-CHP-12-SECT-2.4.2">Section 12.2.4.2</a> to see why the server
+daemon isn't responding.</p>
+</li></ul>
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.2"/>
+
+<h3 class="head3">Testing the server with nmblookup</h3>
+
+<p><a name="INDEX-73"/><a name="INDEX-74"/>This will test the
+&quot;advertising&quot; system used for
+Windows name services and browsing. Advertising works by broadcasting
+one's presence or willingness to provide services.
+It is the part of browsing that uses an unreliable protocol (UDP) and
+works only on broadcast networks such as Ethernets. The
+<em class="emphasis">nmblookup</em> program broadcasts name queries for
+the hostname you provide and returns its IP address and the name of
+the system, much as <em class="emphasis">nslookup</em> does with DNS.
+Here, the <em class="emphasis">-d</em> (debug or log-level) and
+<em class="emphasis">-B</em> (broadcast address) options direct queries to
+specific systems.</p>
+
+<p>First, we check the server from itself. Run
+<em class="emphasis">nmblookup</em> with a <em class="emphasis">-B</em> option
+of your server's name (to tell it to send the query
+to the Samba server) and a parameter of <tt class="literal">_ _SAMBA_
+_</tt> as the symbolic name to look up. You should get:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>nmblookup -B server _ _SAMBA_ _</b></tt>
+Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0
+Sending queries to 192.168.236.86 192.168.236.86 _ _SAMBA_ _</pre></blockquote>
+
+<p>You should get the IP address of the server, followed by the name
+<tt class="literal">_ _SAMBA_ _</tt> , which means that the server has
+successfully advertised that it has a service called <tt class="literal">_
+_SAMBA_ _</tt> , and therefore at least part of NetBIOS name
+service works.</p>
+
+<ul><li>
+<p>If you get <tt class="literal">Name_query</tt> <tt class="literal">failed</tt>
+<tt class="literal">to</tt> <tt class="literal">find</tt> <tt class="literal">name</tt>
+<tt class="literal">_ _SAMBA_ _</tt>, you might have specified the server
+name to the <em class="emphasis">-B</em> option, or
+<em class="emphasis">nmbd</em> is not running. The <em class="emphasis">-B</em>
+option actually takes a broadcast address: we're
+using a computer name to get a unicast address and to ask the server
+if it has claimed <tt class="literal">_ _SAMBA_ _</tt>. Try again with
+<tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
+<em class="replaceable">ip_address</em>, and if that fails too,
+<em class="emphasis">nmbd</em> isn't claiming the name.
+Go back briefly to the earlier section, &quot;Testing
+daemons with testparm,&quot; to see if
+<em class="emphasis">nmbd</em> is running. If so, it might not be claiming
+names; this means that Samba is not providing the browsing
+service&mdash;a configuration problem. If that is the case, make sure
+that <em class="filename">smb.conf</em> doesn't contain
+the option <tt class="literal">browsing</tt> <tt class="literal">=</tt>
+<tt class="literal">no</tt>.</p>
+</li></ul>
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.3"/>
+
+<h3 class="head3">Testing the client with nmblookup</h3>
+
+<p><a name="INDEX-75"/><a name="INDEX-76"/>Next, check the IP address of the
+client from the server with <em class="emphasis">nmblookup</em> using the
+<tt class="literal">-B</tt> option for the client's name
+and a parameter of '<tt class="literal">*</tt>' meaning
+&quot;anything,&quot; as shown here:</p>
+
+<blockquote><pre class="code">$ <b class="emphasis-bold">nmblookup -B client '*</b>'
+Sending queries to 192.168.236.10 192.168.236.10 *
+Got a positive name query response from 192.168.236.10 (192.168.236.10)</pre></blockquote>
+
+<p>You might get the following error:</p>
+
+<ul><li>
+<p>If you receive <tt class="literal">Name-query</tt>
+<tt class="literal">failed</tt> <tt class="literal">to</tt>
+<tt class="literal">find</tt> <tt class="literal">name</tt> <tt class="literal">*</tt>,
+you have made a spelling mistake, or the client software on the PC
+isn't installed, started, or bound to TCP/IP. Double
+back to <a href="ch03.html">Chapter 3</a> and ensure that you have a
+client installed that is listening to the network.</p>
+</li></ul>
+<p>Repeat the command with the following options if you had any failures:</p>
+
+<ul><li>
+<p>If <tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
+<em class="replaceable">client_IP_address</em> succeeds but
+<tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
+<em class="replaceable">client_name</em> fails, there is a name service
+problem with the client's name; go to <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this chapter.</p>
+</li><li>
+<p>If <tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
+<tt class="literal">127.0.0.1</tt> '<tt class="literal">*</tt>' succeeds, but
+<tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
+<em class="replaceable">client_IP_address</em> fails, there is a
+hardware problem, and <em class="emphasis">ping</em> should have failed.
+See your network manager.</p>
+</li></ul>
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.4"/>
+
+<h3 class="head3">Testing the network with nmblookup</h3>
+
+<p><a name="INDEX-77"/><a name="INDEX-78"/>Run the command
+<em class="emphasis">nmblookup</em> again with a <em class="emphasis">-d2</em>
+option (for a debug level of 2) and a parameter of
+'<tt class="literal">*</tt>'. This time we are testing the ability of
+programs (such as <em class="emphasis">nmbd</em> ) to use broadcast.
+It's essentially a connectivity test, done via a
+broadcast to the default broadcast address.</p>
+
+<p>A number of NetBIOS over TCP/IP hosts on the network should respond
+with <tt class="literal">got</tt> <tt class="literal">a</tt>
+<tt class="literal">positive</tt> <tt class="literal">name</tt>
+<tt class="literal">query</tt> <tt class="literal">response</tt> messages. Samba
+might not catch all the responses in the short time it listens, so
+you won't always see all the SMB clients on the
+network. However, you should see most of them:</p>
+
+<blockquote><pre class="code">$ <b class="emphasis-bold">nmblookup -d 2 '*</b>'
+Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Sending
+queries to 192.168.236.255
+Got a positive name query response from 192.168.236.191 (192.168.236.191)
+Got a positive name query response from 192.168.236.228 (192.168.236.228)
+Got a positive name query response from 192.168.236.75 (192.168.236.75)
+Got a positive name query response from 192.168.236.79 (192.168.236.79)
+Got a positive name query response from 192.168.236.206 (192.168.236.206)
+Got a positive name query response from 192.168.236.207 (192.168.236.207)
+Got a positive name query response from 192.168.236.217 (192.168.236.217)
+Got a positive name query response from 192.168.236.72 (192.168.236.72) 192.168.236.86 *</pre></blockquote>
+
+<p>However:</p>
+
+<ul><li>
+<p>If this doesn't give at least the client address you
+previously tested, the default broadcast address is wrong. Try
+<tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
+<tt class="literal">255.255.255.255</tt> <tt class="literal">-d</tt>
+<tt class="literal">2</tt> '<tt class="literal">*</tt>', which is a last-ditch
+variant (using a broadcast address of all 1s). If this draws
+responses, the broadcast address you've been using
+before is wrong. Troubleshooting these is discussed in <a href="ch12.html#samba2-CHP-12-SECT-2.8.2">Section 12.2.8.2</a>, later in this
+chapter.</p>
+</li><li>
+<p>If the address 255.255.255.255 fails too, check your notes to see if
+your PC and server are on different subnets, as discovered in the
+earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.2.4">Section 12.2.2.4</a>. You
+should try to diagnose this step with a server and client on the same
+subnet, but if you can't, you can try specifying the
+remote subnet's broadcast address with
+<em class="emphasis">-B</em>. Finding that address is discussed in <a href="ch12.html#samba2-CHP-12-SECT-2.8.2">Section 12.2.8.2</a>, later in this
+chapter. The <em class="emphasis">-B</em> option will work if your router
+supports directed broadcasts; if it doesn't, you
+might be forced to test with a client on the same network.</p>
+</li></ul>
+<p>As usual, you can check the Samba log files for additional clues.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.5"/>
+
+<h3 class="head3">Testing client browsing with net view</h3>
+
+<p><a name="INDEX-79"/><a name="INDEX-80"/>On the client, run the
+command <em class="replaceable">net view \\server</em> in an MS-DOS
+(command prompt) window to see if you can connect to the client and
+ask what shares it provides. You should get back a list of available
+shares on the server.</p>
+
+<p>If this works, continue with the later section <a href="ch12.html#samba2-CHP-12-SECT-3.1">Section 12.3.1</a>. Otherwise:</p>
+
+<ul><li>
+<p>If you get <tt class="literal">Network</tt> <tt class="literal">name</tt>
+<tt class="literal">not</tt> <tt class="literal">found</tt> for the name you just
+tested in the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.6.3">Section 12.2.6.3</a>, there is a problem with the
+client software itself. Double-check this by running
+<em class="emphasis">nmblookup</em> on the client; if it works and
+<em class="emphasis">net view</em> doesn't, the client is
+at fault.</p>
+</li><li>
+<p>If <em class="emphasis">nmblookup</em> fails, there is a NetBIOS name
+service problem, as discussed in the later section, <a href="ch12.html#samba2-CHP-12-SECT-2.9">Section 12.2.9</a>.</p>
+</li><li>
+<p>If you get <tt class="literal">You</tt> <tt class="literal">do</tt>
+<tt class="literal">not</tt> <tt class="literal">have</tt> <tt class="literal">the</tt>
+<tt class="literal">necessary</tt> <tt class="literal">access</tt>
+<tt class="literal">rights</tt>, or <tt class="literal">This</tt>
+<tt class="literal">server</tt> <tt class="literal">is</tt>
+<tt class="literal">not</tt> <tt class="literal">configured</tt>
+<tt class="literal">to</tt> <tt class="literal">list</tt>
+<tt class="literal">shared</tt> <tt class="literal">resources</tt>, either your
+guest account is misconfigured (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>) or you have a
+<tt class="literal">hosts</tt> <tt class="literal">allow</tt> or
+<tt class="literal">hosts</tt> <tt class="literal">deny</tt> line that prohibits
+connections from your system. These problems should have been
+detected by the <em class="emphasis">smbclient</em> tests starting in the
+earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.6.1">Section 12.2.6.1</a>.</p>
+</li><li>
+<p>If you get <tt class="literal">The</tt> <tt class="literal">specified</tt>
+<tt class="literal">computer</tt> <tt class="literal">is</tt>
+<tt class="literal">not</tt> <tt class="literal">receiving</tt>
+<tt class="literal">requests</tt>, you have misspelled the name, the system
+is unreachable by broadcast (tested in the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.6.4">Section 12.2.6.4</a>), or it's
+not running <em class="emphasis">nmbd</em>.</p>
+</li><li>
+<p>If you get <tt class="literal">Bad</tt> <tt class="literal">password</tt>
+<tt class="literal">error</tt>, you're probably
+encountering the Microsoft-encrypted password problem, as discussed
+earlier in this chapter and in <a href="ch09.html">Chapter 9</a>, with its
+corrections.</p>
+</li></ul>
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.6"/>
+
+<h3 class="head3">Browsing the server from the client</h3>
+
+<p><a name="INDEX-81"/><a name="INDEX-82"/>From the Windows Network
+Neighborhood (or My Network Places in newer releases), try to browse
+the server. Your Samba server should appear in the browse list of
+your local workgroup. You should be able to double-click the name of
+the server to get a list of shares.</p>
+
+<ul><li>
+<p>If you get an <tt class="literal">Invalid</tt> <tt class="literal">password</tt>
+error, it's most likely the encryption problem
+again.</p>
+</li><li>
+<p>If you receive an <tt class="literal">Unable</tt> <tt class="literal">to</tt>
+<tt class="literal">browse</tt> <tt class="literal">the</tt>
+<tt class="literal">network</tt> error, one of the following has occurred:</p>
+<ul><li>
+<p>You have looked too soon, before the broadcasts and updates have
+completed. Wait 30 seconds and try again.</p>
+</li><li>
+<p>There is a network problem you've not yet diagnosed.</p>
+</li><li>
+<p>There is no browse master. Add the configuration option
+<tt class="literal">local</tt> <tt class="literal">master</tt>
+<tt class="literal">=</tt> <tt class="literal">yes</tt> to your
+<em class="emphasis">smb.conf</em> file.</p>
+</li><li>
+<p>No shares are made browsable in the <em class="emphasis">smb.conf</em>
+file.</p>
+</li></ul>
+</li>
+<li>
+<p>If you receive the message <tt class="literal">\\server</tt>
+<tt class="literal">is</tt> <tt class="literal">not</tt>
+<tt class="literal">accessible</tt> then:</p>
+<ul><li>
+<p>You have the encrypted password problem.</p>
+</li><li>
+<p>The system really isn't accessible.</p>
+</li><li>
+<p>The system doesn't support browsing.</p>
+</li></ul>
+</li>
+</ul>
+
+<p>If you've made it this far and the problem is not
+yet solved, either the problem is one we've not yet
+seen, or it is a problem related to a topic we have already covered,
+and further analysis is required. Name resolution is often related to
+difficulties with Samba, so we cover it in more detail in the next
+sections. If you know your problem is not related to name resolution,
+skip to the <a href="ch12.html#samba2-CHP-12-SECT-3">Section 12.3</a> at the end of the chapter. <a name="INDEX-83"/><a name="INDEX-84"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-2.7"/>
+
+<h3 class="head2">Troubleshooting Name Services</h3>
+
+<p><a name="INDEX-85"/><a name="INDEX-86"/>This
+section looks at simple troubleshooting of all the name services
+you'll encounter, but only for the common problems
+that affect Samba.</p>
+
+<p>There are several good references for troubleshooting particular name
+services: Paul <a name="INDEX-87"/>Albitz and Cricket <a name="INDEX-88"/>Liu's <em class="emphasis">DNS and
+Bind</em> (O'Reilly) covers the DNS, Hal
+<a name="INDEX-89"/>Stern's <em class="emphasis">NFS and
+NIS</em> (O'Reilly) covers NIS
+(&quot;Yellow pages&quot;), while Windows
+Internet Name Service (WINS), <em class="filename">hosts/LMHOSTS</em>
+files, and NIS+ are best covered by their respective
+vendors' manuals.</p>
+
+<p>The problems addressed in this section are as follows:</p>
+
+<ul><li>
+<p>Name services are identified.</p>
+</li><li>
+<p>A hostname can't be looked up.</p>
+</li><li>
+<p>The long (FQDN) form of a hostname works but the short form
+doesn't.</p>
+</li><li>
+<p>The short form of the name works, but the long form
+doesn't.</p>
+</li><li>
+<p>A long delay occurs before the expected result.</p>
+</li></ul>
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.7.1"/>
+
+<h3 class="head3">Identifying what's in use</h3>
+
+<p><a name="INDEX-90"/>First, see if both the
+server and the client are using DNS, WINS, NIS, or
+<em class="filename">hosts</em> files to look up IP addresses when you
+give them a name. Each kind of system has a different preference:</p>
+
+<ul><li>
+<p>Windows 95/98/Me tries WINS and the <em class="filename">LMHOSTS</em> file
+first, then broadcast, and finally DNS and <em class="filename">HOSTS</em>
+files.</p>
+</li><li>
+<p>Windows NT/2000/XP tries WINS, then broadcast, then the
+<em class="filename">LMHOSTS</em> file, and finally
+<em class="filename">HOSTS</em> and DNS.</p>
+</li><li>
+<p>Windows programs using the WINSOCK standard use the HOSTS file, DNS,
+WINS, and then broadcast. Don't assume that if a
+different program's name service works, the SMB
+client program's name service will!</p>
+</li><li>
+<p>Samba daemons use <em class="filename">lmhosts</em>, WINS, the Unix
+system's name resolution, and then broadcast.</p>
+</li><li>
+<p>Unix systems can be configured to use any combination of DNS,
+<em class="filename">HOSTS</em> files, NIS or NIS+, and winbind, generally
+in any order.</p>
+</li></ul>
+<p>We recommend that the client systems be configured to use WINS and
+DNS, the Samba daemons to use WINS and DNS, and the Unix server to
+use DNS, <em class="filename">hosts</em> files, and perhaps NIS+.
+You'll have to look at your notes and the actual
+systems to see which is in use.</p>
+
+<p>On the clients, the name services are all set in the TCP/IP
+Properties panel of the Networking Control Panel, as discussed in
+<a href="ch03.html">Chapter 3</a>. You might need to check there to see
+what you've actually turned on. On the server, see
+if a <em class="filename">/etc/resolv.conf</em> file exists. If it does,
+you're using DNS. You might be using the others as
+well, though. You'll need to check for NIS and
+combinations of services.</p>
+
+<p>Check for a <em class="filename">/etc/nsswitch.conf</em> file on Solaris
+and other System V Unix operating systems. If you have one, look for
+a line that begins with <tt class="literal">host</tt>: followed by one or
+more of <tt class="literal">files</tt>, <tt class="literal">bind</tt>,
+<tt class="literal">nis</tt>, or <tt class="literal">nis+</tt>. These are the
+name services to use, in order, with optional extra material in
+square brackets. The <tt class="literal">files</tt> keyword is for
+using <em class="emphasis">HOSTS</em> files, while <tt class="literal">bind</tt>
+(the Berkeley Internet Name Daemon) refers to using DNS.</p>
+
+<p>If the client and server differ, the first thing to do is to get them
+in sync. Clients can use DNS, WINS, <em class="emphasis">HOSTS</em>, and
+<em class="emphasis">LMHOSTS</em> files, but not NIS or NIS+. Servers can
+use <em class="emphasis">HOSTS</em> and <em class="filename">LMHOSTS</em>
+files, DNS, NIS or NIS+, and winbind, but not WINS&mdash;even if your
+Samba server provides WINS services. If you can't
+get all the systems to use the same services, you'll
+have to check the server and the client carefully for the same data.</p>
+
+<p>You can also make use of the <em class="emphasis">-R</em> (resolve order)
+option for <em class="emphasis">smbclient</em>. If you want to
+troubleshoot WINS, for example, you'd say:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L </b></tt><em class="replaceable">server</em> <tt class="userinput"><b>-R wins</b></tt></pre></blockquote>
+
+<p>The possible settings are <tt class="literal">hosts</tt> (which means
+whatever the Unix system is using, not just<em class="filename">
+/etc/hosts</em> files), <tt class="literal">lmhosts</tt>,
+<tt class="literal">wins</tt>, and <tt class="literal">bcast</tt> (broadcast).</p>
+
+<p>In the following sections, we use the term <em class="emphasis">long
+name</em> for a fully qualified domain name (FQDN), such as
+<tt class="literal">server.example.com</tt> , and the term <em class="emphasis">short
+name</em> for the host part of an FQDN, such as
+<tt class="literal">server</tt>.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.7.2"/>
+
+<h3 class="head3">Cannot look up hostnames</h3>
+
+<p><a name="INDEX-91"/>Try the
+following:</p>
+
+<dl>
+<dt><b>DNS</b></dt>
+<dd>
+<p>Run <tt class="literal">nslookup</tt> <em class="replaceable">name</em>. If
+this fails, look for a <em class="filename">resolv.conf</em> error, a
+downed DNS server, or a short/long name problem (see the next
+section). Try the following:</p>
+
+
+<ul><li>
+<p>Your <em class="filename">/etc/resolv.conf</em> file should contain one or
+more <tt class="literal">nameserver</tt> lines, each with an IP address.
+These are the addresses of your DNS servers.</p>
+</li><li>
+<p>Ping each server address you find. If this fails for one, suspect the
+system. If it fails for each, suspect your network.</p>
+</li><li>
+<p>Retry the lookup using the full domain name (e.g.,
+<tt class="literal">server.example.com</tt>) if you tried the short name
+first, or the short name if you tried the long name first. If results
+differ, skip to the next section.</p>
+</li></ul>
+</dd>
+
+
+
+<dt><b>Broadcast/ WINS</b></dt>
+<dd>
+<p>Broadcast/ WINS does only short names such as
+<tt class="literal">server</tt>, and not long ones, such as
+<tt class="literal">server.example.com</tt>. Run
+<tt class="literal">nmblookup</tt> <tt class="literal">-S</tt>
+<em class="replaceable">server</em>. This reports everything broadcast
+has registered for the name. In our example, it looks like this:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>nmblookup -S server</b></tt>
+Looking up status of 192.168.236.86
+received 10 names
+ SERVER &lt;00&gt; - M &lt;ACTIVE&gt;
+ SERVER &lt;03&gt; - M &lt;ACTIVE&gt;
+ SERVER &lt;1f&gt; - M &lt;ACTIVE&gt;
+ SERVER &lt;20&gt; - M &lt;ACTIVE&gt;
+ ..__MSBROWSE__. &lt;01&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;
+ MYGROUP &lt;00&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;
+ MYGROUP &lt;1b&gt; - M &lt;ACTIVE&gt;
+ MYGROUP &lt;1c&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;
+ MYGROUP &lt;1d&gt; - M &lt;ACTIVE&gt;
+ MYGROUP &lt;1e&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;</pre></blockquote>
+
+<p>The required entry is <tt class="literal">SERVER</tt>
+<tt class="literal">&lt;00&gt;</tt>, which identifies
+<em class="replaceable">server</em> as being this
+system's NetBIOS name. You should also see your
+workgroup mentioned one or more times. If these lines are missing,
+Broadcast/WINS cannot look up names and will need attention.</p>
+
+<a name="samba2-CHP-12-NOTE-160"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>The numbers in angle brackets in the previous output identify NetBIOS
+names as being workgroups, workstations, and file users of the
+messenger service, master browsers, domain master browsers, domain
+controllers, and a plethora of others. We primarily use
+<tt class="literal">&lt;00&gt;</tt> to identify system and workgroup names
+and <tt class="literal">&lt;20&gt;</tt> to identify systems as servers. The
+complete list is available at <a href="http://support.microsoft.com/support/kb/articles/q163/4/09.asp">http://support.microsoft.com/support/kb/articles/q163/4/09.asp</a>.</p>
+</blockquote>
+</dd>
+
+
+
+<dt><b>NIS</b></dt>
+<dd>
+<p>Try <tt class="literal">ypmatch</tt> <tt class="literal">name</tt>
+<tt class="literal">hosts</tt>. If this fails, NIS is down. Find out the
+NIS server's name by running
+<em class="emphasis">ypwhich</em>, and ping the system to see if
+it's accessible.</p>
+</dd>
+
+
+
+<dt><b>NIS+</b></dt>
+<dd>
+<p>If you're running NIS+, try
+<tt class="literal">nismatch</tt> <tt class="literal">name</tt>
+<tt class="literal">hosts</tt>. If this fails, NIS is down. Find out the
+NIS+ server's name by running
+<em class="emphasis">niswhich</em>, and ping that system to see if
+it's accessible.</p>
+</dd>
+
+
+
+<dt><b>hosts and HOSTS files</b></dt>
+<dd>
+<p>Inspect the <em class="filename">HOSTS</em> file on the client
+(<em class="filename">C:\Windows\ Hosts</em> on Windows 95/98/Me, and
+<em class="filename">C:\WINNT \system32\drivers\etc\hosts</em> on Windows
+NT/2000/XP). Each line should have an IP number and one or more
+names, the primary name first, then any optional aliases. An example
+follows:</p>
+
+
+<blockquote><pre class="code">127.0.0.1 localhost
+192.168.236.1 dns.svc.example.com
+192.168.236.10 client.example.com client
+192.168.236.11 backup.example.com loghost
+192.168.236.86 server.example.com server
+192.168.236.254 router.svc.example.com</pre></blockquote>
+
+<p>On Unix, <tt class="literal">localhost</tt> should always be 127.0.0.1,
+although it might be just an alias for a hostname on the PC. On the
+client, check that there are no <tt class="literal">#XXX</tt> directives at
+the ends of the lines; these are LAN Manager/NetBIOS directives and
+should appear only in <em class="emphasis">LMHOSTS</em> files.</p>
+</dd>
+
+
+
+<dt><b>LMHOSTS files</b></dt>
+<dd>
+<p>This file is a local source for LAN Manager (NetBIOS) names. It has a
+format similar to <em class="filename">hosts</em> files, but it does not
+support long-form domain names (e.g.,
+<tt class="literal">server.example.com</tt>) and can have a number of
+optional <tt class="literal">#XXX</tt> directives following the NetBIOS
+names. There is usually an <em class="emphasis">lmhosts.sam</em> (for
+sample) file located in <em class="filename">C:\Windows</em> on Windows
+95/98/Me, and in <em class="filename">C:\WINNT\system32\drivers\etc</em>
+on Windows NT/2000/XP, but it's not used unless it
+is renamed to <em class="emphasis">Lmhosts</em> in the same directory.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.7.3"/>
+
+<h3 class="head3">Long and short hostnames</h3>
+
+<p><a name="INDEX-92"/>Where the long (FQDN) form of a hostname
+works but the short name doesn't (for example,
+<tt class="literal">client.example.com</tt> works but
+<tt class="literal">client</tt> doesn't), consider the
+following:</p>
+
+<dl>
+<dt><b>DNS </b></dt>
+<dd>
+<p>This usually indicates that there is no default domain in which to
+look up the short names. Look for a <tt class="literal">default</tt> line
+in <em class="filename">/etc/resolv.conf</em> on the Samba server with
+your domain in it, or look for a <tt class="literal">search</tt> line with
+one or more domains in it. One or the other might need to be present
+to make short names usable; which one depends on the vendor and
+version of the DNS resolver. Try adding <tt class="literal">domain</tt>
+<em class="replaceable">your_domain</em> to
+<em class="filename">resolv.conf</em>, and ask your network or DNS
+administrator what should be in the file.</p>
+</dd>
+
+
+
+<dt><b>Broadcast/WINS </b></dt>
+<dd>
+<p>Broadcast/WINS doesn't support long names; it
+won't suffer from this problem.</p>
+</dd>
+
+
+
+<dt><b>NIS </b></dt>
+<dd>
+<p>Try the command <tt class="literal">ypmatch</tt>
+<em class="replaceable">hostname</em> <tt class="literal">hosts</tt>. If you
+don't get a match, your tables
+don't include short names. Speak to your network
+manager; short names might be missing by accident or might be
+unsupported as a matter of policy. Some sites don't
+ever use (ambiguous) short names.</p>
+</dd>
+
+
+
+<dt><b>NIS+</b></dt>
+<dd>
+<p>Try <tt class="literal">nismatch</tt> <em class="replaceable">hostname</em>
+<tt class="literal">hosts</tt>, and treat failure exactly as with NIS.</p>
+</dd>
+
+
+
+<dt><b>hosts </b></dt>
+<dd>
+<p>If the short name is not in <em class="filename">/etc/hosts</em>, consider
+adding it as an alias. Avoid, if you can, short names as primary
+names (the first one on a line). Have them as aliases if your system
+permits.</p>
+</dd>
+
+
+
+<dt><b>LMHOSTS </b></dt>
+<dd>
+<p>LAN Manager doesn't support long names, so it
+won't suffer from this problem.</p>
+</dd>
+
+</dl>
+
+<p>On the other hand, if the short form of the name works and the long
+form doesn't, consider the following:</p>
+
+<dl>
+<dt><b>DNS </b></dt>
+<dd>
+<p>This is bizarre; see your network or DNS administrator, as this is
+probably a DNS setup error.</p>
+</dd>
+
+
+
+<dt><b>Broadcast/WINS </b></dt>
+<dd>
+<p>This is normal; Broadcast/WINS can't use the long
+form. Optionally, consider DNS. (Be aware that Microsoft has stated
+that it will eventually switch entirely to DNS, even though DNS does
+not provide name types such as &lt;00&gt;.)</p>
+</dd>
+
+
+
+<dt><b>NIS</b></dt>
+<dd>
+<p>If you can use <em class="emphasis">ypmatch</em> to look up the short form
+but not the long, consider adding the long form to the table as at
+least an alias.</p>
+</dd>
+
+
+
+<dt><b>NIS+ </b></dt>
+<dd>
+<p>Same as NIS, except you use <em class="emphasis">nismatch</em> instead of
+<em class="emphasis">ypmatch</em> to look up names.</p>
+</dd>
+
+
+
+<dt><b>hosts and HOSTS</b></dt>
+<dd>
+<p>Add the long name as at least an alias, and preferably as the primary
+form. Also consider using DNS if it's practical.</p>
+</dd>
+
+
+
+<dt><b>LMHOSTS </b></dt>
+<dd>
+<p>This is normal. LAN Manager can't use the long form;
+consider switching to DNS or <em class="filename">hosts</em>.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.7.4"/>
+
+<h3 class="head3">Unusual delays</h3>
+
+<p><a name="INDEX-93"/>When there is a long delay before the
+expected result:</p>
+
+<dl>
+<dt><b>DNS </b></dt>
+<dd>
+<p>Test the same name with the <em class="emphasis">nslookup</em> command on
+the system that is slow (client or server). If
+<em class="emphasis">nslookup</em> is also slow, you have a DNS problem.
+If it's slower on a client, you might have too many
+protocols bound to the Ethernet card. Eliminate NetBEUI, which is
+infamously slow, and, optionally, Novell&mdash;assuming you
+don't need them. This is especially important on
+Windows 95, which is particularly sensitive to excess protocols.</p>
+</dd>
+
+
+
+<dt><b>Broadcast/ WINS</b></dt>
+<dd>
+<p>Test the client using <em class="emphasis">nmblookup</em>; if
+it's faster, you probably have the protocols problem
+as mentioned in the previous item.</p>
+</dd>
+
+
+
+<dt><b>NIS</b></dt>
+<dd>
+<p>Try <em class="emphasis">ypmatch</em>; if it's slow,
+report the problem to your network manager.</p>
+</dd>
+
+
+
+<dt><b>NIS+ </b></dt>
+<dd>
+<p>Try <em class="emphasis">nismatch</em>, similarly.</p>
+</dd>
+
+
+
+<dt><b>hosts and HOSTS</b></dt>
+<dd>
+<p>The <em class="emphasis">hosts</em> files, if of reasonable size, are
+always fast. You probably have the protocols problem mentioned
+previously under DNS.</p>
+</dd>
+
+
+
+<dt><b>lmhosts and LMHOSTS</b></dt>
+<dd>
+<p>This is not a name lookup problem; <em class="emphasis">LMHOSTS</em> files
+are as fast as <em class="emphasis">hosts</em> and
+<em class="filename">HOSTS</em> files.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.7.5"/>
+
+<h3 class="head3">Localhost issues</h3>
+
+<p><a name="INDEX-94"/>When a localhost isn't
+127.0.0.1, try the following:</p>
+
+<dl>
+<dt><b>DNS</b></dt>
+<dd>
+<p>There is probably no record for <tt class="literal">localhost</tt>.
+<tt class="literal">A</tt> <tt class="literal">127.0.0.1</tt>. Arrange to add
+one, as well as a reverse entry,
+<tt class="literal">1.0.0.127.IN-ADDR.ARPA</tt> <tt class="literal">PTR</tt>
+<tt class="literal">127.0.0.1</tt>.</p>
+</dd>
+
+
+
+<dt><b>Broadcast/WINS</b></dt>
+<dd>
+<p>Not applicable.</p>
+</dd>
+
+
+
+<dt><b>NIS</b></dt>
+<dd>
+<p>If <tt class="literal">localhost</tt> isn't in the table,
+add it.</p>
+</dd>
+
+
+
+<dt><b>NIS+ </b></dt>
+<dd>
+<p>If <tt class="literal">localhost</tt> isn't in the table,
+add it.</p>
+</dd>
+
+
+
+<dt><b>hosts and HOSTS</b></dt>
+<dd>
+<p>Add a line that says <tt class="literal">127.0.0.1</tt>
+<tt class="literal">localhost</tt>.</p>
+</dd>
+
+
+
+<dt><b>LMHOSTS</b></dt>
+<dd>
+<p>Not applicable. <a name="INDEX-95"/><a name="INDEX-96"/></p>
+</dd>
+
+</dl>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-2.8"/>
+
+<h3 class="head2">Troubleshooting Network Addresses</h3>
+
+<p><a name="INDEX-97"/><a name="INDEX-98"/>A
+number of common problems are caused by incorrect routing of Internet
+addresses or by the incorrect assignment of addresses. This section
+helps you determine what your addresses are.</p>
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.8.1"/>
+
+<h3 class="head3">Netmasks</h3>
+
+<p>Using the <a name="INDEX-99"/>netmask, it is possible to
+determine which addresses can be reached directly (i.e., which are on
+the local network) and which addresses require forwarding packets
+through a router. If the netmask is wrong, the systems will make one
+of two mistakes. One is to route local packets via a router, which is
+an expensive waste of time&mdash;it might work reasonably fast, it
+might run slowly, or it might fail utterly. The second mistake is to
+fail to send packets from a remote system to the router, which will
+prevent them from being forwarded to the remote system.</p>
+
+<p>The netmask is a number like an IP address, with one-bits for the
+network part of an address and zero-bits for the host portion. It is
+used as a bitmask to mask off parts of the address inside the TCP/IP
+code. If the mask is 255.255.0.0, the first 2 bytes are the network
+part and the last 2 are the host part. More common is 255.255.255.0,
+in which the first 3 bytes are the network part and the last one is
+the host part.</p>
+
+<p>For example, let's say your IP address is
+192.168.0.10 and the Samba server is 192.168.236.86. If your netmask
+happens to be 255.255.255.0, the network part of the address is the
+first 3 bytes, and the host part is the last byte. In this case, the
+network parts are different, and the systems are on different
+networks:</p>
+
+<a name="ch12-37-fm2xml"/><table border="1">
+
+
+
+<tr>
+<th>
+<p>Network part</p>
+</th>
+<th>
+<p>Host part</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>192 168 000</p>
+</td>
+<td>
+<p>10</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>192 168 235</p>
+</td>
+<td>
+<p>86</p>
+</td>
+</tr>
+
+</table>
+
+<p>If your netmask happens to be 255.255.0.0, the network part is just
+the first 2 bytes. In this case, the network parts match, and so the
+two systems are on the same network:</p>
+
+<a name="ch12-38-fm2xml"/><table border="1">
+
+
+
+<tr>
+<th>
+<p>Network part</p>
+</th>
+<th>
+<p>Host part</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>192 168</p>
+</td>
+<td>
+<p>000 10</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>192 168</p>
+</td>
+<td>
+<p>236 86</p>
+</td>
+</tr>
+
+</table>
+
+<p>Make sure the netmask in use on each system matches the structure of
+your network. On every subnet, the netmask should be identical on
+each system.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.8.2"/>
+
+<h3 class="head3">Broadcast addresses</h3>
+
+<p>The <a name="INDEX-100"/>broadcast address is a normal address,
+with the hosts part all one-bits. It means &quot;all
+hosts on your network.&quot; You can compute it easily
+from your netmask and address: take the address and put one-bits in
+it for all the bits that are zero at the end of the netmask (the host
+part). The following table illustrates this:</p>
+
+<a name="ch12-39-fm2xml"/><table border="1">
+
+
+
+
+<tr>
+<th>
+</th>
+<th>
+<p>Network part</p>
+</th>
+<th>
+<p>Host part</p>
+</th>
+</tr>
+
+
+<tr>
+<td>
+<p>IP address</p>
+</td>
+<td>
+<p>192 168 236</p>
+</td>
+<td>
+<p>86</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Netmask</p>
+</td>
+<td>
+<p>255 255 255</p>
+</td>
+<td>
+<p>000</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Broadcast</p>
+</td>
+<td>
+<p>192 168 236</p>
+</td>
+<td>
+<p>255</p>
+</td>
+</tr>
+
+</table>
+
+<p>In this example, the broadcast address on the 192.168.236 network is
+192.168.236.255. There is also an old
+&quot;universal&quot; broadcast address,
+255.255.255.255. Routers are prohibited from forwarding these, but
+most systems on your local network will respond to broadcasts to this
+address.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.8.3"/>
+
+<h3 class="head3">Network address ranges</h3>
+
+<p>A <a name="INDEX-101"/>number of address ranges have been
+reserved for testing and for nonconnected networks; we use these for
+the examples in this book. If you don't have an
+address yet, feel free to use one of these to start. They include one
+class A network, 10.*.*.*, a range of class B network addresses,
+172.16.*.* through 172.31.*.*, and 254 class C networks, 192.168.1.*
+through 192.168.254.*. The domain <tt class="literal">example.com</tt> is
+also reserved for unconnected networks, explanatory examples, and
+books.</p>
+
+<p>If you're actually connecting to the Internet,
+you'll need to get an appropriate IP address and a
+domain name, probably through the same company that provides your
+connection.</p>
+
+
+</div>
+
+
+
+<div class="sect3"><a name="samba2-CHP-12-SECT-2.8.4"/>
+
+<h3 class="head3">Finding your network address</h3>
+
+<p><a name="INDEX-102"/>If you
+haven't recorded your IP address, you can learn it
+through the <em class="emphasis">ifconfig</em><a name="INDEX-103"/> command on Unix or the
+<em class="emphasis">ipconfig</em> <a name="INDEX-104"/>command on Windows. (Check your manual
+pages for any options required by your brand of Unix. For example,
+<tt class="literal">ifconfig</tt> <tt class="literal">-a</tt> works on Solaris.)
+You should see output similar to the following:</p>
+
+<blockquote><pre class="code">$ <tt class="userinput"><b>ifconfig -a</b></tt>
+le0: flags=63&lt;UP,BROADCAST,NOTRAILERS,RUNNING &gt;
+ inet 192.168.236.11 netmask ffffff00 broadcast 192.168.236.255
+lo0: flags=49&lt;&amp;lt&gt;UP,LOOPBACK,RUNNING&lt;&amp;gt&gt;
+ inet 127.0.0.1 netmask ff000000</pre></blockquote>
+
+<p>One of the interfaces will be loopback (in our examples,
+<tt class="literal">lo0</tt>), and the other will be the regular IP
+interface. The flags should show that the interface is running, and
+Ethernet interfaces will also say they support broadcasts (PPP
+interfaces don't). The other places to look for IP
+addresses are <em class="filename">/etc/hosts</em> files, Windows
+<em class="emphasis">HOSTS</em> files, Windows
+<em class="emphasis">LMHOSTS</em> files, NIS, NIS+, and DNS. <a name="INDEX-105"/><a name="INDEX-106"/></p>
+
+
+</div>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-2.9"/>
+
+<h3 class="head2">Troubleshooting NetBIOS Names</h3>
+
+<p><a name="INDEX-107"/><a name="INDEX-108"/>Historically, SMB protocols have
+depended on the NetBIOS name system, also called the LAN Manager name
+system. This was a simple scheme where each system had a unique
+20-character name and broadcast it on the LAN for everyone to know.
+With TCP/IP, we tend to use names such as
+<tt class="literal">client.example.com</tt>, stored in
+<em class="filename">/etc/hosts</em> files through DNS or WINS.</p>
+
+<p>The usual mapping of domain names such as
+<tt class="literal">server.example.com</tt> to NetBIOS names simply uses
+the <tt class="literal">server</tt> part as the NetBIOS name and converts
+it to uppercase. Alas, this doesn't always work,
+especially if you have a system with a 21-character name; not
+everyone uses the same NetBIOS and DNS names. For example,
+<tt class="literal">corpvm1</tt> along with <tt class="literal">vm1.corp.com</tt>
+is not unusual.</p>
+
+<p>A system with a different NetBIOS name and domain name is confusing
+when you're troubleshooting; we recommend that you
+try to avoid this wherever possible. NetBIOS names are discoverable
+with <em class="emphasis">smbclient</em> :</p>
+
+<ul><li>
+<p>If you can list shares on your Samba server with
+<tt class="literal">smbclient</tt> <tt class="literal">-L</tt>
+<tt class="literal">short_name</tt>, the short name is the NetBIOS name.</p>
+</li><li>
+<p>If you get <tt class="literal">Get_Hostbyname</tt>:
+<tt class="literal">Unknown</tt> <tt class="literal">host</tt>
+<tt class="literal">name</tt>, there is probably a mismatch. Check in the
+<em class="filename">smb.conf</em> file to see if the NetBIOS name is
+explicitly set.</p>
+</li><li>
+<p>Try to list shares again, specifying <tt class="literal">-I</tt> and the IP
+address of the Samba server (e.g., <tt class="literal">smbclient</tt>
+<tt class="literal">-L</tt> <tt class="literal">server</tt> <tt class="literal">-I</tt>
+<tt class="literal">192.168.236.86</tt>). This overrides the name lookup
+and forces the packets to go to the IP address. If this works, there
+was a mismatch.</p>
+</li><li>
+<p>Try with <tt class="literal">-I</tt> and the full domain name of the server
+(e.g., <tt class="literal">smbclient</tt> <tt class="literal">-L</tt>
+<tt class="literal">server</tt> <tt class="literal">-I</tt>
+<tt class="literal">server.example.com</tt>). This tests the lookup of the
+domain name, using whatever scheme the Samba server uses (e.g., DNS).
+If it fails, you have a name service problem. You should reread the
+earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>,
+after you finish troubleshooting the NetBIOS names.</p>
+</li><li>
+<p>Try with the <tt class="literal">-n</tt> (NetBIOS name) option, giving it
+the name you expect to work (e.g., <tt class="literal">smbclient</tt>
+<tt class="literal">-n</tt> <tt class="literal">server</tt> <tt class="literal">-L</tt>
+<tt class="literal">server-12</tt>), but without overriding the IP address
+through <tt class="literal">-I</tt>. If this works, the name you specified
+with <tt class="literal">-n</tt> is the actual NetBIOS name of the server.
+If you receive <tt class="literal">Get-Hostbyname</tt>:
+<tt class="literal">Unknown</tt> <tt class="literal">host</tt>
+<tt class="literal">SERVER</tt>, it's not the right server
+yet.</p>
+</li><li>
+<p>If nothing is working so far, repeat the tests specifying
+<tt class="literal">-U</tt> <em class="emphasis">username</em> and
+<tt class="literal">-W</tt> <em class="emphasis">workgroup</em>, with the
+username and workgroup in uppercase, to make sure
+you're not being derailed by a user or workgroup
+mismatch.</p>
+</li><li>
+<p>If still nothing works and you had evidence of a name service
+problem, troubleshoot the name service (see the earlier section,
+<a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>) and then return to
+the NetBIOS name service. <a name="INDEX-109"/><a name="INDEX-110"/></p>
+</li></ul>
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-CHP-12-SECT-3"/>
+
+<h2 class="head1">Extra Resources</h2>
+
+<p>At some point during your work with Samba, you'll
+want to turn to online or printed resources for news, updates, and
+aid.</p>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-3.1"/>
+
+<h3 class="head2">Documentation and FAQs</h3>
+
+<p>It's OK to read the <a name="INDEX-111"/><a name="INDEX-112"/>documentation. Really. Nobody can see you,
+and we won't tell. In fact, Samba ships with a large
+set of documentation files, and it is well worth the effort to at
+least browse through them, either in the distribution directory on
+your computer under <em class="filename">/docs</em> or online at the Samba
+web site: <a href="http://www.samba.org">http://www.samba.org</a>. The most current
+FAQ list, bug information, and distribution locations are located at
+the web site, with links to all the Samba manual pages and HOWTOs.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-3.2"/>
+
+<h3 class="head2">Samba Newsgroups</h3>
+
+<p><a name="INDEX-113"/>Usenet
+newsgroups have always been a great place to get advice on just about
+any topic. In the past few years, though, this vast pool of knowledge
+has developed something that has made it into an invaluable resource:
+a memory. Archival and search sites such as the one at
+<a name="INDEX-114"/>Google (<a href="http://groups.google.com/advanced_group_search">http://groups.google.com/advanced_group_search</a>)
+have made sifting through years of valuable solutions as simple as a
+few mouse clicks.</p>
+
+<p>The primary newsgroup for Samba is
+<em class="emphasis">comp.protocols.smb</em><a name="INDEX-115"/>. This should always be your first
+stop when there's a problem. More often than not,
+spending 5 minutes researching an error here will save hours of
+frustration while trying to debug something yourself.</p>
+
+<p>When searching a newsgroup, try to be as specific as possible, but
+not too wordy. Searching on actual error messages is best. If you
+don't find an answer immediately in the newsgroup,
+resist the temptation to post a request for help until
+you've done a bit more work on the problem. You
+might find that the answer is in a FAQ or one of the many
+documentation files that ship with Samba, or a solution might become
+evident when you run one of Samba's diagnostic
+tools. If nothing works, post a request in
+<em class="emphasis">comp.protocols.smb</em>, and be as specific as
+possible about what you have tried and what you are seeing. Include
+any error messages that appear. It might be days before you receive
+help, so be patient and keep trying things while you wait.</p>
+
+<a name="samba2-CHP-12-NOTE-161"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
+<p>Once you post a request for help, keep poking at the problem
+yourself. Most of us have had the experience of posting a Usenet
+article containing hundreds of lines of intricate detail, only to
+solve the problem an hour later after the article has blazed its way
+across several continents. The rule of thumb goes something like
+this: the more folks who have read your request, the simpler the
+solution. Usually this means that once everyone in the Unix community
+has seen your article, the solution will be something simple such as,
+&quot;Plug the power cord into the wall
+socket.&quot;</p>
+</blockquote>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-3.3"/>
+
+<h3 class="head2">Samba Mailing Lists</h3>
+
+<p>The following are <a name="INDEX-116"/>mailing lists for support with Samba. See
+the Samba home page, <a href="http://www.samba.org/">http://www.samba.org/</a>, for
+information on subscribing and unsubscribing to these mailing lists:</p>
+
+<dl>
+<dt><b>samba@samba.org</b></dt>
+<dd>
+<p>This is the primary mailing list for general questions and discussion
+regarding Samba.</p>
+</dd>
+
+
+
+<dt><b>samba-announce@samba.org</b></dt>
+<dd>
+<p>This list is for receiving news regarding Samba, such as
+announcements of new releases.</p>
+</dd>
+
+
+
+<dt><b>samba-cvs@samba.org</b></dt>
+<dd>
+<p>By subscribing to this list, you can automatically receive a message
+every time one of the Samba developers updates the Samba source code
+in the CVS repository. You might want to do this if you are waiting
+for a specific bug fix or feature to be applied. To avoid congesting
+your email inbox, we suggest using the digest feature, which
+consolidates messages into a smaller number of emails.</p>
+</dd>
+
+
+
+<dt><b>samba-docs@samba.org</b></dt>
+<dd>
+<p>This list is for discussing Samba documentation.</p>
+</dd>
+
+
+
+<dt><b>samba-vms@samba.org</b></dt>
+<dd>
+<p>This mailing list is for people who are running Samba on the VMS
+operating system.</p>
+</dd>
+
+
+
+<dt><b>samba-binaries@samba.org</b></dt>
+<dd>
+<p>This is a list for developers to use when discussing precompiled
+Samba distributions.</p>
+</dd>
+
+
+
+<dt><b>samba-technical@samba.org</b></dt>
+<dd>
+<p>This mailing list is for developer discussion of the Samba code.</p>
+</dd>
+
+</dl>
+
+<p>Searchable versions of the Samba mailing list archives can be found
+at <a href="http://marc.theaimsgroup.com">http://marc.theaimsgroup.com</a>.</p>
+
+<p>When posting messages to the Samba mailing lists, keep in mind that
+you are sending your message to a large audience. The notes in the
+previous section regarding Usenet postings also apply here. A
+well-formulated question or comment is more likely to be answered,
+and a poorly conceived message is <em class="emphasis">very</em> likely to
+be ignored!</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-CHP-12-SECT-3.4"/>
+
+<h3 class="head2">Further Reading</h3>
+
+<ol><li>
+<p>Hunt, Craig. <em class="emphasis">TCP/IP Network Administration</em>,
+Third Edition. Sebastopol, CA: O'Reilly
+&amp; Associates, 1997.</p>
+</li>
+<li>
+<p>Hunt, Craig, and Robert Bruce Thompson. <em class="emphasis">Windows NT TCP/IP
+Network Administration</em>. Sebastopol, CA:
+O'Reilly &amp; Associates, 1998.</p>
+</li>
+<li>
+<p>Albitz, Paul, and Cricket Liu. <em class="emphasis">DNS and Bind</em>,
+Fourth Edition. Sebastopol, CA: O'Reilly
+&amp; Associates, 1998.</p>
+</li>
+<li>
+<p>Stern, Hal. <em class="emphasis">Managing NFS and NIS</em>, Second
+Edition. Sebastopol, CA: O'Reilly &amp; Associates,
+1991.<a name="INDEX-117"/></p>
+</li></ol>
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html>
diff --git a/docs/htmldocs/using_samba/figs/sam2_0101.gif b/docs/htmldocs/using_samba/figs/sam2_0101.gif
new file mode 100644
index 00000000000..195326a205c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0101.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0102.gif b/docs/htmldocs/using_samba/figs/sam2_0102.gif
new file mode 100644
index 00000000000..e453dbf0233
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0102.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0103.gif b/docs/htmldocs/using_samba/figs/sam2_0103.gif
new file mode 100644
index 00000000000..ed50af69af0
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0103.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0104.gif b/docs/htmldocs/using_samba/figs/sam2_0104.gif
new file mode 100644
index 00000000000..e903a0f22e1
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0104.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0105.gif b/docs/htmldocs/using_samba/figs/sam2_0105.gif
new file mode 100644
index 00000000000..0fec77125d2
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0105.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0106.gif b/docs/htmldocs/using_samba/figs/sam2_0106.gif
new file mode 100644
index 00000000000..32cbfdbee4e
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0106.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0107.gif b/docs/htmldocs/using_samba/figs/sam2_0107.gif
new file mode 100644
index 00000000000..2d8b8e66b7b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0107.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0108.gif b/docs/htmldocs/using_samba/figs/sam2_0108.gif
new file mode 100644
index 00000000000..9d26856e388
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0108.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0109.gif b/docs/htmldocs/using_samba/figs/sam2_0109.gif
new file mode 100644
index 00000000000..2c7db9617af
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0109.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0110.gif b/docs/htmldocs/using_samba/figs/sam2_0110.gif
new file mode 100644
index 00000000000..2d7d50a702d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0110.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0111.gif b/docs/htmldocs/using_samba/figs/sam2_0111.gif
new file mode 100644
index 00000000000..f6be700fa5e
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0111.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0112.gif b/docs/htmldocs/using_samba/figs/sam2_0112.gif
new file mode 100644
index 00000000000..4eddb820695
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0112.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0113.gif b/docs/htmldocs/using_samba/figs/sam2_0113.gif
new file mode 100644
index 00000000000..1886bbcb5a7
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0113.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0114.gif b/docs/htmldocs/using_samba/figs/sam2_0114.gif
new file mode 100644
index 00000000000..75cf0a750ad
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0114.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0201.gif b/docs/htmldocs/using_samba/figs/sam2_0201.gif
new file mode 100644
index 00000000000..7dc140530cd
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0201.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0202.gif b/docs/htmldocs/using_samba/figs/sam2_0202.gif
new file mode 100644
index 00000000000..ccbaeed4fe8
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0202.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0203.gif b/docs/htmldocs/using_samba/figs/sam2_0203.gif
new file mode 100644
index 00000000000..127705fd388
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0203.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0204.gif b/docs/htmldocs/using_samba/figs/sam2_0204.gif
new file mode 100644
index 00000000000..5359423fd5a
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0204.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0301.gif b/docs/htmldocs/using_samba/figs/sam2_0301.gif
new file mode 100644
index 00000000000..30759463cfc
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0301.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0302.gif b/docs/htmldocs/using_samba/figs/sam2_0302.gif
new file mode 100644
index 00000000000..5576573e83a
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0302.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0303.gif b/docs/htmldocs/using_samba/figs/sam2_0303.gif
new file mode 100644
index 00000000000..76b8dd36bbb
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0303.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0304.gif b/docs/htmldocs/using_samba/figs/sam2_0304.gif
new file mode 100644
index 00000000000..b309fc99685
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0304.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0305.gif b/docs/htmldocs/using_samba/figs/sam2_0305.gif
new file mode 100644
index 00000000000..5a9fd77443f
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0305.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0306.gif b/docs/htmldocs/using_samba/figs/sam2_0306.gif
new file mode 100644
index 00000000000..47b15548f3c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0306.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0307.gif b/docs/htmldocs/using_samba/figs/sam2_0307.gif
new file mode 100644
index 00000000000..7874ccb889e
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0307.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0308.gif b/docs/htmldocs/using_samba/figs/sam2_0308.gif
new file mode 100644
index 00000000000..23d4fccd65f
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0308.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0309.gif b/docs/htmldocs/using_samba/figs/sam2_0309.gif
new file mode 100644
index 00000000000..2e27a2f407d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0309.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0310.gif b/docs/htmldocs/using_samba/figs/sam2_0310.gif
new file mode 100644
index 00000000000..846b228effc
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0310.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0311.gif b/docs/htmldocs/using_samba/figs/sam2_0311.gif
new file mode 100644
index 00000000000..acb82fa77b5
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0311.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0312.gif b/docs/htmldocs/using_samba/figs/sam2_0312.gif
new file mode 100644
index 00000000000..2a96425312f
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0312.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0313.gif b/docs/htmldocs/using_samba/figs/sam2_0313.gif
new file mode 100644
index 00000000000..4482a8b27b6
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0313.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0314.gif b/docs/htmldocs/using_samba/figs/sam2_0314.gif
new file mode 100644
index 00000000000..02b8bcd2c7e
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0314.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0315.gif b/docs/htmldocs/using_samba/figs/sam2_0315.gif
new file mode 100644
index 00000000000..bd747a23a9e
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0315.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0316.gif b/docs/htmldocs/using_samba/figs/sam2_0316.gif
new file mode 100644
index 00000000000..a12e20e8b4d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0316.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0317.gif b/docs/htmldocs/using_samba/figs/sam2_0317.gif
new file mode 100644
index 00000000000..1957fc09e69
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0317.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0318.gif b/docs/htmldocs/using_samba/figs/sam2_0318.gif
new file mode 100644
index 00000000000..2c90ee6523c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0318.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0319.gif b/docs/htmldocs/using_samba/figs/sam2_0319.gif
new file mode 100644
index 00000000000..ceb80412996
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0319.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0320.gif b/docs/htmldocs/using_samba/figs/sam2_0320.gif
new file mode 100644
index 00000000000..766c0ec4baa
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0320.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0321.gif b/docs/htmldocs/using_samba/figs/sam2_0321.gif
new file mode 100644
index 00000000000..b1dac33f233
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0321.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0322.gif b/docs/htmldocs/using_samba/figs/sam2_0322.gif
new file mode 100644
index 00000000000..fa0c2a3ed25
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0322.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0323.gif b/docs/htmldocs/using_samba/figs/sam2_0323.gif
new file mode 100644
index 00000000000..9678a4b0dad
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0323.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0324.gif b/docs/htmldocs/using_samba/figs/sam2_0324.gif
new file mode 100644
index 00000000000..f1fd719fc22
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0324.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0325.gif b/docs/htmldocs/using_samba/figs/sam2_0325.gif
new file mode 100644
index 00000000000..3887d36b94c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0325.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0326.gif b/docs/htmldocs/using_samba/figs/sam2_0326.gif
new file mode 100644
index 00000000000..26047eb48e1
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0326.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0327.gif b/docs/htmldocs/using_samba/figs/sam2_0327.gif
new file mode 100644
index 00000000000..f8b661bce8d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0327.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0328.gif b/docs/htmldocs/using_samba/figs/sam2_0328.gif
new file mode 100644
index 00000000000..9f767a156ee
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0328.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0329.gif b/docs/htmldocs/using_samba/figs/sam2_0329.gif
new file mode 100644
index 00000000000..4cfa231e86a
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0329.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0330.gif b/docs/htmldocs/using_samba/figs/sam2_0330.gif
new file mode 100644
index 00000000000..4c90f3b8c7b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0330.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0331.gif b/docs/htmldocs/using_samba/figs/sam2_0331.gif
new file mode 100644
index 00000000000..bc1fc19721c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0331.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0332.gif b/docs/htmldocs/using_samba/figs/sam2_0332.gif
new file mode 100644
index 00000000000..a507e19018f
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0332.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0333.gif b/docs/htmldocs/using_samba/figs/sam2_0333.gif
new file mode 100644
index 00000000000..6b1b2a7dd5c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0333.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0334.gif b/docs/htmldocs/using_samba/figs/sam2_0334.gif
new file mode 100644
index 00000000000..ff408ecd6c8
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0334.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0335.gif b/docs/htmldocs/using_samba/figs/sam2_0335.gif
new file mode 100644
index 00000000000..fdf01219e1e
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0335.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0336.gif b/docs/htmldocs/using_samba/figs/sam2_0336.gif
new file mode 100644
index 00000000000..a44851c3405
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0336.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0337.gif b/docs/htmldocs/using_samba/figs/sam2_0337.gif
new file mode 100644
index 00000000000..219afbd1477
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0337.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0338.gif b/docs/htmldocs/using_samba/figs/sam2_0338.gif
new file mode 100644
index 00000000000..8f1ba6e36fc
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0338.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0339.gif b/docs/htmldocs/using_samba/figs/sam2_0339.gif
new file mode 100644
index 00000000000..f42c1b57ec9
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0339.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0340.gif b/docs/htmldocs/using_samba/figs/sam2_0340.gif
new file mode 100644
index 00000000000..76c5a1b3478
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0340.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0341.gif b/docs/htmldocs/using_samba/figs/sam2_0341.gif
new file mode 100644
index 00000000000..634b847d041
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0341.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0342.gif b/docs/htmldocs/using_samba/figs/sam2_0342.gif
new file mode 100644
index 00000000000..51284782a32
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0342.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0343.gif b/docs/htmldocs/using_samba/figs/sam2_0343.gif
new file mode 100644
index 00000000000..0618a841cf1
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0343.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0344.gif b/docs/htmldocs/using_samba/figs/sam2_0344.gif
new file mode 100644
index 00000000000..7d40dbcdf19
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0344.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0345.gif b/docs/htmldocs/using_samba/figs/sam2_0345.gif
new file mode 100644
index 00000000000..0b36aa6da39
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0345.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0346.gif b/docs/htmldocs/using_samba/figs/sam2_0346.gif
new file mode 100644
index 00000000000..36c3999ad16
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0346.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0347.gif b/docs/htmldocs/using_samba/figs/sam2_0347.gif
new file mode 100644
index 00000000000..db6c3e10ce3
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0347.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0348.gif b/docs/htmldocs/using_samba/figs/sam2_0348.gif
new file mode 100644
index 00000000000..16457a34210
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0348.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0349.gif b/docs/htmldocs/using_samba/figs/sam2_0349.gif
new file mode 100644
index 00000000000..6445cdd3bc0
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0349.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0350.gif b/docs/htmldocs/using_samba/figs/sam2_0350.gif
new file mode 100644
index 00000000000..08ee35b8e7e
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0350.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0351.gif b/docs/htmldocs/using_samba/figs/sam2_0351.gif
new file mode 100644
index 00000000000..b30b6038186
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0351.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0352.gif b/docs/htmldocs/using_samba/figs/sam2_0352.gif
new file mode 100644
index 00000000000..bfab1e0031c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0352.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0353.gif b/docs/htmldocs/using_samba/figs/sam2_0353.gif
new file mode 100644
index 00000000000..4c1e84f37ee
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0353.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0354.gif b/docs/htmldocs/using_samba/figs/sam2_0354.gif
new file mode 100644
index 00000000000..3519397705c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0354.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0355.gif b/docs/htmldocs/using_samba/figs/sam2_0355.gif
new file mode 100644
index 00000000000..8559956df80
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0355.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0356.gif b/docs/htmldocs/using_samba/figs/sam2_0356.gif
new file mode 100644
index 00000000000..9cffddf4b2a
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0356.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0357.gif b/docs/htmldocs/using_samba/figs/sam2_0357.gif
new file mode 100644
index 00000000000..f1a70438581
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0357.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0358.gif b/docs/htmldocs/using_samba/figs/sam2_0358.gif
new file mode 100644
index 00000000000..58073c2d195
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0358.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0359.gif b/docs/htmldocs/using_samba/figs/sam2_0359.gif
new file mode 100644
index 00000000000..1fe90edca65
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0359.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0360.gif b/docs/htmldocs/using_samba/figs/sam2_0360.gif
new file mode 100644
index 00000000000..c306296f086
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0360.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0361.gif b/docs/htmldocs/using_samba/figs/sam2_0361.gif
new file mode 100644
index 00000000000..7b6cc3c8783
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0361.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0401.gif b/docs/htmldocs/using_samba/figs/sam2_0401.gif
new file mode 100644
index 00000000000..68c4ec949ee
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0401.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0402.gif b/docs/htmldocs/using_samba/figs/sam2_0402.gif
new file mode 100644
index 00000000000..817622adee2
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0402.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0403.gif b/docs/htmldocs/using_samba/figs/sam2_0403.gif
new file mode 100644
index 00000000000..8d2bf580e6b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0403.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0404.gif b/docs/htmldocs/using_samba/figs/sam2_0404.gif
new file mode 100644
index 00000000000..5f93a6715c2
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0404.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0405.gif b/docs/htmldocs/using_samba/figs/sam2_0405.gif
new file mode 100644
index 00000000000..67925c1db56
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0405.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0406.gif b/docs/htmldocs/using_samba/figs/sam2_0406.gif
new file mode 100644
index 00000000000..f6b39247114
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0406.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0407.gif b/docs/htmldocs/using_samba/figs/sam2_0407.gif
new file mode 100644
index 00000000000..486a629e9e5
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0407.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0408.gif b/docs/htmldocs/using_samba/figs/sam2_0408.gif
new file mode 100644
index 00000000000..dbc31bb54d4
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0408.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0409.gif b/docs/htmldocs/using_samba/figs/sam2_0409.gif
new file mode 100644
index 00000000000..b9d31f2a4d5
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0409.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0410.gif b/docs/htmldocs/using_samba/figs/sam2_0410.gif
new file mode 100644
index 00000000000..83e4c9cb89c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0410.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0411.gif b/docs/htmldocs/using_samba/figs/sam2_0411.gif
new file mode 100644
index 00000000000..c6684d625cf
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0411.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0412.gif b/docs/htmldocs/using_samba/figs/sam2_0412.gif
new file mode 100644
index 00000000000..4706a99f51c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0412.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0413.gif b/docs/htmldocs/using_samba/figs/sam2_0413.gif
new file mode 100644
index 00000000000..71bf8690f86
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0413.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0414.gif b/docs/htmldocs/using_samba/figs/sam2_0414.gif
new file mode 100644
index 00000000000..2056eb45bbb
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0414.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0415.gif b/docs/htmldocs/using_samba/figs/sam2_0415.gif
new file mode 100644
index 00000000000..0c8eb017744
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0415.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0416.gif b/docs/htmldocs/using_samba/figs/sam2_0416.gif
new file mode 100644
index 00000000000..c2b2fecf3d6
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0416.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0417.gif b/docs/htmldocs/using_samba/figs/sam2_0417.gif
new file mode 100644
index 00000000000..a84d217c1fc
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0417.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0501.gif b/docs/htmldocs/using_samba/figs/sam2_0501.gif
new file mode 100644
index 00000000000..eda8e934d71
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0501.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0502.gif b/docs/htmldocs/using_samba/figs/sam2_0502.gif
new file mode 100644
index 00000000000..1f996e1b63e
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0502.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0503.gif b/docs/htmldocs/using_samba/figs/sam2_0503.gif
new file mode 100644
index 00000000000..0d7e3654ec2
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0503.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0504.gif b/docs/htmldocs/using_samba/figs/sam2_0504.gif
new file mode 100644
index 00000000000..9c60c26ef5d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0504.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0505.gif b/docs/htmldocs/using_samba/figs/sam2_0505.gif
new file mode 100644
index 00000000000..346409e3e6d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0505.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0506.gif b/docs/htmldocs/using_samba/figs/sam2_0506.gif
new file mode 100644
index 00000000000..78f5d54da23
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0506.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0507.gif b/docs/htmldocs/using_samba/figs/sam2_0507.gif
new file mode 100644
index 00000000000..e6ff6f14bd8
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0507.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0508.gif b/docs/htmldocs/using_samba/figs/sam2_0508.gif
new file mode 100644
index 00000000000..28dcb6227a3
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0508.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0601.gif b/docs/htmldocs/using_samba/figs/sam2_0601.gif
new file mode 100644
index 00000000000..006fa95580b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0601.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0602.gif b/docs/htmldocs/using_samba/figs/sam2_0602.gif
new file mode 100644
index 00000000000..598a7015dc6
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0602.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0603.gif b/docs/htmldocs/using_samba/figs/sam2_0603.gif
new file mode 100644
index 00000000000..62a8054c6f1
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0603.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0604.gif b/docs/htmldocs/using_samba/figs/sam2_0604.gif
new file mode 100644
index 00000000000..9327385eedb
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0604.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0605.gif b/docs/htmldocs/using_samba/figs/sam2_0605.gif
new file mode 100644
index 00000000000..236badf15f9
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0605.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0701.gif b/docs/htmldocs/using_samba/figs/sam2_0701.gif
new file mode 100644
index 00000000000..b0b16d458c5
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0701.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0801.gif b/docs/htmldocs/using_samba/figs/sam2_0801.gif
new file mode 100644
index 00000000000..5f9d87b206d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0801.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0802.gif b/docs/htmldocs/using_samba/figs/sam2_0802.gif
new file mode 100644
index 00000000000..fde794c19a4
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0802.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0803.gif b/docs/htmldocs/using_samba/figs/sam2_0803.gif
new file mode 100644
index 00000000000..13baa02ed46
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0803.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0804.gif b/docs/htmldocs/using_samba/figs/sam2_0804.gif
new file mode 100644
index 00000000000..fc42ebf6854
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0804.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0805.gif b/docs/htmldocs/using_samba/figs/sam2_0805.gif
new file mode 100644
index 00000000000..015ca5df190
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0805.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0806.gif b/docs/htmldocs/using_samba/figs/sam2_0806.gif
new file mode 100644
index 00000000000..f11b8a18c98
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0806.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0807.gif b/docs/htmldocs/using_samba/figs/sam2_0807.gif
new file mode 100644
index 00000000000..1ffc3eac39c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0807.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0808.gif b/docs/htmldocs/using_samba/figs/sam2_0808.gif
new file mode 100644
index 00000000000..36839a754cf
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0808.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0809.gif b/docs/htmldocs/using_samba/figs/sam2_0809.gif
new file mode 100644
index 00000000000..3145d367ce3
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0809.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0810.gif b/docs/htmldocs/using_samba/figs/sam2_0810.gif
new file mode 100644
index 00000000000..cd76217d1fa
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0810.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0811.gif b/docs/htmldocs/using_samba/figs/sam2_0811.gif
new file mode 100644
index 00000000000..e7add2a0e7f
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0811.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0901.gif b/docs/htmldocs/using_samba/figs/sam2_0901.gif
new file mode 100644
index 00000000000..6ac1e9c966e
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0901.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0902.gif b/docs/htmldocs/using_samba/figs/sam2_0902.gif
new file mode 100644
index 00000000000..f30bd1037d2
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0902.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_0903.gif b/docs/htmldocs/using_samba/figs/sam2_0903.gif
new file mode 100644
index 00000000000..0a073278ddf
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_0903.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_1001.gif b/docs/htmldocs/using_samba/figs/sam2_1001.gif
new file mode 100644
index 00000000000..491cbaf8eba
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_1001.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_1002.gif b/docs/htmldocs/using_samba/figs/sam2_1002.gif
new file mode 100644
index 00000000000..2b3177c4330
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_1002.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_1003.gif b/docs/htmldocs/using_samba/figs/sam2_1003.gif
new file mode 100644
index 00000000000..39077e86ad4
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_1003.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_1004.gif b/docs/htmldocs/using_samba/figs/sam2_1004.gif
new file mode 100644
index 00000000000..9e81522a650
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_1004.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_1005.gif b/docs/htmldocs/using_samba/figs/sam2_1005.gif
new file mode 100644
index 00000000000..5d9fe6f72ac
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_1005.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_1006.gif b/docs/htmldocs/using_samba/figs/sam2_1006.gif
new file mode 100644
index 00000000000..34fcb1054ba
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_1006.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_1101.gif b/docs/htmldocs/using_samba/figs/sam2_1101.gif
new file mode 100644
index 00000000000..0a8afebd6ae
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_1101.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_1102.gif b/docs/htmldocs/using_samba/figs/sam2_1102.gif
new file mode 100644
index 00000000000..5bfc6b55211
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_1102.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_af01.gif b/docs/htmldocs/using_samba/figs/sam2_af01.gif
new file mode 100644
index 00000000000..290cc7f491b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_af01.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_af02.gif b/docs/htmldocs/using_samba/figs/sam2_af02.gif
new file mode 100644
index 00000000000..2bc59dab693
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_af02.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_af03.gif b/docs/htmldocs/using_samba/figs/sam2_af03.gif
new file mode 100644
index 00000000000..5bff6142f8b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_af03.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_af04.gif b/docs/htmldocs/using_samba/figs/sam2_af04.gif
new file mode 100644
index 00000000000..f1ee885f325
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_af04.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_af05.gif b/docs/htmldocs/using_samba/figs/sam2_af05.gif
new file mode 100644
index 00000000000..ef154487088
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_af05.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_af06.gif b/docs/htmldocs/using_samba/figs/sam2_af06.gif
new file mode 100644
index 00000000000..756a6b1c995
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_af06.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/figs/sam2_af07.gif b/docs/htmldocs/using_samba/figs/sam2_af07.gif
new file mode 100644
index 00000000000..dfe21994847
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam2_af07.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/inx.html b/docs/htmldocs/using_samba/inx.html
new file mode 100644
index 00000000000..cc01eeb56ca
--- /dev/null
+++ b/docs/htmldocs/using_samba/inx.html
@@ -0,0 +1,1814 @@
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+
+<h2>Index</h2>
+
+<A HREF="#Symbols">[&nbsp;Symbols&nbsp;]</A>,
+<A HREF="#Numbers">[&nbsp;Numbers&nbsp;]</A>,
+<A HREF="#A">[&nbsp;A&nbsp;]</A>,
+<A HREF="#B">[&nbsp;B&nbsp;]</A>,
+<A HREF="#C">[&nbsp;C&nbsp;]</A>,
+<A HREF="#D">[&nbsp;D&nbsp;]</A>,
+<A HREF="#E">[&nbsp;E&nbsp;]</A>,
+<A HREF="#F">[&nbsp;F&nbsp;]</A>,
+<A HREF="#G">[&nbsp;G&nbsp;]</A>,
+<A HREF="#H">[&nbsp;H&nbsp;]</A>,
+<A HREF="#I">[&nbsp;I&nbsp;]</A>,
+<A HREF="#K">[&nbsp;K&nbsp;]</A>,
+<A HREF="#L">[&nbsp;L&nbsp;]</A>,
+<A HREF="#M">[&nbsp;M&nbsp;]</A>,
+<A HREF="#N">[&nbsp;N&nbsp;]</A>,
+<A HREF="#O">[&nbsp;O&nbsp;]</A>,
+<A HREF="#P">[&nbsp;P&nbsp;]</A>,
+<A HREF="#Q">[&nbsp;Q&nbsp;]</A>,
+<A HREF="#R">[&nbsp;R&nbsp;]</A>,
+<A HREF="#S">[&nbsp;S&nbsp;]</A>,
+<A HREF="#T">[&nbsp;T&nbsp;]</A>,
+<A HREF="#U">[&nbsp;U&nbsp;]</A>,
+<A HREF="#V">[&nbsp;V&nbsp;]</A>,
+<A HREF="#W">[&nbsp;W&nbsp;]</A>,
+<A HREF="#X">[&nbsp;X&nbsp;]</A>
+
+
+<P><A NAME="Symbols"><B>Symbols</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>_ _MSBROWSE _ _ resource entry, 16, 229
+<BR>. (period)
+<BR> &nbsp; &nbsp; &nbsp; NetBIOS names and, 14
+<BR> &nbsp; &nbsp; &nbsp; (see also dot files)
+<BR>%$ variable, 192
+<P><A NAME="Numbers"><B>Numbers</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>127.0.0.1 (localhost), 73
+<BR> &nbsp; &nbsp; &nbsp; bind interfaces only option, 208
+<P><A NAME="A"><B>A</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%a variable, 143, 192
+<BR> &nbsp; &nbsp; &nbsp; variable substitution, 191
+<BR>abort shutdown script option (smb.conf file), 401
+<BR>Access Control Entries (ACEs), 31, 253
+<BR>Access Control Lists (see ACLs)
+<BR>access control options, 287-288
+<BR>access, controlling (see ACLs; controlling access to shares)
+<BR>accounts (see computer accounts, adding; users)
+<BR>ACLs, 30
+<BR> &nbsp; &nbsp; &nbsp; configuration options, 260-262
+<BR> &nbsp; &nbsp; &nbsp; inheriting, 416
+<BR> &nbsp; &nbsp; &nbsp; installing Samba with support for, 495
+<BR> &nbsp; &nbsp; &nbsp; mapping to Unix permissions, 426
+<BR> &nbsp; &nbsp; &nbsp; POSIX.1e, 259
+<BR> &nbsp; &nbsp; &nbsp; support in Samba 2.2, 37
+<BR> &nbsp; &nbsp; &nbsp; Unix, 259
+<BR> &nbsp; &nbsp; &nbsp; versus Unix file permissions, 31
+<BR> &nbsp; &nbsp; &nbsp; Windows NT/2000/XP, 165, 253-262
+<BR>Active Directory
+<BR> &nbsp; &nbsp; &nbsp; Samba 2.2, 34, 121
+<BR> &nbsp; &nbsp; &nbsp; Samba 3.0, 34
+<BR> &nbsp; &nbsp; &nbsp; server, specifying, 402
+<BR> &nbsp; &nbsp; &nbsp; time synchronization and, 340
+<BR>adapters, 69
+<BR>add machine script option (smb.conf file), 402
+<BR>add printer command option (smb.conf file), 401
+<BR>add share command option (smb.conf file), 402
+<BR>add user script option (smb.conf file), 159, 402
+<BR>admin users option (smb.conf file), 285, 287, 402
+<BR>admin users (see root accounts)
+<BR>administrator (see domain administrator)
+<BR>ads server option (smb.conf file), 402
+<BR>AFS (Andrew Filesystem), installing Samba with support for, 495
+<BR>Albitz, Paul, 383
+<BR>algorithmic rid base option (smb.conf file), 402
+<BR>allow hosts option (smb.conf file), 403
+<BR>allow trusted domains option (smb.conf file), 403
+<BR>analogX Atomic TimeSync, 340
+<BR>announce as option (smb.conf file), 234, 403
+<BR>announce version option (smb.conf file), 235, 403
+<BR>anonymous
+<BR> &nbsp; &nbsp; &nbsp; restricting access, 434
+<BR> &nbsp; &nbsp; &nbsp; (see also guest access)
+<BR>ANSI C compiler required by Samba source, 44
+<BR>auth methods option (smb.conf file), 403
+<BR>authentication
+<BR> &nbsp; &nbsp; &nbsp; client, 290-296
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; setting method of, 436
+<BR> &nbsp; &nbsp; &nbsp; defined, 30
+<BR> &nbsp; &nbsp; &nbsp; enabling Samba as WINS server, configuration file example, 395
+<BR> &nbsp; &nbsp; &nbsp; files, specifying where Samba keeps, 497
+<BR> &nbsp; &nbsp; &nbsp; methods, specifying, 403
+<BR> &nbsp; &nbsp; &nbsp; overview, 31
+<BR> &nbsp; &nbsp; &nbsp; pass-through, 33
+<BR> &nbsp; &nbsp; &nbsp; Samba security levels, 290
+<BR> &nbsp; &nbsp; &nbsp; Samba's default user-level versus Windows, 74
+<BR> &nbsp; &nbsp; &nbsp; Windows 95/98/Me, 28
+<BR> &nbsp; &nbsp; &nbsp; with winbind, 307-319
+<BR> &nbsp; &nbsp; &nbsp; (see also passwords)
+<BR>auto services option (smb.conf file), 233, 235, 403
+<BR>automounting shares, 495
+<BR>available option (smb.conf file), 403
+<P><A NAME="B"><B>B</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>backends (CUPS modules), 332
+<BR>backup browsers, 27, 226
+<BR>backup domain controllers (BDCs), 31
+<BR> &nbsp; &nbsp; &nbsp; Samba 2.2's inability to work with, 122
+<BR> &nbsp; &nbsp; &nbsp; (see also primary domain controllers)
+<BR>backups, creating and restoring using smbclient, 172-174
+<BR>.bak files, 251
+<BR>.bat files, 138
+<BR>bind interfaces only option (smb.conf file), 208, 403
+<BR>bindings, 69
+<BR> &nbsp; &nbsp; &nbsp; Windows 2000, 100
+<BR> &nbsp; &nbsp; &nbsp; Windows 95/98/Me, 80
+<BR> &nbsp; &nbsp; &nbsp; Windows NT, 93
+<BR> &nbsp; &nbsp; &nbsp; Windows XP, 110
+<BR>--bindir (configure script option), 48
+<BR>bitmasks, 176
+<BR> &nbsp; &nbsp; &nbsp; CIDR format, 208
+<BR>block size option (smb.conf file), 404
+<BR>blocking locks option (smb.conf file), 404
+<BR>b-node (NetBios node type), 13
+<BR>broadcast
+<BR> &nbsp; &nbsp; &nbsp; name resolution, 71
+<BR> &nbsp; &nbsp; &nbsp; versus NBNS name registration, 11
+<BR>broadcast address, 389
+<BR>broadcasting, 12
+<BR>browsable option (smb.conf file), 233, 235, 284, 404
+<BR>browse list option (smb.conf file), 235, 404
+<BR>browse lists, 27, 224
+<BR> &nbsp; &nbsp; &nbsp; invisible shares, 233
+<BR> &nbsp; &nbsp; &nbsp; printer names, 419
+<BR> &nbsp; &nbsp; &nbsp; specifying list of shares, 431
+<BR> &nbsp; &nbsp; &nbsp; specifying shares in, 403, 404
+<BR> &nbsp; &nbsp; &nbsp; specifying the directory where Samba keeps, 497
+<BR> &nbsp; &nbsp; &nbsp; synchronizing with all domain master browsers, 411
+<BR>browse master (see local master browser)
+<BR>browse server (see local master browser)
+<BR>browseable option (smb.conf file) (see browsable option (smb.conf file))
+<BR>browser elections, 28, 226-229, 419
+<BR>browsers
+<BR> &nbsp; &nbsp; &nbsp; backup (see backup browsers)
+<BR> &nbsp; &nbsp; &nbsp; domain master browser (see domain master browser)
+<BR> &nbsp; &nbsp; &nbsp; local master (see local master browser)
+<BR>browsing, 216, 224-239
+<BR> &nbsp; &nbsp; &nbsp; a list of computers and shared resources, defined, 26
+<BR> &nbsp; &nbsp; &nbsp; configuring Samba for, 229
+<BR> &nbsp; &nbsp; &nbsp; cross-subnet, 231
+<BR> &nbsp; &nbsp; &nbsp; in a Windows network, 224-229
+<BR> &nbsp; &nbsp; &nbsp; invisible shares, 233
+<BR> &nbsp; &nbsp; &nbsp; options, 233-239
+<BR> &nbsp; &nbsp; &nbsp; overview, 26-28
+<BR> &nbsp; &nbsp; &nbsp; server from the client, 382
+<BR> &nbsp; &nbsp; &nbsp; shared resource of a specific computer, 26
+<BR> &nbsp; &nbsp; &nbsp; troubleshooting problems, 377-383
+<BR>Browsing and Windows 95 Networking and CIFS/E Browser Protocol, 229
+<BR>BROWSING.txt and BROWSING-Config.txt, 229
+<BR>BSD Unix
+<BR> &nbsp; &nbsp; &nbsp; automatically starting Samba daemons, 61
+<BR> &nbsp; &nbsp; &nbsp; printers, 330-331
+<P><A NAME="C"><B>C</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>caching policy, client-side, 406
+<BR>case sensitive option (smb.conf file), 265, 404
+<BR>case sensitivity, 262-267
+<BR> &nbsp; &nbsp; &nbsp; how Samba handles, 264
+<BR> &nbsp; &nbsp; &nbsp; preserving case of filename, 431
+<BR>casesignames option (smb.conf file), 404
+<BR>change notification, 354
+<BR>change notify timeout option (smb.conf file), 354, 405
+<BR>change share command option (smb.conf file), 405
+<BR>character set option (smb.conf file), 344, 405
+<BR>character sets, translating, 405
+<BR>checking (message from configure script), 48
+<BR>CIDR format bitmask, 208
+<BR>CIFS, 21
+<BR> &nbsp; &nbsp; &nbsp; Unix extensions, 37, 442
+<BR> &nbsp; &nbsp; &nbsp; (see also SMB)
+<BR>CIFS Technical Reference, 20
+<BR>client code page option (smb.conf file), 344, 405
+<BR>clustered environment, Samba in, 437
+<BR> &nbsp; &nbsp; &nbsp; (see also multihomed system; multiple subnets), 437
+<BR>.cmd files, 138
+<BR>code page directory option (smb.conf file), 405
+<BR>code pages, 344
+<BR>coding system option (smb.conf file), 345, 405
+<BR>command-line options, parsing, 495
+<BR>comment option (smb.conf file), 203, 406
+<BR>Common Internet File System (see CIFS)
+<BR>compiling Samba, 49-52
+<BR>components, Windows, 69
+<BR>comp.protocols.smb newsgroup, 392
+<BR>computer accounts, adding, 126
+<BR>computer names
+<BR> &nbsp; &nbsp; &nbsp; name resolution (see name resolution)
+<BR> &nbsp; &nbsp; &nbsp; Windows 2000, 103
+<BR> &nbsp; &nbsp; &nbsp; Windows 95/98/Me, 81
+<BR> &nbsp; &nbsp; &nbsp; Windows NT, 93
+<BR> &nbsp; &nbsp; &nbsp; Windows XP, 113
+<BR>computers, adding to domains, 402
+<BR>Concurrent Versions System (CVS), 491
+<BR>config file option (smb.conf file), 196, 406
+<BR>config.log file, 49
+<BR>config.pol file, 155
+<BR>config.status file, 51
+<BR>configuration file
+<BR> &nbsp; &nbsp; &nbsp; Samba's main (see smb.conf file)
+<BR> &nbsp; &nbsp; &nbsp; selecting new, 406
+<BR> &nbsp; &nbsp; &nbsp; variables (see smb.conf file, variables)
+<BR> &nbsp; &nbsp; &nbsp; (see also configuring Samba)
+<BR>configuration management tool (see CVS)
+<BR>configuration value types, 448-449
+<BR>configure script, 46
+<BR> &nbsp; &nbsp; &nbsp; options, 493-499
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --bindir, 48
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --datadir, 48
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --eprefix, 48
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --include dir, 48
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --infodir, 48
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --libdir, 48
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --libexec dir, 48
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --mandir, 48
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --prefix, 48
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --sbindir, 48
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; with feature, 47
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-acl-support, 495
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-afs, 495
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-automount, 495
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-codepagedir, 495
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-configdir, 495
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-dce-dfs, 495
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-fhs, 495
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-included-popt, 495
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-krb4, 495
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-krb5, 495
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-ldapsam, 496
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-libiconv, 496
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-libsmbclient, 496
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-lockdir, 496
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-logfilebase, 496
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-manpages-langs, 496
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-msdfs, 47, 496
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-nisplus-home, 496
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-nisplussam, 496
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; without feature, 47
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-pam, 497
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-pam_smbpass, 497
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-piddir, 497
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-privatedir, 497
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-profiling-data, 497
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-quotas, 497
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-readline, 497
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-sendfile-support, 497
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-smbmount, 47, 498
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-smbwrapper, 47, 498
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-spinlocks, 498
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-ssl, 498
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-sslinc, 498
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-ssllib, 498
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-swatdir, 498
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-syslog, 498
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-tdbsam, 498
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-utmp, 498
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --with-winbind, 499
+<BR> &nbsp; &nbsp; &nbsp; sample execution, 48
+<BR>configuring Samba, 46-49
+<BR> &nbsp; &nbsp; &nbsp; configuration file (see smb.conf file)
+<BR> &nbsp; &nbsp; &nbsp; for browsing, 229
+<BR> &nbsp; &nbsp; &nbsp; for installation (see configure script)
+<BR> &nbsp; &nbsp; &nbsp; for roaming profiles, 143-147
+<BR> &nbsp; &nbsp; &nbsp; identifying options used in previous installations, 51
+<BR> &nbsp; &nbsp; &nbsp; troubleshooting problems (see troubleshooting Samba, fault tree)
+<BR>connection scripts, 274-277
+<BR> &nbsp; &nbsp; &nbsp; monitoring directory contents, 275
+<BR> &nbsp; &nbsp; &nbsp; options, 275-277
+<BR>connections
+<BR> &nbsp; &nbsp; &nbsp; denying, 409
+<BR> &nbsp; &nbsp; &nbsp; specifying time limits for unused, 407
+<BR>controlling access to shares, 285-288
+<BR>copy option (smb.conf file), 197, 406
+<BR>Core and Core Plus, 20
+<BR>create mask option (smb.conf file), 248, 250, 406
+<BR>create mode option (smb.conf file), 284, 406
+<BR>creating (message from configure script), 48
+<BR>creation masks, 247-250
+<BR>csc policy option (smb.conf file), 406
+<BR>CVS (Concurrent Versions System), 491
+<P><A NAME="D"><B>D</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%d variable, 192
+<BR>daemons (see inetd daemon; nmbd daemon; smbd daemon; xinetd daemon)
+<BR>Darwin, automatically starting Samba daemons, 64
+<BR>.dat files
+<BR> &nbsp; &nbsp; &nbsp; changing to .man files, 150
+<BR> &nbsp; &nbsp; &nbsp; NTUSER.DAT, 141
+<BR> &nbsp; &nbsp; &nbsp; USER.DAT, 141
+<BR>--datadir (configure script option), 48
+<BR>datagram primitives, 17
+<BR>datagram services, defined, 10
+<BR>datagram services (NBT)
+<BR> &nbsp; &nbsp; &nbsp; defined, 16
+<BR> &nbsp; &nbsp; &nbsp; tips, 18
+<BR>deadtime option (smb.conf file), 349, 407
+<BR>debug hires timestamp option (smb.conf file), 407
+<BR>debug pid option (smb.conf file), 407
+<BR>debug timestamp option (smb.conf file), 214, 407
+<BR>debug uid option (smb.conf file), 407
+<BR>debuglevel option (smb.conf file), 407
+<BR>default case option (smb.conf file), 264, 265, 408
+<BR>default device mode, setting, 408
+<BR>default devmode option (smb.conf file), 408
+<BR>default option (smb.conf file), 407
+<BR>default service option (smb.conf file), 236, 408
+<BR>defending the hostname, 12
+<BR>delete printer command option (smb.conf file), 408
+<BR>delete readonly option (smb.conf file), 250, 251, 408
+<BR>delete share command option (smb.conf file), 408
+<BR>delete user script option (smb.conf file), 159, 409
+<BR>delete veto files option (smb.conf file), 241, 245, 409
+<BR>deny hosts option (smb.conf file), 409
+<BR>dfree command option (smb.conf file), 350, 409
+<BR>Dfs (Microsoft's Distributed filesystem), 277-280
+<BR> &nbsp; &nbsp; &nbsp; configuring Samba as Dfs server, 278-279
+<BR> &nbsp; &nbsp; &nbsp; installing Samba with support for, 496
+<BR> &nbsp; &nbsp; &nbsp; providing services, 415
+<BR> &nbsp; &nbsp; &nbsp; support in Samba 2.2, 36
+<BR> &nbsp; &nbsp; &nbsp; Windows clients, 278
+<BR>DHCP and IP addresses, 70
+<BR>DIAGNOSIS.txt, 359
+<BR>dig command (Unix), 73
+<BR>Digital Pathworks clients, 353
+<BR>directories
+<BR> &nbsp; &nbsp; &nbsp; caching for performance, 414
+<BR> &nbsp; &nbsp; &nbsp; connecting to drive letter, 138
+<BR> &nbsp; &nbsp; &nbsp; creating on the Samba server, 125
+<BR> &nbsp; &nbsp; &nbsp; deleting when vetoed files are present, 241, 409
+<BR> &nbsp; &nbsp; &nbsp; home, setting, 420
+<BR> &nbsp; &nbsp; &nbsp; monitoring contents, 275
+<BR> &nbsp; &nbsp; &nbsp; setting maximum allowable permissions, 409
+<BR> &nbsp; &nbsp; &nbsp; setting paths, 409
+<BR>directory mask option (smb.conf file), 249, 251, 409
+<BR>directory mode option (smb.conf file), 284, 410
+<BR>directory option (smb.conf file), 409
+<BR>directory permissions, 416
+<BR> &nbsp; &nbsp; &nbsp; options, 250-253
+<BR>directory recursion, 171
+<BR>directory security mask option (smb.conf file), 261, 262, 410
+<BR>disable spools option (smb.conf file), 410
+<BR>disk services, example of sharing, 4-7
+<BR>disk share configuration, 201-203
+<BR>disk-quota support, 497
+<BR>Distributed Computing Environment Distributed Filesystem (DCE/DFS), 495
+<BR>Distributed filesystem (see Dfs)
+<BR>dmask option, 176
+<BR>DNS, 70
+<BR> &nbsp; &nbsp; &nbsp; configuration
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows 2000, 101
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows 95/98/Me, 79
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows NT, 92
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows XP, 111
+<BR> &nbsp; &nbsp; &nbsp; NetBIOS names
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; translating between DNS names and, 182
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; versus hostnames versus, 14
+<BR> &nbsp; &nbsp; &nbsp; overview, 73
+<BR> &nbsp; &nbsp; &nbsp; servers, name resolution and, 217
+<BR>DNS proxy, configuring on WINS server, 220
+<BR>dns proxy option (smb.conf file), 220, 223, 410
+<BR>documentation, Samba, 45, 391
+<BR>domain admin group option (smb.conf file), 160, 410
+<BR>domain administrator, 126, 410
+<BR>Domain Admins group, 410
+<BR>domain controllers, 30
+<BR> &nbsp; &nbsp; &nbsp; backup (see backup domain controllers)
+<BR> &nbsp; &nbsp; &nbsp; primary (see primary domain controllers)
+<BR>Domain Guest group, 410
+<BR>domain guest group option (smb.conf file), 410
+<BR>domain logons
+<BR> &nbsp; &nbsp; &nbsp; configuring Windows clients for, 128-137
+<BR> &nbsp; &nbsp; &nbsp; Windows 2000, 133-135
+<BR> &nbsp; &nbsp; &nbsp; Windows 95/98/Me, 128-131
+<BR> &nbsp; &nbsp; &nbsp; Windows complains that you are already logged on, 129
+<BR> &nbsp; &nbsp; &nbsp; Windows NT, 131-133
+<BR> &nbsp; &nbsp; &nbsp; Windows XP Professional, 135-137
+<BR>domain logons option (smb.conf file), 159, 410
+<BR>domain master browser, 35, 226
+<BR> &nbsp; &nbsp; &nbsp; configuring Samba as both local master browser and, 124
+<BR> &nbsp; &nbsp; &nbsp; forcing Samba to be, 237, 411
+<BR> &nbsp; &nbsp; &nbsp; problems with, 35
+<BR> &nbsp; &nbsp; &nbsp; Samba as, 230
+<BR> &nbsp; &nbsp; &nbsp; synchronizing browse lists with all, 411
+<BR> &nbsp; &nbsp; &nbsp; verifying Samba as, 231
+<BR>domain master option (smb.conf file), 159, 237, 411
+<BR>domain member server, 34
+<BR> &nbsp; &nbsp; &nbsp; Samba as, 156-157
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; smb.conf file example, 400
+<BR>domain membership, 126
+<BR>Domain Name System (see DNS)
+<BR>domain-level security, 291, 296
+<BR>domains
+<BR> &nbsp; &nbsp; &nbsp; adding computers to, 402
+<BR> &nbsp; &nbsp; &nbsp; advantages of, 120
+<BR> &nbsp; &nbsp; &nbsp; more information on how to set up, 122
+<BR> &nbsp; &nbsp; &nbsp; trust relationships, 33
+<BR> &nbsp; &nbsp; &nbsp; trusted, 403
+<BR> &nbsp; &nbsp; &nbsp; (see also Windows NT domain options)
+<BR>dont descend option (smb.conf file), 241, 243, 411
+<BR>dos filemode option (smb.conf file), 411
+<BR>dos filetime resolution option (smb.conf file), 342, 411
+<BR>dos filetimes option (smb.conf file), 341, 411
+<BR>dos2unix command, 170
+<BR>dot files, 240
+<BR> &nbsp; &nbsp; &nbsp; hiding, 414
+<BR> &nbsp; &nbsp; &nbsp; (see also hiding files)
+<BR>drive letter, connecting a directory to, 6, 138
+<P><A NAME="E"><B>E</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>emacs text editor, 139
+<BR>encrypt passwords option (smb.conf file), 304, 411
+<BR>encrypted passwords
+<BR> &nbsp; &nbsp; &nbsp; disabling, 298
+<BR> &nbsp; &nbsp; &nbsp; managing, 483
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; (see also smbpasswd program)
+<BR> &nbsp; &nbsp; &nbsp; smb.conf file and, 55
+<BR> &nbsp; &nbsp; &nbsp; (see also passwords)
+<BR>enhanced browsing option (smb.conf file), 411
+<BR>enumports command option (smb.conf file), 412
+<BR>environment variables, forcing Samba to read list of, 437
+<BR>--eprefix (configure script option), 48
+<BR>error messages from configure script, 48
+<BR>/etc/fstab file, warning about editing, 177
+<BR>/etc/group, 283
+<BR>/etc/hosts file, 70
+<BR>/etc/nsswitch.conf file, 71
+<BR>/etc/passwd file, creating entries manually, 127
+<BR>/etc/printcap.local file, 330
+<BR>/etc/resolv.conf file, 73, 220
+<BR>Ethereal (SMB sniffer), 20, 361
+<BR>exec option (smb.conf file), 412
+<BR>executable file permission bit, 248
+<BR>ext2/ext3 filesystem, 37
+<P><A NAME="F"><B>F</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>fake directory create times option (smb.conf file), 342, 412
+<BR>fake oplocks option (smb.conf file), 273, 412
+<BR>FAQs, Samba, 391
+<BR>fault tree, troubleshooting Samba, 362-391
+<BR>file locking (see locks and oplocks)
+<BR>file permissions
+<BR> &nbsp; &nbsp; &nbsp; executable bit, 248
+<BR> &nbsp; &nbsp; &nbsp; on MS-DOS and Unix, 245-253
+<BR> &nbsp; &nbsp; &nbsp; options, 250-253
+<BR> &nbsp; &nbsp; &nbsp; setting in Windows NT/2000/XP, 165
+<BR> &nbsp; &nbsp; &nbsp; setting maximum allowable, 406
+<BR> &nbsp; &nbsp; &nbsp; Unix permission bits summary, 247
+<BR> &nbsp; &nbsp; &nbsp; Unix permissions versus ACLs, 31
+<BR> &nbsp; &nbsp; &nbsp; versus ACLs, 31
+<BR>file transfer using smbclient, 170
+<BR>filenames
+<BR> &nbsp; &nbsp; &nbsp; conventions, 262
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; (see also name mangling)
+<BR> &nbsp; &nbsp; &nbsp; representing and resolving in Samba, 264
+<BR>Filesystem Hierarchy Standard, 495
+<BR>filesystem options, 243-245
+<BR>findsmb program, 40, 455
+<BR>firewall configuration, 60
+<BR>fmask option (sbmount), 176
+<BR>follow symlinks option (smb.conf file), 242, 243, 412
+<BR>force create mode option (smb.conf file), 251, 412
+<BR>force directory mode option (smb.conf file), 251, 413
+<BR>force directory security mode option (smb.conf file), 262, 413
+<BR>force group option (smb.conf file), 249, 251, 413
+<BR>force security mode option (smb.conf file), 261, 413
+<BR>force unknown acl user option (smb.conf file), 413
+<BR>force user option (smb.conf file), 249, 251, 413
+<BR>Frisch, ニleen, 325
+<BR>fstab file, warning about editing, 177
+<BR>fstype option (smb.conf file), 350, 413
+<P><A NAME="G"><B>G</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%G variable, 192
+<BR>%g variable, 192
+<BR>gcc binaries, 44
+<BR>get command, 170
+<BR>getwd cache option (smb.conf file), 243, 414
+<BR>[global] section (smb.conf file), 193
+<BR>GNU configure script (see configure script)
+<BR>GNU Free Documentation License, 511-518
+<BR>Google, 392
+<BR>group ID (GID), 31
+<BR>group option (smb.conf file), 414
+<BR>grouppol.inf file, 153
+<BR>groups
+<BR> &nbsp; &nbsp; &nbsp; additional information, 16
+<BR> &nbsp; &nbsp; &nbsp; overriding a user's normal group membership, 413
+<BR> &nbsp; &nbsp; &nbsp; setting a group share in smb.conf file, 283
+<BR> &nbsp; &nbsp; &nbsp; system group file, 283
+<BR> &nbsp; &nbsp; &nbsp; (see also workgroups; SMB, groups)
+<BR>guest access, 286
+<BR>guest account option (smb.conf file), 286, 288, 414
+<BR>guest ok option (smb.conf file), 286, 414
+<BR>guest only option (smb.conf file), 288, 414
+<P><A NAME="H"><B>H</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%H variable, 192, 283
+<BR>%h variable, 192
+<BR>hide dot files option (smb.conf file), 240, 244, 414
+<BR>hide files option (smb.conf file), 241, 244, 414
+<BR>hide local users option (smb.conf file), 415
+<BR>hide unreadable option (smb.conf file), 415
+<BR>hiding files, 240-242
+<BR>h-node (NetBios node type), 13
+<BR>home directory, setting, 420
+<BR>homedir map option (smb.conf file), 281, 415
+<BR>[homes] share (smb.conf file), 125, 194, 233, 284
+<BR> &nbsp; &nbsp; &nbsp; peculiarities with, 284
+<BR>host msdfs option (smb.conf file), 280, 415
+<BR>hostname, defending, 12
+<BR>hosts allow option (smb.conf file), 204-207, 415
+<BR>hosts deny option (smb.conf file), 204-207, 415
+<BR>hosts equiv option (smb.conf file), 307, 415
+<BR>HOSTS file, 70, 74
+<BR>hosts.sam file, 74
+<BR>Hunt, Craig, 87
+<P><A NAME="I"><B>I</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%I variable, 192
+<BR>iconv( ) function, 496
+<BR>ifconfig command, 390
+<BR>Implementing Policies and Profiles for Windows NT 4.0, 141
+<BR>--include dir (configure script option), 48
+<BR>include option (smb.conf file), 193, 197, 416
+<BR>inetd daemon, 53
+<BR> &nbsp; &nbsp; &nbsp; starting smbd and nmbd daemons, 66
+<BR>--infodir (configure script option), 48
+<BR>inherit acls option (smb.conf file), 416
+<BR>inherit permissions option (smb.conf file), 253, 416
+<BR>.ini files, 187
+<BR>installation directories for Samba, 50
+<BR>installing Samba, 49-52
+<BR> &nbsp; &nbsp; &nbsp; on a Unix system, 42-67
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ANSI C compiler required by Samba source, 44
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; binary versus source, 43
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; bundled versions, 42-45
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; configuration (see configure script)
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; source, overview of steps, 44
+<BR> &nbsp; &nbsp; &nbsp; troubleshooting problems (see troubleshooting Samba, fault tree)
+<BR>interfaces list, 403
+<BR>interfaces option (smb.conf file), 207, 416
+<BR>internationalization, 343-346
+<BR> &nbsp; &nbsp; &nbsp; features of Samba 2.2, 456
+<BR> &nbsp; &nbsp; &nbsp; installing Samba with support for, 495
+<BR>invalid users option (smb.conf file), 284, 285, 287, 416
+<BR>invalid users, specifying list of, 285
+<BR>IP addresses, 70
+<BR> &nbsp; &nbsp; &nbsp; 127.0.0.1 (localhost), 73
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; bind interfaces only option, 208
+<BR> &nbsp; &nbsp; &nbsp; translating between NetBIOS names and, 182
+<BR> &nbsp; &nbsp; &nbsp; Windows 2000, 100
+<BR> &nbsp; &nbsp; &nbsp; Windows 95/98/Me networks, 78
+<BR> &nbsp; &nbsp; &nbsp; Windows NT, 90
+<BR> &nbsp; &nbsp; &nbsp; Windows XP, 111
+<BR>IPC$ password, 75
+<BR>ipconfig /all command (Windows NT/2000/XP), 13
+<BR>ipconfig command, 390
+<P><A NAME="K"><B>K</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>keepalive option (smb.conf file), 351, 416
+<BR>Kerberos authentication, 38
+<BR> &nbsp; &nbsp; &nbsp; installing Samba with support for, 495
+<BR> &nbsp; &nbsp; &nbsp; Samba 2.2 and, 121
+<BR> &nbsp; &nbsp; &nbsp; time synchronization and, 340
+<BR>kernel oplocks option (smb.conf file), 272, 417
+<P><A NAME="L"><B>L</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%L variable, 140, 144, 192
+<BR>LAN Manager host announcements, 236
+<BR>LAN Manager versions 1.0, 2.0, and 2.1, 20
+<BR>lanman auth option (smb.conf file), 417
+<BR>large readwrite option (smb.conf file), 417
+<BR>LDAP, 34, 38
+<BR> &nbsp; &nbsp; &nbsp; installing Samba with support for, 496
+<BR> &nbsp; &nbsp; &nbsp; Samba 2.2 and, 121
+<BR>ldap admin dn option (smb.conf file), 417
+<BR>ldap filter option (smb.conf file), 417
+<BR>ldap port option (smb.conf file), 417
+<BR>ldap server option (smb.conf file), 418
+<BR>ldap ssl option (smb.conf file), 418
+<BR>ldap suffix option (smb.conf file), 418
+<BR>level2 oplocks option (smb.conf file), 272, 418
+<BR>--libdir (configure script option), 48
+<BR>--libexec dir (configure script option), 48
+<BR>libnss_winbind.so library, 309
+<BR>Linux-PAM System Administrator's Guide, 314
+<BR>Liu, Cricket, 383
+<BR>lm announce option (smb.conf file), 236, 418
+<BR>lm interval option (smb.conf file), 237, 418
+<BR>LMHOSTS file, 72
+<BR> &nbsp; &nbsp; &nbsp; name resolution and, 218
+<BR> &nbsp; &nbsp; &nbsp; Windows 2000, 102
+<BR> &nbsp; &nbsp; &nbsp; Windows 95/98/Me, 80
+<BR> &nbsp; &nbsp; &nbsp; Windows NT, 92
+<BR> &nbsp; &nbsp; &nbsp; Windows XP, 112
+<BR>load balancing and Dfs, 277, 279
+<BR>load printers option (smb.conf file), 336, 419
+<BR>local master browser, 27, 224
+<BR> &nbsp; &nbsp; &nbsp; configuring Samba as both domain master browser and, 124
+<BR>local master option (smb.conf file), 230, 236, 419
+<BR>local profiles, 141
+<BR>localhost address (see 127.0.0.1 (localhost))
+<BR>lock dir option (smb.conf file), 419
+<BR>lock directory option (smb.conf file), 274, 419
+<BR>lock spin count option (smb.conf file), 419
+<BR>lock spin time option (smb.conf file), 419
+<BR>locking files (see locks and oplocks)
+<BR>locking option (smb.conf file), 271, 419
+<BR>locks and oplocks, 268-274
+<BR> &nbsp; &nbsp; &nbsp; advanced tuning parameter, 428
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; release an oplock, 427
+<BR> &nbsp; &nbsp; &nbsp; configuration options, 270-274
+<BR> &nbsp; &nbsp; &nbsp; oplock failure, 269
+<BR> &nbsp; &nbsp; &nbsp; opportunistic locking process, 268
+<BR> &nbsp; &nbsp; &nbsp; setting file locking, 419
+<BR> &nbsp; &nbsp; &nbsp; specifying directory where Samba keeps lock files, 496
+<BR> &nbsp; &nbsp; &nbsp; spin locks, 498
+<BR> &nbsp; &nbsp; &nbsp; Unix and oplocks, 270
+<BR>log file option (smb.conf file), 213, 356, 419
+<BR>log files, 67
+<BR> &nbsp; &nbsp; &nbsp; changing timestamps, 407
+<BR> &nbsp; &nbsp; &nbsp; example, 210
+<BR> &nbsp; &nbsp; &nbsp; levels of logging, 356-358
+<BR> &nbsp; &nbsp; &nbsp; nmbd, 231
+<BR> &nbsp; &nbsp; &nbsp; sample output of levels 2 and 3, 356
+<BR> &nbsp; &nbsp; &nbsp; setting location of, 419
+<BR> &nbsp; &nbsp; &nbsp; setting maximum size, 423
+<BR> &nbsp; &nbsp; &nbsp; specifying the directory where Samba keeps, 496
+<BR> &nbsp; &nbsp; &nbsp; troubleshooting with, 356-359
+<BR> &nbsp; &nbsp; &nbsp; (see also logging)
+<BR>log level option (smb.conf file), 213, 420
+<BR>logging
+<BR> &nbsp; &nbsp; &nbsp; activating and deactivating, 358
+<BR> &nbsp; &nbsp; &nbsp; adding process ID, 407
+<BR> &nbsp; &nbsp; &nbsp; configuration options, 210-215
+<BR> &nbsp; &nbsp; &nbsp; debugging particular user, 407
+<BR> &nbsp; &nbsp; &nbsp; (see also log files)
+<BR>login parameters, setting, 24
+<BR>logon drive option (smb.conf file), 151, 420
+<BR>logon home line (smb.conf file), 144
+<BR>logon home option (smb.conf file), 152, 420
+<BR>logon path line (smb.conf file), 144
+<BR>logon path option (smb.conf file), 151, 420
+<BR>logon path, supporting roaming profiles for Windows NT/2000/XP clients, 124
+<BR>logon script option (smb.conf file), 151, 420
+<BR>logon scripts, 120, 137-140
+<BR> &nbsp; &nbsp; &nbsp; checking the format, 139
+<BR> &nbsp; &nbsp; &nbsp; creating, 138-140
+<BR> &nbsp; &nbsp; &nbsp; more information regarding, 140
+<BR> &nbsp; &nbsp; &nbsp; options, 150
+<BR> &nbsp; &nbsp; &nbsp; using variables inside, 139
+<BR>logon.bat, 138
+<BR>log.smb file, 67
+<BR>lpadmin command (Unix), 333
+<BR>lppause command option (smb.conf file), 336, 420
+<BR>lppause command (Unix), 323
+<BR>lpq cache time option (smb.conf file), 335, 420
+<BR>lpq command option (smb.conf file), 336, 421
+<BR>lpq command (Unix), 323
+<BR>lpr command (Unix), 322
+<BR>lpresume command option (smb.conf file), 336, 421
+<BR>lpresume command (Unix), 323
+<BR>lprm command option (smb.conf file), 336, 421
+<BR>lprm command (Unix), 323
+<P><A NAME="M"><B>M</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%M variable, 192
+<BR>%m variable, 140, 143, 192
+<BR>Mac OS X
+<BR> &nbsp; &nbsp; &nbsp; automatically starting Samba daemons, 64
+<BR> &nbsp; &nbsp; &nbsp; configuration details, 506-509
+<BR> &nbsp; &nbsp; &nbsp; enabling SMB printer sharing, 325
+<BR> &nbsp; &nbsp; &nbsp; monitoring services, 505
+<BR> &nbsp; &nbsp; &nbsp; Password Server, 504
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; activating, 504
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabling, 505
+<BR> &nbsp; &nbsp; &nbsp; smbutil and mount_smbfs, 184-186
+<BR>Mac OS X Server
+<BR> &nbsp; &nbsp; &nbsp; configuration settings, 508
+<BR> &nbsp; &nbsp; &nbsp; configuring and activating services, 503
+<BR> &nbsp; &nbsp; &nbsp; running Samba on, 500-510
+<BR> &nbsp; &nbsp; &nbsp; sharing files, 501
+<BR> &nbsp; &nbsp; &nbsp; sharing printers, 501
+<BR>Mac OS X Server Administrator's Guide, 500
+<BR>machine password timeout option (smb.conf file), 160, 421
+<BR>magic output option (smb.conf file), 343, 421
+<BR>magic script option (smb.conf file), 343, 421
+<BR>magic scripts, 342
+<BR>mailing lists, Samba, 392
+<BR> &nbsp; &nbsp; &nbsp; archives, 45
+<BR>make install command (Unix), 50
+<BR> &nbsp; &nbsp; &nbsp; upgrading installations, 52
+<BR>make revert command (Unix), 50
+<BR>make utility (Unix), 49
+<BR>makefile, generating for Samba configuration, 46
+<BR>make_smbcodepage program, 40, 456
+<BR>make_unicodemap program, 40, 456
+<BR>.man files, changing from .dat files, 150
+<BR>man pages (see manual pages)
+<BR>managing connections to shares (see connection scripts)
+<BR>mandatory profiles, 149
+<BR> &nbsp; &nbsp; &nbsp; changing from roaming profiles, 150
+<BR>--mandir (configure script option), 48
+<BR>mangle case option (smb.conf file), 267, 421
+<BR>mangled map option (smb.conf file), 267, 422
+<BR>mangled names option (smb.conf file), 266, 422
+<BR>mangled stack option (smb.conf file), 267, 422
+<BR>mangling char option (smb.conf file), 267, 422
+<BR>mangling method option (smb.conf file), 422
+<BR>MANPATH environment variable, 52
+<BR>manual pages, 52
+<BR> &nbsp; &nbsp; &nbsp; in different languages, 496
+<BR>map archive option (smb.conf file), 247, 252, 422
+<BR>map hidden option (smb.conf file), 247, 252, 422
+<BR>map system option (smb.conf file), 247, 252, 422
+<BR>map to guest option (smb.conf file), 423
+<BR>mapping a free-form client username to a Unix username, 289
+<BR>mapping a network drive (see drive letter, connecting a directory to)
+<BR>master browser (see local master browser)
+<BR>max connections option (smb.conf file), 288, 423
+<BR>max disk size option (smb.conf file), 351, 423
+<BR>max log size option (smb.conf file), 213, 423
+<BR>max mux option (smb.conf file), 351, 423
+<BR>max open files option (smb.conf file), 423
+<BR>max open files (smb.conf file), 351
+<BR>max print jobs option (smb.conf file), 424
+<BR>max protocol option (smb.conf file), 424
+<BR>max smbd processes option (smb.conf file), 424
+<BR>max ttl option (smb.conf file), 224, 424
+<BR>max wins ttl option (smb.conf file), 224, 424
+<BR>max xmit option (smb.conf file), 352, 424
+<BR>message command option (smb.conf file), 348, 424
+<BR>messenger service, 346-348
+<BR>mget command, 170
+<BR>Microsoft Distributed filesystem (see Dfs)
+<BR>min passwd length option (smb.conf file), 425
+<BR>min password length option (smb.conf file), 425
+<BR>min print space option (smb.conf file), 338, 425
+<BR>min protocol option (smb.conf file), 425
+<BR>min wins ttl option (smb.conf file), 224, 425
+<BR>m-node (NetBios node type), 13
+<BR>mount_smbfs program, 161, 182
+<BR> &nbsp; &nbsp; &nbsp; options, 183
+<BR>mput command, 170
+<BR>msdfs root option (smb.conf file), 280, 425
+<BR>MS-DOS file permissions, 245-253
+<BR>MSN Messenger, 346-348
+<BR>multihomed system
+<BR> &nbsp; &nbsp; &nbsp; running Samba on, 204
+<BR> &nbsp; &nbsp; &nbsp; (see also clustered environment, Samba in; multiple subnets)
+<BR>multiple subnets
+<BR> &nbsp; &nbsp; &nbsp; cross-subnet browsing, 232
+<BR> &nbsp; &nbsp; &nbsp; with Samba servers, 232
+<BR> &nbsp; &nbsp; &nbsp; (see also clustered environment, Samba in; multihomed system)
+<BR>My Network Places, 26
+<BR> &nbsp; &nbsp; &nbsp; (see also Network Neighborhood)
+<P><A NAME="N"><B>N</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%N variable, 192
+<BR>name mangling, 262-267
+<BR> &nbsp; &nbsp; &nbsp; how Samba mangles a long filename into a 8.3 filename, 263
+<BR> &nbsp; &nbsp; &nbsp; options, 265-267, 421
+<BR>name registration, 11-13
+<BR>name resolution, 11-13, 70, 216-224
+<BR> &nbsp; &nbsp; &nbsp; broadcast method, 71
+<BR> &nbsp; &nbsp; &nbsp; configuring in Samba, 219
+<BR> &nbsp; &nbsp; &nbsp; methods, 217
+<BR> &nbsp; &nbsp; &nbsp; using broadcast packets, 217
+<BR>name resolve order option (smb.conf file), 219, 223, 425
+<BR>name services
+<BR> &nbsp; &nbsp; &nbsp; defined, 10
+<BR> &nbsp; &nbsp; &nbsp; identifying what's in use, 383
+<BR> &nbsp; &nbsp; &nbsp; switching, 71
+<BR> &nbsp; &nbsp; &nbsp; troubleshooting, 383-388
+<BR>name-resolution configuration options, 221-224
+<BR>NBNS name registration
+<BR> &nbsp; &nbsp; &nbsp; versus broadcast, 11
+<BR>NBT, 10, 69
+<BR> &nbsp; &nbsp; &nbsp; services, 16
+<BR>NBT Standard, 10
+<BR>nbtstat utility, 228
+<BR> &nbsp; &nbsp; &nbsp; examples, 14, 15
+<BR>net program, 40, 457-462
+<BR>net time command, 138, 339
+<BR>net use command, 138, 144
+<BR> &nbsp; &nbsp; &nbsp; testing connections with, 374
+<BR>net view program, 225
+<BR> &nbsp; &nbsp; &nbsp; testing client browsing, 381
+<BR>NetBEUI protocol, 10
+<BR> &nbsp; &nbsp; &nbsp; running at same time as NetBIOS over TCP/IP, 69
+<BR>NetBIOS
+<BR> &nbsp; &nbsp; &nbsp; group resource types, 16
+<BR> &nbsp; &nbsp; &nbsp; names
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; translating between IP address or DNS names and, 182
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; troubleshooting, 390
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; versus DNS hostnames, 14
+<BR> &nbsp; &nbsp; &nbsp; node types, 13
+<BR> &nbsp; &nbsp; &nbsp; overview, 9
+<BR> &nbsp; &nbsp; &nbsp; resource names and types, 14
+<BR> &nbsp; &nbsp; &nbsp; session, establishing, 22
+<BR> &nbsp; &nbsp; &nbsp; unique resource types, 15
+<BR> &nbsp; &nbsp; &nbsp; Windows 95/98/Me, 80
+<BR>netbios aliases option (smb.conf file), 209, 426
+<BR>netbios name option (smb.conf file), 200, 426
+<BR>NetBIOS over TCP/IP (see NBT)
+<BR>netbios scope option (smb.conf file), 426
+<BR>[netlogon] share (smb.conf file), 125, 138, 233
+<BR>netmask, using to troubleshoot, 388
+<BR>network adapters, 69
+<BR>network addresses
+<BR> &nbsp; &nbsp; &nbsp; finding your specific address, 390
+<BR> &nbsp; &nbsp; &nbsp; troubleshooting, 388-390
+<BR>Network Information Service (see NIS)
+<BR>Network Neighborhood, 27
+<BR> &nbsp; &nbsp; &nbsp; (see also My Network Places)
+<BR>Network Time Protocol (NTP), 340
+<BR>network traffic, monitoring (see tcpdump program)
+<BR>networking
+<BR> &nbsp; &nbsp; &nbsp; components
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows 2000, 99
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows XP, 109
+<BR> &nbsp; &nbsp; &nbsp; concepts, Windows (see Windows, networking concepts)
+<BR> &nbsp; &nbsp; &nbsp; options, 204-208
+<BR>new features
+<BR> &nbsp; &nbsp; &nbsp; in Samba 2.2, 36
+<BR> &nbsp; &nbsp; &nbsp; in Samba 3.0, 38
+<BR>news, Samba, 45
+<BR>newsgroups, Samba, 391
+<BR>NFS, installing Samba with support for, 495
+<BR>NIS+
+<BR> &nbsp; &nbsp; &nbsp; installing Samba with support for, 496
+<BR> &nbsp; &nbsp; &nbsp; server, installing Samba with support for locating, 496
+<BR>nis homedir option (smb.conf file), 281, 426
+<BR>NIS (Network Information Service), 71, 280
+<BR> &nbsp; &nbsp; &nbsp; configuration options, 280
+<BR> &nbsp; &nbsp; &nbsp; server, 30
+<BR>nmake command, 412
+<BR>nmap command (Unix), 73
+<BR>nmbd daemon, 3, 39, 61, 453
+<BR> &nbsp; &nbsp; &nbsp; starting automatically, 61-65
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; BSD Unix, 61
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Darwin and Mac OS X, 64
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; System V Unix, 61
+<BR> &nbsp; &nbsp; &nbsp; starting from inetd, 66
+<BR> &nbsp; &nbsp; &nbsp; starting manually, 61
+<BR> &nbsp; &nbsp; &nbsp; testing, 66
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; automatic startup, 65
+<BR> &nbsp; &nbsp; &nbsp; time service, 442
+<BR>nmbd log file, 231
+<BR>nmblookup program, 40, 229, 231, 462
+<BR> &nbsp; &nbsp; &nbsp; testing clients, 380
+<BR> &nbsp; &nbsp; &nbsp; testing network, 381
+<BR> &nbsp; &nbsp; &nbsp; testing servers, 379
+<BR>nobody account, 286
+<BR>node types, 13
+<BR>non unix account range option (smb.conf file), 426
+<BR>nslookup command (Unix), 73
+<BR>nsmb.conf file, 181
+<BR>.nsmbrc files, 181
+<BR>nsswitch, configuring, 309
+<BR>nsswitch.conf file, 71
+<BR>nt acl support option (smb.conf file), 260, 426
+<BR>NT LAN Manager 1.0, 21
+<BR>nt pipe support option (smb.conf file), 352, 426
+<BR>nt smb support option (smb.conf file), 352, 427
+<BR>nt status support option (smb.conf file), 427
+<BR>ntconfig.pol file, 155
+<BR>NT-specific SMB IPC$ pipes, 352
+<BR>NTUSER.DAT file, 141
+<BR>null passwords option (smb.conf file), 306, 427
+<BR>number of address ranges, 389
+
+<P><A NAME="O"><B>O</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>obey pam restrictions option (smb.conf file), 427
+<BR>od command, 139
+<BR>.old files, 50
+<BR>ole locking compatibility (smb.conf file), 352
+<BR>only guest option (smb.conf file), 427
+<BR>only user option (smb.conf file), 293, 427
+<BR>Open Directory Password Server, 504
+<BR>oplock break wait time option (smb.conf file), 427
+<BR>oplock contention limit option (smb.conf file), 428
+<BR>oplocks option (smb.conf file), 272, 428
+<BR>opportunistic locking (see locks and oplocks)
+<BR>os level option (smb.conf file), 230, 238, 428
+<BR>os2 driver map option (smb.conf file), 428
+<BR>overwriting files (see locks and oplocks)
+
+<P><A NAME="P"><B>P</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%P variable, 192
+<BR>%p variable, 192
+<BR>padc command, 359
+<BR>pam password change option (smb.conf file), 428
+<BR>PAM (Pluggable Authentication Modules), 38
+<BR> &nbsp; &nbsp; &nbsp; configuring, 313-317
+<BR>pam_stack.so module, 316
+<BR>pam_winbind.so module, 316
+<BR>panic action option (smb.conf file), 352, 428
+<BR>par command, 359
+<BR>passdb backend option (smb.conf file), 429
+<BR>pass-through authentication, 33
+<BR>passwd chat debug option (smb.conf file), 305, 429
+<BR>passwd chat option (smb.conf file), 301, 305, 429
+<BR>PASSWD environment variable, 167
+<BR>passwd file, creating entries manually, 127
+<BR>passwd program option (smb.conf file), 305, 429
+<BR>password chat response characters, 302
+<BR>password chat send characters, 302
+<BR>password level option (smb.conf file), 305, 429
+<BR>Password Server (Mac OS X), 504
+<BR> &nbsp; &nbsp; &nbsp; activating, 504
+<BR> &nbsp; &nbsp; &nbsp; enabling, 505
+<BR>password server option (smb.conf file), 160, 295, 429
+<BR>passwords, 74, 296-307
+<BR> &nbsp; &nbsp; &nbsp; adding to smb.conf file, 75
+<BR> &nbsp; &nbsp; &nbsp; configuration options, 303-307
+<BR> &nbsp; &nbsp; &nbsp; disabling encrypted, 298
+<BR> &nbsp; &nbsp; &nbsp; encrypted (see encrypted passwords)
+<BR> &nbsp; &nbsp; &nbsp; IPC$, 75
+<BR> &nbsp; &nbsp; &nbsp; limiting length of, 425
+<BR> &nbsp; &nbsp; &nbsp; plain-text versus encrypted, 74
+<BR> &nbsp; &nbsp; &nbsp; setting on Windows 95/98/Me, 83
+<BR> &nbsp; &nbsp; &nbsp; setting servers that validate, 429
+<BR> &nbsp; &nbsp; &nbsp; synchronization, 300-303
+<BR> &nbsp; &nbsp; &nbsp; Windows versus Unix, 29
+<BR> &nbsp; &nbsp; &nbsp; (see also authentication)
+<BR>PATH environment variable, 52
+<BR>path option (smb.conf file), 202, 430
+<BR>pdbedit program, 40, 464
+<BR>PDC emulator, 121
+<BR>PDCs (see primary domain controllers)
+<BR>Pearce, Eric, 16, 160
+<BR>performance, caching directories, 414
+<BR>period (.)
+<BR> &nbsp; &nbsp; &nbsp; NetBIOS names and, 14
+<BR> &nbsp; &nbsp; &nbsp; (see also dot files)
+<BR>permissions
+<BR> &nbsp; &nbsp; &nbsp; mapping to Windows NT ACLs, 426
+<BR> &nbsp; &nbsp; &nbsp; (see also file permissions; directory permissions)
+<BR>pid directory option (smb.conf file), 430
+<BR>PIDs, adding to log lines, 407
+<BR>ping, troubleshooting with, 363-367
+<BR>Pluggable Authentication Modules (see PAM)
+<BR>p-node (NetBios node type), 13
+<BR>point-to-point communication, 12
+<BR>policies, defined, 120
+<BR>port names, customized, 412
+<BR>POSIX ACL support, 416
+<BR>posix locking option (smb.conf file), 272, 430
+<BR>POSIX.1e ACLs, 259
+<BR>postexec option (smb.conf file), 277, 430
+<BR>postscript option (smb.conf file), 335, 430
+<BR>preexec close option (smb.conf file), 277, 430
+<BR>preexec option (smb.conf file), 274, 276, 430
+<BR>preferred master option (smb.conf file), 237, 431
+<BR>preferred master parameter (smb.conf file), 230
+<BR>--prefix (configure script option), 48
+<BR>preload option (smb.conf file), 235, 431
+<BR>preserve case option (smb.conf file), 264, 266, 431
+<BR>preventing file overwrites (see locks and oplocks)
+<BR>primary domain controllers (PDCs), 31, 226
+<BR> &nbsp; &nbsp; &nbsp; handling authentication (see winbind)
+<BR> &nbsp; &nbsp; &nbsp; modifying smb.conf file, 122-125
+<BR> &nbsp; &nbsp; &nbsp; Samba as, 121-126
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; smb.conf file example, 397-399
+<BR>primary WINS server, 32
+<BR> &nbsp; &nbsp; &nbsp; synchronization problems with Samba 2.2, 33
+<BR>print command option (smb.conf file), 322, 336, 431
+<BR>print commands, 321
+<BR>print jobs
+<BR> &nbsp; &nbsp; &nbsp; deleting, 421
+<BR> &nbsp; &nbsp; &nbsp; limiting number of, 424
+<BR> &nbsp; &nbsp; &nbsp; pausing, 420
+<BR> &nbsp; &nbsp; &nbsp; resuming, 421
+<BR> &nbsp; &nbsp; &nbsp; sending over Samba, 321
+<BR>print ok option (smb.conf file), 433
+<BR>printable option (smb.conf file), 323, 335, 431
+<BR>printcap file, 419
+<BR> &nbsp; &nbsp; &nbsp; example, 336
+<BR>printcap name option (smb.conf file), 338, 431
+<BR>printcap option (smb.conf file), 338
+<BR>printcap.local file, 330
+<BR>printer admin option (smb.conf file), 432
+<BR>printer driver file option (smb.conf file), 432
+<BR>printer driver location option (smb.conf file), 432
+<BR>printer driver option (smb.conf file), 432
+<BR>printer name option (smb.conf file), 335, 432
+<BR>printer option (smb.conf file), 335, 432
+<BR>printer status, setting command for, 421
+<BR>printers
+<BR> &nbsp; &nbsp; &nbsp; adding new to system, 401
+<BR> &nbsp; &nbsp; &nbsp; BSD, 330-331
+<BR> &nbsp; &nbsp; &nbsp; CUPS, 332
+<BR> &nbsp; &nbsp; &nbsp; example of sharing, 8
+<BR> &nbsp; &nbsp; &nbsp; names in browse lists, 419
+<BR> &nbsp; &nbsp; &nbsp; removing from system, 408
+<BR> &nbsp; &nbsp; &nbsp; sending files using smbclient, 325
+<BR> &nbsp; &nbsp; &nbsp; setting default device mode, 408
+<BR> &nbsp; &nbsp; &nbsp; setting up from Windows, 8
+<BR> &nbsp; &nbsp; &nbsp; sharing, 320
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; on Mac OS X, 501
+<BR> &nbsp; &nbsp; &nbsp; System V, 331
+<BR> &nbsp; &nbsp; &nbsp; (see also printing)
+<BR>[printers] share (smb.conf file), 195, 324
+<BR> &nbsp; &nbsp; &nbsp; example for a Linux system, 324
+<BR>printing, 320-338
+<BR> &nbsp; &nbsp; &nbsp; adding a Unix printer, 330-333
+<BR> &nbsp; &nbsp; &nbsp; common problem with Samba printer configuration, 325
+<BR> &nbsp; &nbsp; &nbsp; CUPS-compatible, 486
+<BR> &nbsp; &nbsp; &nbsp; debugging printers, 325
+<BR> &nbsp; &nbsp; &nbsp; Mac OS X environment, 325
+<BR> &nbsp; &nbsp; &nbsp; network, 320
+<BR> &nbsp; &nbsp; &nbsp; options, 333-338
+<BR> &nbsp; &nbsp; &nbsp; setting up and testing a Windows client, 326
+<BR> &nbsp; &nbsp; &nbsp; shares
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; example, 322
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; important information about, 323
+<BR> &nbsp; &nbsp; &nbsp; system types, 334
+<BR> &nbsp; &nbsp; &nbsp; testing the configuration, 325
+<BR> &nbsp; &nbsp; &nbsp; to Windows from Unix, 327-338
+<BR> &nbsp; &nbsp; &nbsp; variables, 322
+<BR> &nbsp; &nbsp; &nbsp; (see also printers)
+<BR>printing option (smb.conf file), 334, 432
+<BR>private directory option (smb.conf file), 433
+<BR>process IDs, adding to log lines, 407
+<BR>processes, viewing in Unix, 8
+<BR>[profiles] share (smb.conf file), 125
+<BR>prompt command, 171
+<BR>protocol option (smb.conf file), 433
+<BR>ps command (Unix), 8
+<BR> &nbsp; &nbsp; &nbsp; looking for daemon processes with, 368
+<BR>public option (smb.conf file), 433
+<BR>put command, 170
+<BR>.pwl files, 29
+<P><A NAME="Q"><B>Q</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>queuepause command option (smb.conf file), 338, 433
+<BR>queueresume command option (smb.conf file), 338, 433
+<P><A NAME="R"><B>R</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%R variable, 192
+<BR>read bmpx option (smb.conf file), 433
+<BR>read list option (smb.conf file), 286, 288, 433
+<BR>read only option (smb.conf file), 203, 434
+<BR>read raw option (smb.conf file), 434
+<BR>read size option (smb.conf file), 434
+<BR>readline( ) support, 497
+<BR>read-only access, specifying users, 433
+<BR>realm option (smb.conf file), 434
+<BR>reconfiguring Samba, 52
+<BR>recurse command, 171
+<BR>registry files, 141
+<BR> &nbsp; &nbsp; &nbsp; settings and passwords, 74
+<BR>relative identifier (RID), 30
+<BR>remote announce option (smb.conf file), 232, 238, 434
+<BR>remote browse sync option (smb.conf file), 238, 434
+<BR>remote logons (see roaming profiles)
+<BR>resolv.conf file, 73, 220
+<BR>resource names and types (NetBIOS), 14
+<BR>restrict anonymous option (smb.conf file), 434
+<BR>roaming profiles, 120, 140-152
+<BR> &nbsp; &nbsp; &nbsp; changing to mandatory profiles, 150
+<BR> &nbsp; &nbsp; &nbsp; configuring
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Samba for, 143-147
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows 95/98/Me for, 147
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows NT/2000/XP for, 148
+<BR> &nbsp; &nbsp; &nbsp; defining a logon path for Windows NT/2000/XP clients, 124
+<BR> &nbsp; &nbsp; &nbsp; definitive documentation, 141
+<BR> &nbsp; &nbsp; &nbsp; how they work, 141
+<BR> &nbsp; &nbsp; &nbsp; options, 150
+<BR> &nbsp; &nbsp; &nbsp; possible problems, 142
+<BR> &nbsp; &nbsp; &nbsp; restricting users from editing their own, 149
+<BR> &nbsp; &nbsp; &nbsp; setting path to directory (Windows NT/2000/XP), 420
+<BR> &nbsp; &nbsp; &nbsp; smb.conf file, 138
+<BR> &nbsp; &nbsp; &nbsp; Temporary Internet Files folder, 143
+<BR> &nbsp; &nbsp; &nbsp; time synchronization, 339
+<BR> &nbsp; &nbsp; &nbsp; users logged onto multiple clients, 142
+<BR> &nbsp; &nbsp; &nbsp; warning, 141
+<BR> &nbsp; &nbsp; &nbsp; (see also mandatory profiles)
+<BR>root access, 285
+<BR>root accounts
+<BR> &nbsp; &nbsp; &nbsp; adding root user to Samba's password database, 126
+<BR> &nbsp; &nbsp; &nbsp; (see also domain administrator)
+<BR> &nbsp; &nbsp; &nbsp; specifying users with root permissions, 402
+<BR>root dir option (smb.conf file), 435
+<BR>root directory option (smb.conf file), 435
+<BR>root option (smb.conf file), 435
+<BR>root postexec option (smb.conf file), 277, 435
+<BR>root preexec close option (smb.conf file), 276, 435
+<BR>root preexec option (smb.conf file), 275, 276, 435
+<BR>roving profiles (see roaming profiles)
+<BR>rpcclient commands, 467-470
+<BR>rpcclient program, 40, 465
+<BR>rpm command (Unix), 43
+<P><A NAME="S"><B>S</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%S variable, 192
+<BR>SAM (Security Account Manager), 30
+<BR> &nbsp; &nbsp; &nbsp; database, 126
+<BR>Samba
+<BR> &nbsp; &nbsp; &nbsp; advantages of using, 3
+<BR> &nbsp; &nbsp; &nbsp; allowing outside applications to access Samba features, 496
+<BR> &nbsp; &nbsp; &nbsp; compiling (see compiling Samba)
+<BR> &nbsp; &nbsp; &nbsp; configuration file (see smb.conf file)
+<BR> &nbsp; &nbsp; &nbsp; configuring (see configuring Samba)
+<BR> &nbsp; &nbsp; &nbsp; defined, 2
+<BR> &nbsp; &nbsp; &nbsp; distribution, overview, 39
+<BR> &nbsp; &nbsp; &nbsp; as domain member server, 34
+<BR> &nbsp; &nbsp; &nbsp; downloading, 45
+<BR> &nbsp; &nbsp; &nbsp; examples
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sharing a printer, 8
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sharing disk service, 4-7
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; simple network, 4
+<BR> &nbsp; &nbsp; &nbsp; in a clustered environment, 437
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; (see also multihomed system; multiple subnets), 437
+<BR> &nbsp; &nbsp; &nbsp; installing (see installing Samba)
+<BR> &nbsp; &nbsp; &nbsp; manual pages, 52
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; in different languages, 496
+<BR> &nbsp; &nbsp; &nbsp; obtaining, 41
+<BR> &nbsp; &nbsp; &nbsp; overview, 1-41
+<BR> &nbsp; &nbsp; &nbsp; running on a multihomed system, 204
+<BR> &nbsp; &nbsp; &nbsp; troubleshooting (see troubleshooting Samba)
+<BR> &nbsp; &nbsp; &nbsp; upgrading installations, 51
+<BR> &nbsp; &nbsp; &nbsp; variables (see smb.conf file, variables)
+<BR> &nbsp; &nbsp; &nbsp; web site, 41
+<BR>Samba 2.2
+<BR> &nbsp; &nbsp; &nbsp; in a domain hosted by native mode Windows 2000 server, 34
+<BR> &nbsp; &nbsp; &nbsp; issues with Active Directory, 34, 121
+<BR> &nbsp; &nbsp; &nbsp; new features, 36
+<BR>Samba 3.0
+<BR> &nbsp; &nbsp; &nbsp; new features, 38
+<BR> &nbsp; &nbsp; &nbsp; obsolete options
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; blocksize, 404
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; character set, 405
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; client code page, 405
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; code page directory, 405
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; coding system, 405
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; domain guest group, 410
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; force unknown acl user, 413
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ldap admin dn, 417
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ldap filter, 417
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ldap port, 417
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ldap server, 418
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ldap ssl, 418
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ldap suffix, 418
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nt smb support, 427
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; related to SSL, 438-440
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; status, 440
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; unix extensions, 442
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; userhosts, 443
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; valid chars, 444
+<BR> &nbsp; &nbsp; &nbsp; roles, 38
+<BR>Samba server
+<BR> &nbsp; &nbsp; &nbsp; adding to workgroup, configuration file example, 396
+<BR> &nbsp; &nbsp; &nbsp; connecting from
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows 2000, 107
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows 95/98/Me, 84
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows NT, 96
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows XP, 116
+<BR> &nbsp; &nbsp; &nbsp; connection listings (see smbstatus program)
+<BR> &nbsp; &nbsp; &nbsp; creating directories on, 125
+<BR> &nbsp; &nbsp; &nbsp; restarting, 126
+<BR> &nbsp; &nbsp; &nbsp; sending a print job, 321
+<BR> &nbsp; &nbsp; &nbsp; services, 2
+<BR>Samba Web Administration Tool (see SWAT)
+<BR>Samba-BDC-HOWTO.html, 122
+<BR>Samba-PDC-HOWTO.html, 122
+<BR>Samba's NT LM 0.12, 21
+<BR>SASL (Simple Authentication and Security Layer) standard, 504
+<BR>--sbindir (configure script option), 48
+<BR>scope ID (SMB packet), 16
+<BR>search paths, setting, 52
+<BR>secrets.tdb file, 156
+<BR>security
+<BR> &nbsp; &nbsp; &nbsp; Samba security levels
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; domain (see domain-level security)
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; server (see server-level security)
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; share (see share-level security)
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; user (see user-level security)
+<BR> &nbsp; &nbsp; &nbsp; user-level for Windows 95/98/Me, 129
+<BR> &nbsp; &nbsp; &nbsp; (see also authentication)
+<BR>Security Access Token (SAT), 31
+<BR>Security Account Manager (SAM), 30
+<BR>security identifiers (SIDs), 30
+<BR>security issues
+<BR> &nbsp; &nbsp; &nbsp; creating entries for /etc/passwd and smbpasswd manually, 127
+<BR> &nbsp; &nbsp; &nbsp; disabling oplocks in smb.conf file, 58
+<BR>security mask option (smb.conf file), 261, 436
+<BR>security models, Unix versus Windows, 253
+<BR>security option (smb.conf file), 291, 436
+<BR>sendfile( ) system call, 497
+<BR>server announcements, 229
+<BR>Server Message Block (SMB) protocol (see SMB)
+<BR>server string option (smb.conf file), 200, 436
+<BR>server-level security, 291, 295
+<BR>session parameters, setting, 24
+<BR>session primitives, 17
+<BR>session service, defined, 10
+<BR>session services (NBT)
+<BR> &nbsp; &nbsp; &nbsp; defined, 16
+<BR> &nbsp; &nbsp; &nbsp; tips, 18
+<BR>set directory option (smb.conf file), 353, 436
+<BR>share modes option (smb.conf file), 436
+<BR>share-level security, 290
+<BR> &nbsp; &nbsp; &nbsp; options, 293
+<BR> &nbsp; &nbsp; &nbsp; versus user-level security, 162
+<BR>shares
+<BR> &nbsp; &nbsp; &nbsp; adding new, 402
+<BR> &nbsp; &nbsp; &nbsp; allowing and denying, 415
+<BR> &nbsp; &nbsp; &nbsp; copying configurations, 406
+<BR> &nbsp; &nbsp; &nbsp; deleting, 408
+<BR> &nbsp; &nbsp; &nbsp; denying access to, 403
+<BR> &nbsp; &nbsp; &nbsp; invisible, 233
+<BR> &nbsp; &nbsp; &nbsp; managing connections to (see connection scripts)
+<BR> &nbsp; &nbsp; &nbsp; modifying, 405
+<BR> &nbsp; &nbsp; &nbsp; printers, setting default device mode, 408
+<BR> &nbsp; &nbsp; &nbsp; sections in smb.conf file, 125
+<BR> &nbsp; &nbsp; &nbsp; setting maximum number, 423
+<BR> &nbsp; &nbsp; &nbsp; specifying in browse lists, 403, 404, 431
+<BR> &nbsp; &nbsp; &nbsp; specifying systems that may connect to, 403
+<BR>sharing
+<BR> &nbsp; &nbsp; &nbsp; disk services example, 4-7
+<BR> &nbsp; &nbsp; &nbsp; files
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Mac OS X, 501
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows 95/98/Me, 162
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows NT/2000/XP, 163, 165
+<BR> &nbsp; &nbsp; &nbsp; printers (see printers, sharing)
+<BR>Sharpe, Richard, 19
+<BR>short preserve case option (smb.conf file), 264, 266, 436
+<BR>show add printer wizard option (smb.conf file), 437
+<BR>shutdown script option (smb.conf file), 437
+<BR>SIDs (security identifiers), 30
+<BR>SMB, 2
+<BR> &nbsp; &nbsp; &nbsp; CIFS and, 21
+<BR> &nbsp; &nbsp; &nbsp; clients, 21
+<BR> &nbsp; &nbsp; &nbsp; command format, 19
+<BR> &nbsp; &nbsp; &nbsp; connections, troubleshooting, 371-377
+<BR> &nbsp; &nbsp; &nbsp; groups, 15
+<BR> &nbsp; &nbsp; &nbsp; header fields, 19
+<BR> &nbsp; &nbsp; &nbsp; header format, 19
+<BR> &nbsp; &nbsp; &nbsp; message format, 19
+<BR> &nbsp; &nbsp; &nbsp; network, overview, 9-18
+<BR> &nbsp; &nbsp; &nbsp; online summary, 19
+<BR> &nbsp; &nbsp; &nbsp; packets, 16
+<BR> &nbsp; &nbsp; &nbsp; protocol
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; additional information, 20
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; negotiating a protocol variant, 22
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; overview, 18-26
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; versions, 20
+<BR> &nbsp; &nbsp; &nbsp; servers, 21
+<BR> &nbsp; &nbsp; &nbsp; simple connection, 22
+<BR>smb passwd file option (smb.conf file), 306, 437
+<BR>SMB sniffer (Ethereal), 20
+<BR>smbcacls program, 40, 470
+<BR>smbclient commands, 168
+<BR>smbclient program, 40, 67, 161, 165-174, 472-478
+<BR> &nbsp; &nbsp; &nbsp; authenticating with, 167
+<BR> &nbsp; &nbsp; &nbsp; compared to smbfs and smbsh, 165
+<BR> &nbsp; &nbsp; &nbsp; creating and restoring backups, 172-174
+<BR> &nbsp; &nbsp; &nbsp; file transfer, 170
+<BR> &nbsp; &nbsp; &nbsp; interactive session, 168-171
+<BR> &nbsp; &nbsp; &nbsp; listing services, 165
+<BR> &nbsp; &nbsp; &nbsp; programming with, 171
+<BR> &nbsp; &nbsp; &nbsp; security and, 168
+<BR> &nbsp; &nbsp; &nbsp; sending a file to the printer, 325
+<BR> &nbsp; &nbsp; &nbsp; testing
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; browsing, 377
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; connections with, 373
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; locally with, 372
+<BR>smb.conf file, 187-215
+<BR> &nbsp; &nbsp; &nbsp; adding user passwords, 75
+<BR> &nbsp; &nbsp; &nbsp; bracketed names, 188
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; (see also shares, sections in smb.conf file)
+<BR> &nbsp; &nbsp; &nbsp; capitalization, 189
+<BR> &nbsp; &nbsp; &nbsp; comments, 190
+<BR> &nbsp; &nbsp; &nbsp; configuring winbind, 309
+<BR> &nbsp; &nbsp; &nbsp; creating and modifying (see SWAT)
+<BR> &nbsp; &nbsp; &nbsp; disabling oplocks, 58
+<BR> &nbsp; &nbsp; &nbsp; encrypted passwords and, 55
+<BR> &nbsp; &nbsp; &nbsp; examples, 187
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; configuring Samba to use another WINS server, 396
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; disk share, 201-203
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabling Samba as WINS server, 395
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; server configuration file, 198-201
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; setting Samba as domain member server, 400
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; setting Samba as PDC, 397-399
+<BR> &nbsp; &nbsp; &nbsp; file structure, 188-191
+<BR> &nbsp; &nbsp; &nbsp; getting started, 54-60
+<BR> &nbsp; &nbsp; &nbsp; [global] section, 193
+<BR> &nbsp; &nbsp; &nbsp; include option, 193
+<BR> &nbsp; &nbsp; &nbsp; line continuation, 189
+<BR> &nbsp; &nbsp; &nbsp; location from bundled installation, 42
+<BR> &nbsp; &nbsp; &nbsp; logon scripts (see logon scripts)
+<BR> &nbsp; &nbsp; &nbsp; Mac OS X, 509
+<BR> &nbsp; &nbsp; &nbsp; making significant changes, 190
+<BR> &nbsp; &nbsp; &nbsp; modifying Samba to be a PDC, 122-125
+<BR> &nbsp; &nbsp; &nbsp; modifying Samba to be domain member server, 157
+<BR> &nbsp; &nbsp; &nbsp; name resolution, 219
+<BR> &nbsp; &nbsp; &nbsp; options, 188, 195-198
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; access control, 287-288
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ACLs, 260-262
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; browsing, 233-239
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; connection scripts, 275-277
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; disk share, 202
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dot files, 240
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; file and directory permissions, 250-253
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; filesystem, 243-245
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; internationalization, 343-346
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; locks and oplocks, 270-274
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; logging, 210-215
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; name mangling, 265-267
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; name resolution, 221-224
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; networking, 204-208
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NIS, 280
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; password, 303-307
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; printing, 333-338
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; server, 199
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; time synchronization, 341-342
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; virtual servers, 209
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; winbind, 317-319
+<BR> &nbsp; &nbsp; &nbsp; [printers] section, 195
+<BR> &nbsp; &nbsp; &nbsp; roaming profiles, 138
+<BR> &nbsp; &nbsp; &nbsp; runtime changes, 190
+<BR> &nbsp; &nbsp; &nbsp; shares, 125, 194
+<BR> &nbsp; &nbsp; &nbsp; smbmount program and, 174
+<BR> &nbsp; &nbsp; &nbsp; smbsh and, 179
+<BR> &nbsp; &nbsp; &nbsp; testing, 59
+<BR> &nbsp; &nbsp; &nbsp; variables, 191-193
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; example of use, 193
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; table, 192
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; used at runtime, 140
+<BR> &nbsp; &nbsp; &nbsp; WINS support, 71
+<BR>smbcontrol program, 40, 478
+<BR>smbd daemon, 3, 39, 61, 451
+<BR> &nbsp; &nbsp; &nbsp; checking with telnet, 369
+<BR> &nbsp; &nbsp; &nbsp; starting automatically, 61-65
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; BSD Unix, 61
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Darwin and Mac OS X, 64
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; System V Unix, 61
+<BR> &nbsp; &nbsp; &nbsp; starting from inetd, 66
+<BR> &nbsp; &nbsp; &nbsp; starting manually, 61
+<BR> &nbsp; &nbsp; &nbsp; testing, 66
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; automatic startup, 65
+<BR>smbfs filesystem, 161, 174-178
+<BR> &nbsp; &nbsp; &nbsp; compared to smbclient, 165
+<BR> &nbsp; &nbsp; &nbsp; installing Samba with support for, 498
+<BR> &nbsp; &nbsp; &nbsp; mounting automatically, 177
+<BR>smbgroupedit program, 40, 479
+<BR>smbmnt program, 40, 174, 480
+<BR>smbmount program, 40, 175, 481
+<BR> &nbsp; &nbsp; &nbsp; installing Samba with support for, 498
+<BR> &nbsp; &nbsp; &nbsp; options, 178
+<BR> &nbsp; &nbsp; &nbsp; smb.conf file, 174
+<BR>SMBnegprot request, 23
+<BR>smbpasswd file, 126, 299-300
+<BR> &nbsp; &nbsp; &nbsp; creating entries manually, 127
+<BR>smbpasswd program, 41, 55, 483
+<BR>smbprint program, 330
+<BR>smbprint.sysv, 330
+<BR>SMBSesssetupX command, 24
+<BR>smbsh program, 41, 161, 179, 485
+<BR> &nbsp; &nbsp; &nbsp; compared to smbclient, 165
+<BR> &nbsp; &nbsp; &nbsp; installing Samba with support for, 498
+<BR> &nbsp; &nbsp; &nbsp; interactive session, 179
+<BR> &nbsp; &nbsp; &nbsp; smb.conf file, 179
+<BR>smbspool, 330
+<BR>smbspool program, 41, 486
+<BR>smbspool utility, 332
+<BR>smbstatus program, 8, 41, 487
+<BR>smbtar program, 41, 487
+<BR>SMBtconX message, 25
+<BR>smbumount program, 41, 488
+<BR>smbutil program, 161, 181
+<BR> &nbsp; &nbsp; &nbsp; options, 183
+<BR> &nbsp; &nbsp; &nbsp; testing print configuration, 326
+<BR>smbwrapper library, 179, 498
+<BR>socket address option (smb.conf file), 437
+<BR>socket options option (smb.conf file), 437
+<BR>source environment option (smb.conf file), 437
+<BR>source/config.status file, 51
+<BR>spin locks, 498
+<BR>SSL
+<BR> &nbsp; &nbsp; &nbsp; installing Samba to support, 498
+<BR> &nbsp; &nbsp; &nbsp; options, 438-440
+<BR>ssl CA certDir option (smb.conf file), 438
+<BR>ssl CA certFile option (smb.conf file), 438
+<BR>ssl ciphers option (smb.conf file), 438
+<BR>ssl client cert option (smb.conf file), 438
+<BR>ssl client key option (smb.conf file), 438
+<BR>ssl compatibility option (smb.conf file), 439
+<BR>ssl hosts option (smb.conf file), 439
+<BR>ssl hosts resign option (smb.conf file), 439
+<BR>ssl option (smb.conf file), 438
+<BR>ssl require clientcert option (smb.conf file), 439
+<BR>ssl require servercert option (smb.conf file), 439
+<BR>ssl server cert option (smb.conf file), 439
+<BR>ssl server key option (smb.conf file), 440
+<BR>ssl version option (smb.conf file), 440
+<BR>stat cache option (smb.conf file), 354, 440
+<BR>stat cache size option (smb.conf file), 354, 440
+<BR>status option (smb.conf file), 440
+<BR>status (smb.conf file), 353
+<BR>Stern, Hal, 383
+<BR>strace command, 359
+<BR>strict allocate option (smb.conf file), 440
+<BR>strict locking option (smb.conf file), 271, 441
+<BR>strict sync option (smb.conf file), 353, 441
+<BR>strip dot option (smb.conf file), 353, 441
+<BR>subnets, workgroups spanning multiple, 34
+<BR>superuser (root) access, 285
+<BR>SWAT
+<BR> &nbsp; &nbsp; &nbsp; enabling, 52
+<BR> &nbsp; &nbsp; &nbsp; login, 56
+<BR> &nbsp; &nbsp; &nbsp; specifying where to install files for, 498
+<BR> &nbsp; &nbsp; &nbsp; using, 56-58
+<BR>symbolic links, 242
+<BR> &nbsp; &nbsp; &nbsp; creating before clients are added to network, 147
+<BR> &nbsp; &nbsp; &nbsp; in file shares, 412
+<BR>symlinks option (smb.conf file), 242
+<BR>sync always option (smb.conf file), 353, 441
+<BR>synchronization, password (see passwords, synchronization)
+<BR>synchronization problems with WINS servers in Samba, 33, 71
+<BR>syslog, 211
+<BR> &nbsp; &nbsp; &nbsp; error logging, installing Samba to support, 498
+<BR>syslog only option (smb.conf file), 215, 441
+<BR>syslog option (smb.conf file), 214, 441
+<BR>syslog.conf file, 212
+<BR>system group file, 283
+<BR>system policies, 152-156
+<BR> &nbsp; &nbsp; &nbsp; Windows Me, 155
+<BR>System Policy Editor, 152-156
+<BR>System V Unix
+<BR> &nbsp; &nbsp; &nbsp; automatically starting Samba daemons, 61
+<BR> &nbsp; &nbsp; &nbsp; printers, 331
+
+<P><A NAME="T"><B>T</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%T variable, 192
+<BR>TCP, troubleshooting, 367
+<BR>tcpdump program, 360
+<BR> &nbsp; &nbsp; &nbsp; download, 22
+<BR> &nbsp; &nbsp; &nbsp; example, 22
+<BR>TCP/IP
+<BR> &nbsp; &nbsp; &nbsp; adding to Windows 95/98/Me network, 76
+<BR> &nbsp; &nbsp; &nbsp; configuring for Windows 2000, 100
+<BR> &nbsp; &nbsp; &nbsp; configuring for Windows 95/98/Me, 78
+<BR> &nbsp; &nbsp; &nbsp; configuring for Windows NT, 89
+<BR> &nbsp; &nbsp; &nbsp; configuring for Windows XP, 110
+<BR> &nbsp; &nbsp; &nbsp; Windows NT, 88
+<BR>telnet, checking smbd with, 369
+<BR>template homedir option (smb.conf file), 314, 319, 441
+<BR>template shell option (smb.conf file), 314, 319, 442
+<BR>Temporary Internet Files folder, 143
+<BR>test utilities, troubleshooting with, 359-362
+<BR>testing Samba (see testparm program; troubleshooting Samba)
+<BR>testparm program, 41, 59, 125, 489
+<BR> &nbsp; &nbsp; &nbsp; testing daemons with, 370
+<BR>testprns program, 41, 489
+<BR>Thompson, Robert Bruce, 87
+<BR>time offset option (smb.conf file), 341, 442
+<BR>time server option (smb.conf file), 341, 442
+<BR>time service, 340
+<BR> &nbsp; &nbsp; &nbsp; configuring in Samba for network use, 124
+<BR>time synchronization, 339-342
+<BR>time to live (TTL), 424, 425
+<BR>timestamp logs option (smb.conf file), 214, 442
+<BR>timestamps
+<BR> &nbsp; &nbsp; &nbsp; changing in logs, 407
+<BR> &nbsp; &nbsp; &nbsp; importance of, 142
+<BR>time-synchronization options, 341-342
+<BR>total print jobs option (smb.conf file), 442
+<BR>trace command, 359
+<BR>translating between IP addresses or DNS names and NetBIOS names, 182
+<BR>tree identifier (TID), defined, 22
+<BR>Tridgell, Andrew, 2, 360
+<BR>troubleshooting Samba, 355-393
+<BR> &nbsp; &nbsp; &nbsp; browsing, 377-383
+<BR> &nbsp; &nbsp; &nbsp; fault tree, 362-391
+<BR> &nbsp; &nbsp; &nbsp; hostnames, 384
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; long and short, 386
+<BR> &nbsp; &nbsp; &nbsp; localhost issues, 388
+<BR> &nbsp; &nbsp; &nbsp; low-level IP, 362-367
+<BR> &nbsp; &nbsp; &nbsp; name services, 383-388
+<BR> &nbsp; &nbsp; &nbsp; NetBIOS names, 390
+<BR> &nbsp; &nbsp; &nbsp; network addresses, 388-390
+<BR> &nbsp; &nbsp; &nbsp; server daemons, 368-371
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; checking smbd with telnet, 369
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; looking for daemon processes with ps, 368
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; looking for daemons bound to ports, 369
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; testing daemons with testparm, 370
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tracking daemon startup, 368
+<BR> &nbsp; &nbsp; &nbsp; SMB connections, 371-377
+<BR> &nbsp; &nbsp; &nbsp; TCP, 367
+<BR> &nbsp; &nbsp; &nbsp; testing
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; browsing the server from the client, 382
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; browsing with smbclient, 377
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; client browsing with net view, 381
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; clients with nmblookup, 380
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; connections with net use, 374
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; connections with ping, 364
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; connections with smbclient, 373
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; connections with Windows Explorer, 376
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; locally with smbclient, 372
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; name services with ping, 363
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; network software with ping, 363
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; network with nmblookup, 381
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; networking hardware with ping, 364
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; servers with nmblookup, 379
+<BR> &nbsp; &nbsp; &nbsp; tools, 355
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; log files, 356-359
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ping, 363-367
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; test utilities, 359-362
+<BR> &nbsp; &nbsp; &nbsp; unusual delays, 387
+<BR>truss command, 359
+<BR>trust relationships, 33
+<BR>trusted domains, 403
+<BR>tusc command, 359
+<BR>tutorials, Samba, 45
+<P><A NAME="U"><B>U</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%U variable, 192, 283
+<BR>%u variable, 140, 144, 192, 283
+<BR>umasks, 247
+<BR>UNC (Universal Naming Convention) defined, 6
+<BR>Unicode, 456
+<BR>uniform resource locators (see URLs)
+<BR>Unix
+<BR> &nbsp; &nbsp; &nbsp; ACLs, 259
+<BR> &nbsp; &nbsp; &nbsp; CIFS extensions, 37
+<BR> &nbsp; &nbsp; &nbsp; configuring clients to access shared resources, 161-186
+<BR> &nbsp; &nbsp; &nbsp; file permissions, 245-253
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; versus ACLs, 31
+<BR> &nbsp; &nbsp; &nbsp; permission bits summary, 247
+<BR> &nbsp; &nbsp; &nbsp; viewing processes, 8
+<BR>unix extensions option (smb.conf file), 442
+<BR>unix password sync option (smb.conf file), 300, 304, 442
+<BR>unix2dos program, 139, 170
+<BR>update encrypted option (smb.conf file), 306, 443
+<BR>upgrading Samba, 50, 51
+<BR>URLs, defined, 6
+<BR>use client driver option (smb.conf file), 443
+<BR>use mmap option (smb.conf file), 443
+<BR>use rhosts option (smb.conf file), 307, 443
+<BR>use sendfile option (smb.conf file), 443
+<BR>user accounting, 498
+<BR>USER environment variable, 167
+<BR>user ID (UID), 31
+<BR>user option (smb.conf file), 443
+<BR>USER.DAT file, 141
+<BR>user-level security, 290, 294
+<BR> &nbsp; &nbsp; &nbsp; for Windows 95/98/Me, 129
+<BR> &nbsp; &nbsp; &nbsp; versus share-level security, 162
+<BR>username level option (smb.conf file), 290, 444
+<BR>username map option (smb.conf file), 289, 444
+<BR>username option (smb.conf file), 293, 443
+<BR>users
+<BR> &nbsp; &nbsp; &nbsp; account files in Windows, 29
+<BR> &nbsp; &nbsp; &nbsp; adding new, 402
+<BR> &nbsp; &nbsp; &nbsp; adding to
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows 2000, 104
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows 95/98/Me, 83
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows NT, 95
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Windows XP, 115
+<BR> &nbsp; &nbsp; &nbsp; debugging particular, 407
+<BR> &nbsp; &nbsp; &nbsp; deleting account automatically, 409
+<BR> &nbsp; &nbsp; &nbsp; group membership, overriding, 413
+<BR> &nbsp; &nbsp; &nbsp; multiple, adding in Unix, 284-285
+<BR> &nbsp; &nbsp; &nbsp; single, adding in Unix, 282-284
+<BR> &nbsp; &nbsp; &nbsp; specifying read-only access, 433
+<BR>users option (smb.conf file), 444
+<BR>/usr/local/etc/nsmb.conf file, 181
+<BR>utmp directory option (smb.conf file), 444
+<BR>utmp file, 498
+<BR>utmp option (smb.conf file), 444
+<P><A NAME="V"><B>V</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>%v variable, 192
+<BR>valid chars option (smb.conf file), 346, 444
+<BR>valid users option (smb.conf file), 282, 287, 444
+<BR>variables used at runtime in smb.conf file (see smb.conf file, variables)
+<BR>veto files option (smb.conf file), 241, 244, 445
+<BR>veto oplock files option (smb.conf file), 269, 270, 273, 445
+<BR>vetoing files, 240-242
+<BR>vfs object option (smb.conf file), 445
+<BR>vfs options option (smb.conf file), 445
+<BR>vi text editor, 139
+<BR>vim text editor, 139
+<BR>virtual servers, 208
+<BR> &nbsp; &nbsp; &nbsp; configuration options, 209
+<BR>volume option (smb.conf file), 203, 445
+<BR>VPN (virtual private network), 498
+
+<P><A NAME="W"><B>W</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>wbinfo program, 41, 489
+<BR>wide links option (smb.conf file), 242, 244, 445
+<BR>winbind, 37
+<BR> &nbsp; &nbsp; &nbsp; authentication with, 307-319
+<BR> &nbsp; &nbsp; &nbsp; configuration options, 317-319
+<BR> &nbsp; &nbsp; &nbsp; configuring in smb.conf file, 309
+<BR> &nbsp; &nbsp; &nbsp; installing, 308
+<BR> &nbsp; &nbsp; &nbsp; installing Samba to support, 499
+<BR> &nbsp; &nbsp; &nbsp; RID mapping file, 310
+<BR> &nbsp; &nbsp; &nbsp; verifying it's working properly, 310-313
+<BR>winbind cache time option (smb.conf file), 319, 445
+<BR>winbind enum groups option (smb.conf file), 446
+<BR>winbind enum users option (smb.conf file), 445
+<BR>winbind gid option (smb.conf file), 318, 446
+<BR>winbind separator option (smb.conf file), 317, 446
+<BR>winbind uid option (smb.conf file), 318, 446
+<BR>winbindd daemon, 39, 41, 454
+<BR>Windows
+<BR> &nbsp; &nbsp; &nbsp; components, 69
+<BR> &nbsp; &nbsp; &nbsp; configuring clients to access shared resources, 68-119
+<BR> &nbsp; &nbsp; &nbsp; domain with a local master and local backup browser (diagram), 33
+<BR> &nbsp; &nbsp; &nbsp; .ini files, 187
+<BR> &nbsp; &nbsp; &nbsp; networking concepts, 68-76
+<BR> &nbsp; &nbsp; &nbsp; operating systems and password format defaults, 296
+<BR> &nbsp; &nbsp; &nbsp; printers, setting up, 8
+<BR> &nbsp; &nbsp; &nbsp; registry settings and passwords, 74
+<BR> &nbsp; &nbsp; &nbsp; user account files, 29
+<BR>Windows 2000
+<BR> &nbsp; &nbsp; &nbsp; ACLs, 253-262
+<BR> &nbsp; &nbsp; &nbsp; adding users, 104
+<BR> &nbsp; &nbsp; &nbsp; bindings, 100
+<BR> &nbsp; &nbsp; &nbsp; client connecting to Samba server, 107
+<BR> &nbsp; &nbsp; &nbsp; computer names, 103
+<BR> &nbsp; &nbsp; &nbsp; configuring for roaming profiles, 148
+<BR> &nbsp; &nbsp; &nbsp; configuring TCP/IP, 100
+<BR> &nbsp; &nbsp; &nbsp; DNS configuration, 101
+<BR> &nbsp; &nbsp; &nbsp; domain logons, 133-135
+<BR> &nbsp; &nbsp; &nbsp; identify node type, ipconfig /all command, 13
+<BR> &nbsp; &nbsp; &nbsp; IP addresses, 100
+<BR> &nbsp; &nbsp; &nbsp; LMHOSTS file, 102
+<BR> &nbsp; &nbsp; &nbsp; networking components, 99
+<BR> &nbsp; &nbsp; &nbsp; registry file, 141
+<BR> &nbsp; &nbsp; &nbsp; security model (see ACLs)
+<BR> &nbsp; &nbsp; &nbsp; servers
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; operating in native mode, 34
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; PDC emulation mode, 34
+<BR> &nbsp; &nbsp; &nbsp; setting path to directory of roaming profiles, 420
+<BR> &nbsp; &nbsp; &nbsp; setting up, 98-108
+<BR> &nbsp; &nbsp; &nbsp; sharing files, 163
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; setting permissions, 165
+<BR> &nbsp; &nbsp; &nbsp; WINS server, 101
+<BR> &nbsp; &nbsp; &nbsp; workgroups, 103
+<BR>Windows 95/98/Me
+<BR> &nbsp; &nbsp; &nbsp; accessing Samba server, 84
+<BR> &nbsp; &nbsp; &nbsp; adding TCP/IP, 76
+<BR> &nbsp; &nbsp; &nbsp; authentication, 28
+<BR> &nbsp; &nbsp; &nbsp; bindings, 80
+<BR> &nbsp; &nbsp; &nbsp; configuring for roaming profiles, 147
+<BR> &nbsp; &nbsp; &nbsp; configuring TCP/IP, 78
+<BR> &nbsp; &nbsp; &nbsp; DNS configuration, 79
+<BR> &nbsp; &nbsp; &nbsp; domain logons, 128-131
+<BR> &nbsp; &nbsp; &nbsp; identify node type, 13
+<BR> &nbsp; &nbsp; &nbsp; IP addresses, 78
+<BR> &nbsp; &nbsp; &nbsp; LMHOSTS file, 80
+<BR> &nbsp; &nbsp; &nbsp; NetBIOS, 80
+<BR> &nbsp; &nbsp; &nbsp; registry file, 141
+<BR> &nbsp; &nbsp; &nbsp; security model, 253
+<BR> &nbsp; &nbsp; &nbsp; setting computer name, 81
+<BR> &nbsp; &nbsp; &nbsp; setting up, 76-87
+<BR> &nbsp; &nbsp; &nbsp; setting workgroup, 81
+<BR> &nbsp; &nbsp; &nbsp; sharing files, 162
+<BR> &nbsp; &nbsp; &nbsp; system policies, 155
+<BR> &nbsp; &nbsp; &nbsp; user-level security for, 129
+<BR> &nbsp; &nbsp; &nbsp; username and password, 83
+<BR> &nbsp; &nbsp; &nbsp; WINS configuration, 78
+<BR> &nbsp; &nbsp; &nbsp; (see also Windows)
+<BR>Windows Explorer, testing connections with, 376
+<BR>Windows Internet Name Service (see WINS)
+<BR>Windows Internet Naming Service (WINS) Architecture and Capacity Planning, 218
+<BR>Windows Messenger Service, 346-348
+<BR>Windows NT
+<BR> &nbsp; &nbsp; &nbsp; ACLs, 253-262
+<BR> &nbsp; &nbsp; &nbsp; adding a user, 95
+<BR> &nbsp; &nbsp; &nbsp; basic configuration, 87
+<BR> &nbsp; &nbsp; &nbsp; bindings, 93
+<BR> &nbsp; &nbsp; &nbsp; computer names, 93
+<BR> &nbsp; &nbsp; &nbsp; configuring for roaming profiles, 148
+<BR> &nbsp; &nbsp; &nbsp; configuring TCP/IP, 89
+<BR> &nbsp; &nbsp; &nbsp; connecting to a Samba server, 96
+<BR> &nbsp; &nbsp; &nbsp; DNS configuration, 92
+<BR> &nbsp; &nbsp; &nbsp; domains, 120-160
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; logons, 131-133
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; overview, 29-34
+<BR> &nbsp; &nbsp; &nbsp; identify node type, ipconfig /all command, 13
+<BR> &nbsp; &nbsp; &nbsp; installing Workstation service, 89
+<BR> &nbsp; &nbsp; &nbsp; IP addresses, 90
+<BR> &nbsp; &nbsp; &nbsp; LMHOSTS file, 92
+<BR> &nbsp; &nbsp; &nbsp; registry file, 141
+<BR> &nbsp; &nbsp; &nbsp; security model, 30
+<BR> &nbsp; &nbsp; &nbsp; security model (see ACLs)
+<BR> &nbsp; &nbsp; &nbsp; setting path to directory of roaming profiles, 420
+<BR> &nbsp; &nbsp; &nbsp; setting up, 87-98
+<BR> &nbsp; &nbsp; &nbsp; sharing files, 163
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; setting permissions, 165
+<BR> &nbsp; &nbsp; &nbsp; TCP/IP installing, 88
+<BR> &nbsp; &nbsp; &nbsp; WINS server, 90
+<BR> &nbsp; &nbsp; &nbsp; workgroups, 93
+<BR>Windows NT domain options, 158
+<BR>Windows Time Service, 340
+<BR>Windows Workgroups (see workgroups)
+<BR>Windows XP
+<BR> &nbsp; &nbsp; &nbsp; ACLs, 253-262
+<BR> &nbsp; &nbsp; &nbsp; adding users, 115
+<BR> &nbsp; &nbsp; &nbsp; bindings, 110
+<BR> &nbsp; &nbsp; &nbsp; computer names, 113
+<BR> &nbsp; &nbsp; &nbsp; configuring for roaming profiles, 148
+<BR> &nbsp; &nbsp; &nbsp; configuring TCP/IP, 110
+<BR> &nbsp; &nbsp; &nbsp; connecting to Samba server, 116
+<BR> &nbsp; &nbsp; &nbsp; DNS configuration, 111
+<BR> &nbsp; &nbsp; &nbsp; domain logons, 135-137
+<BR> &nbsp; &nbsp; &nbsp; Home version, problems in a domain environment, 135
+<BR> &nbsp; &nbsp; &nbsp; identify node type, ipconfig /all command, 13
+<BR> &nbsp; &nbsp; &nbsp; IP addresses, 111
+<BR> &nbsp; &nbsp; &nbsp; LMHOSTS file, 112
+<BR> &nbsp; &nbsp; &nbsp; networking components, 109
+<BR> &nbsp; &nbsp; &nbsp; registry file, 141
+<BR> &nbsp; &nbsp; &nbsp; security model (see ACLs)
+<BR> &nbsp; &nbsp; &nbsp; setting path to directory of roaming profiles, 420
+<BR> &nbsp; &nbsp; &nbsp; setting up, 109-119
+<BR> &nbsp; &nbsp; &nbsp; sharing files, 163
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; setting permissions, 165
+<BR> &nbsp; &nbsp; &nbsp; WINS server, 112
+<BR> &nbsp; &nbsp; &nbsp; workgroups, 113
+<BR>winipcfg command (Windows 95/98/Me), 13
+<BR>WinPopup tool, 346
+<BR>.win_profile directory, 144
+<BR> &nbsp; &nbsp; &nbsp; example, 145
+<BR>WINS, 32
+<BR> &nbsp; &nbsp; &nbsp; client and a server interaction, 218
+<BR> &nbsp; &nbsp; &nbsp; configuration, Windows 95/98/Me, 78
+<BR> &nbsp; &nbsp; &nbsp; proxy, configuring, 221
+<BR> &nbsp; &nbsp; &nbsp; replication, 38
+<BR> &nbsp; &nbsp; &nbsp; support, smb.conf file, 71
+<BR>wins hook option (smb.conf file), 223, 446
+<BR>wins proxy option (smb.conf file), 221, 222, 446
+<BR>wins server option (smb.conf file), 220, 222, 446
+<BR>WINS servers
+<BR> &nbsp; &nbsp; &nbsp; configuring a DNS proxy, 220
+<BR> &nbsp; &nbsp; &nbsp; configuring Samba to use another, 220
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; configuration file example, 396
+<BR> &nbsp; &nbsp; &nbsp; enabling Samba as, configuration file example, 395
+<BR> &nbsp; &nbsp; &nbsp; multiple, 32
+<BR> &nbsp; &nbsp; &nbsp; primary (see primary WINS server)
+<BR> &nbsp; &nbsp; &nbsp; setting Samba as, 220
+<BR> &nbsp; &nbsp; &nbsp; synchronization problems in Samba, 71
+<BR> &nbsp; &nbsp; &nbsp; Windows 2000, 101
+<BR> &nbsp; &nbsp; &nbsp; Windows NT, 90
+<BR> &nbsp; &nbsp; &nbsp; Windows XP, 112
+<BR>wins support option (smb.conf file), 222, 447
+<BR>wins support parameter (smb.conf file), 220
+<BR>with feature option, configuring Samba, 47
+<BR>--with-acl-support (configure script option), 495
+<BR>--with-afs (configure script option), 495
+<BR>--with-automount (configure script option), 495
+<BR>--with-codepagedir (configure script option), 495
+<BR>--with-configdir (configure script option), 495
+<BR>--with-dce-dfs (configure script option), 495
+<BR>--with-fhs (configure script option), 495
+<BR>--with-included-popt (configure script option), 495
+<BR>--with-krb4 (configure script option), 495
+<BR>--with-krb5 (configure script option), 495
+<BR>--with-ldapsam (configure script option), 496
+<BR>--with-libiconv (configure script option), 496
+<BR>--with-libsmbclient (configure script option), 496
+<BR>--with-lockdir (configure script option), 496
+<BR>--with-logfilebase (configure script option), 496
+<BR>--with-manpages-langs (configure script option), 496
+<BR>--with-msdfs (configure script option), 47, 496
+<BR>--with-nisplus-home (configure script option), 496
+<BR>--with-nisplussam (configure script option), 496
+<BR>without feature option, configuring Samba, 47
+<BR>--with-pam (configure script option), 497
+<BR>--with-pam_smbpass (configure script option), 497
+<BR>--with-piddir (configure script option), 497
+<BR>--with-privatedir (configure script option), 497
+<BR>--with-profiling-data (configure script option), 497
+<BR>--with-quotas (configure script option), 497
+<BR>--with-readline (configure script option), 497
+<BR>--with-sendfile-support (configure script option), 497
+<BR>--with-smbmount (configure script option), 47, 498
+<BR>--with-smbwrapper (configure script option), 47, 498
+<BR>--with-spinlocks (configure script option), 498
+<BR>--with-ssl (configure script option), 498
+<BR>--with-sslinc (configure script option), 498
+<BR>--with-ssllib (configure script option), 498
+<BR>--with-swatdir (configure script option), 498
+<BR>--with-syslog (configure script option), 498
+<BR>--with-tdbsam (configure script option), 498
+<BR>--with-utmp (configure script option), 498
+<BR>--with-winbind (configure script option), 499
+<BR>workgroup option (smb.conf file), 447
+<BR>workgroup parameter (smb.conf file), 200
+<BR>workgroups, 26-29
+<BR> &nbsp; &nbsp; &nbsp; adding first Samba server to, 396
+<BR> &nbsp; &nbsp; &nbsp; defined, 15
+<BR> &nbsp; &nbsp; &nbsp; problems related to, 29
+<BR> &nbsp; &nbsp; &nbsp; spanning multiple subnets, 34
+<BR> &nbsp; &nbsp; &nbsp; Windows 2000, 103
+<BR> &nbsp; &nbsp; &nbsp; Windows 95/98/Me, 81
+<BR> &nbsp; &nbsp; &nbsp; Windows NT, 93
+<BR> &nbsp; &nbsp; &nbsp; Windows XP, 113
+<BR>Workstation service, installing on Windows NT, 89
+<BR>writable option (smb.conf file), 203, 447
+<BR>write cache size option (smb.conf file), 447
+<BR>write list option (smb.conf file), 286, 288, 447
+<BR>write ok option (smb.conf file), 203, 447
+<BR>write raw option (smb.conf file), 448
+<BR>writeable option (smb.conf file), 203, 447
+<P><A NAME="X"><B>X</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>XFS filesystem, 37
+<BR>xinetd daemon, 53
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+
+</body></html>
diff --git a/docs/htmldocs/using_samba/samba2_s.gif b/docs/htmldocs/using_samba/samba2_s.gif
new file mode 100644
index 00000000000..23d7e5ee647
--- /dev/null
+++ b/docs/htmldocs/using_samba/samba2_s.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/samba2_xs.gif b/docs/htmldocs/using_samba/samba2_xs.gif
new file mode 100644
index 00000000000..e489480df6b
--- /dev/null
+++ b/docs/htmldocs/using_samba/samba2_xs.gif
Binary files differ
diff --git a/docs/htmldocs/using_samba/toc.html b/docs/htmldocs/using_samba/toc.html
new file mode 100644
index 00000000000..54d5c3f55f2
--- /dev/null
+++ b/docs/htmldocs/using_samba/toc.html
@@ -0,0 +1,138 @@
+<html>
+<body bgcolor="#ffffff">
+
+<table border="0" cellpadding="4" cellspacing="4">
+<tr>
+<td>
+<img src="samba2_s.gif" border="0" height="190" width="145" alt="Using Samba,
+2nd Edition" />
+</td>
+<td>
+<h2>Using Samba, 2nd Edition</h2>
+By Jay Ts, Robert Eckstein, and David Collier-Brown<br />
+2nd Edition, February 2003 <br />
+O'Reilly &amp; Associates, ISBN: 0-596-00256-4<br />
+<a href="http://www.oreilly.com/catalog/samba2/"><b>www.oreilly.com/catalog/samba2/</b></a>
+</td>
+</tr>
+</table>
+
+<blockquote>
+<h2>Table of Contents</h2>
+
+<P><B><a href="ch00.html">Preface</a></B>
+
+<P><B><a href="ch01.html">1. Learning the Samba</a></B>
+<BR> &nbsp; &nbsp; &nbsp;What Is Samba?
+<BR> &nbsp; &nbsp; &nbsp;What Can Samba Do for Me?
+<BR> &nbsp; &nbsp; &nbsp;Getting Familiar with an SMB Network
+<BR> &nbsp; &nbsp; &nbsp;An Introduction to the SMB Protocol
+<BR> &nbsp; &nbsp; &nbsp;Windows Workgroups and Domains
+<BR> &nbsp; &nbsp; &nbsp;What's New in Samba 2.2?
+<BR> &nbsp; &nbsp; &nbsp;What's New in Samba 3.0?
+<BR> &nbsp; &nbsp; &nbsp;What Can Samba Do?
+<BR> &nbsp; &nbsp; &nbsp;An Overview of the Samba Distribution
+<BR> &nbsp; &nbsp; &nbsp;How Can I Get Samba?
+
+<P><B><a href="ch02.html">2. Installing Samba on a Unix System</a></B>
+<BR> &nbsp; &nbsp; &nbsp;Bundled Versions
+<BR> &nbsp; &nbsp; &nbsp;Downloading the Samba Distribution
+<BR> &nbsp; &nbsp; &nbsp;Configuring Samba
+<BR> &nbsp; &nbsp; &nbsp;Compiling and Installing Samba
+<BR> &nbsp; &nbsp; &nbsp;Enabling SWAT
+<BR> &nbsp; &nbsp; &nbsp;A Basic Samba Configuration File
+<BR> &nbsp; &nbsp; &nbsp;Firewall Configuration
+<BR> &nbsp; &nbsp; &nbsp;Starting the Samba Daemons
+<BR> &nbsp; &nbsp; &nbsp;Testing the Samba Daemons
+
+<P><B><a href="ch03.html">3. Configuring Windows Clients</a></B>
+<BR> &nbsp; &nbsp; &nbsp;Windows Networking Concepts
+<BR> &nbsp; &nbsp; &nbsp;Setting Up Windows 95/98/Me Computers
+<BR> &nbsp; &nbsp; &nbsp;Setting Up Windows NT 4.0 Computers
+<BR> &nbsp; &nbsp; &nbsp;Setting Up Windows 2000 Computers
+<BR> &nbsp; &nbsp; &nbsp;Setting Up Windows XP Computers
+
+<P><B><a href="ch04.html">4. Windows NT Domains</a></B>
+<BR> &nbsp; &nbsp; &nbsp;Samba as the Primary Domain Controller
+<BR> &nbsp; &nbsp; &nbsp;Adding Computer Accounts
+<BR> &nbsp; &nbsp; &nbsp;Configuring Windows Clients for Domain Logons
+<BR> &nbsp; &nbsp; &nbsp;Logon Scripts
+<BR> &nbsp; &nbsp; &nbsp;Roaming Profiles
+<BR> &nbsp; &nbsp; &nbsp;System Policies
+<BR> &nbsp; &nbsp; &nbsp;Samba as a Domain Member Server
+<BR> &nbsp; &nbsp; &nbsp;Windows NT Domain Options
+
+<P><B><a href="ch05.html">5. Unix Clients</a></B>
+<BR> &nbsp; &nbsp; &nbsp;Sharing Files on Windows 95/98/Me
+<BR> &nbsp; &nbsp; &nbsp;Sharing Files on Windows NT/2000/XP
+<BR> &nbsp; &nbsp; &nbsp;smbclient
+<BR> &nbsp; &nbsp; &nbsp;smbfs
+<BR> &nbsp; &nbsp; &nbsp;smbsh
+<BR> &nbsp; &nbsp; &nbsp;smbutil and mount_smbfs
+
+<P><B><a href="ch06.html">6. The Samba Configuration File</a></B>
+<BR> &nbsp; &nbsp; &nbsp;The Samba Configuration File
+<BR> &nbsp; &nbsp; &nbsp;Special Sections
+<BR> &nbsp; &nbsp; &nbsp;Configuration Options
+<BR> &nbsp; &nbsp; &nbsp;Server Configuration
+<BR> &nbsp; &nbsp; &nbsp;Disk Share Configuration
+<BR> &nbsp; &nbsp; &nbsp;Networking Options with Samba
+<BR> &nbsp; &nbsp; &nbsp;Virtual Servers
+<BR> &nbsp; &nbsp; &nbsp;Logging Configuration Options
+
+<P><B><a href="ch07.html">7. Name Resolution and Browsing</a></B>
+<BR> &nbsp; &nbsp; &nbsp;Name Resolution
+<BR> &nbsp; &nbsp; &nbsp;Browsing
+
+<P><B><a href="ch08.html">8. Advanced Disk Shares</a></B>
+<BR> &nbsp; &nbsp; &nbsp;Filesystem Differences
+<BR> &nbsp; &nbsp; &nbsp;File Permissions and Attributes on MS-DOS and Unix
+<BR> &nbsp; &nbsp; &nbsp;Windows NT/2000/XP ACLs
+<BR> &nbsp; &nbsp; &nbsp;Name Mangling and Case
+<BR> &nbsp; &nbsp; &nbsp;Locks and Oplocks
+<BR> &nbsp; &nbsp; &nbsp;Connection Scripts
+<BR> &nbsp; &nbsp; &nbsp;Microsoft Distributed Filesystems
+<BR> &nbsp; &nbsp; &nbsp;Working with NIS
+
+<P><B><a href="ch09.html">9. Users and Security</a></B>
+<BR> &nbsp; &nbsp; &nbsp;Users and Groups
+<BR> &nbsp; &nbsp; &nbsp;Controlling Access to Shares
+<BR> &nbsp; &nbsp; &nbsp;Authentication of Clients
+<BR> &nbsp; &nbsp; &nbsp;Passwords
+<BR> &nbsp; &nbsp; &nbsp;Authentication with winbind
+
+<P><B><a href="ch10.html">10. Printing</a></B>
+<BR> &nbsp; &nbsp; &nbsp;Sending Print Jobs to Samba
+<BR> &nbsp; &nbsp; &nbsp;Printing to Windows Printers
+
+<P><B><a href="ch11.html">11. Additional Samba Information</a></B>
+<BR> &nbsp; &nbsp; &nbsp;Time Synchronization
+<BR> &nbsp; &nbsp; &nbsp;Magic Scripts
+<BR> &nbsp; &nbsp; &nbsp;Internationalization
+<BR> &nbsp; &nbsp; &nbsp;Windows Messenger Service
+<BR> &nbsp; &nbsp; &nbsp;Miscellaneous Options
+
+<P><B><a href="ch12.html">12. Troubleshooting Samba</a></B>
+<BR> &nbsp; &nbsp; &nbsp;The Tool Box
+<BR> &nbsp; &nbsp; &nbsp;The Fault Tree
+<BR> &nbsp; &nbsp; &nbsp;Extra Resources
+
+<P><B><a href="appa.html">Appendix A. Example Configuration Files</a></B>
+
+<P><B><a href="appb.html">Appendix B. Samba Configuration Option Quick Reference</a></B>
+
+<P><B><a href="appc.html">Appendix C. Summary of Samba Daemons and Commands</a></B>
+
+<P><B><a href="appd.html">Appendix D. Downloading Samba with CVS</a></B>
+
+<P><B><a href="appe.html">Appendix E. Configure Options</a></B>
+
+<P><B><a href="appf.html">Appendix F. Running Samba on Mac OS X Server</a></B>
+
+<P><B><a href="appg.html">Appendix G. GNU Free Documentation License</a></B>
+
+<P><B><a href="inx.html">Index</a></B>
+</blockquote>
+
+</body>
+</html>
diff --git a/examples/printing/smbprint.old b/examples/printing/smbprint.old
deleted file mode 100755
index 5a00a2a8aa8..00000000000
--- a/examples/printing/smbprint.old
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/bin/sh
-
-# This script is an input filter for printcap printing on a unix machine. It
-# uses the smbclient program to print the file to the specified smb-based
-# server and service.
-# For example you could have a printcap entry like this
-#
-# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint
-#
-# which would create a unix printer called "smb" that will print via this
-# script. You will need to create the spool directory /usr/spool/smb with
-# appropriate permissions and ownerships for your system.
-
-# Set these to the server and service you wish to print to
-# In this example I have a WfWg PC called "lapland" that has a printer
-# exported called "printer" with no password.
-
-#
-# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton)
-# so that the server, service, and password can be read from
-# a /usr/var/spool/lpd/PRINTNAME/.config file.
-#
-# Script further modified by Richard Sharpe to fix some things.
-# Get rid of the -x on the first line, and add parameters
-#
-# -t now causes translate to be used when sending files
-#
-# In order for this to work the /etc/printcap entry must include an
-# accounting file (af=...):
-#
-# cdcolour:\
-# :cm=CD IBM Colorjet on 6th:\
-# :sd=/var/spool/lpd/cdcolour:\
-# :af=/var/spool/lpd/cdcolour/acct:\
-# :if=/usr/local/etc/smbprint:\
-# :mx=0:\
-# :lp=/dev/null:
-#
-# The /usr/var/spool/lpd/PRINTNAME/.config file should contain:
-# server=PC_SERVER
-# service=PR_SHARENAME
-# password="password"
-#
-# E.g.
-# server=PAULS_PC
-# service=CJET_371
-# password=""
-
-#
-# Debugging log file, change to /dev/null if you like.
-#
-logfile=/tmp/smb-print.log
-# logfile=/dev/null
-
-
-#
-# The last parameter to the filter is the accounting file name.
-# Extract the directory name from the file name.
-# Concat this with /.config to get the config file.
-#
-TRANS=0
-eval acct_file=\${$#}
-spool_dir=`dirname $acct_file`
-config_file=$spool_dir/.config
-
-# Should read the following variables set in the config file:
-# server
-# service
-# password
-eval `cat $config_file`
-
-while getopts t c; do
- case $c in
- t)
- TRANS=1
- ;;
-
- '?') # Bad parameters, ignore it ...
- ;;
- esac
-done
-#
-# Some debugging help, change the >> to > if you want to same space.
-#
-echo "server $server, service $service" >> $logfile
-
-(
-# NOTE You may wish to add the line `echo translate' if you want automatic
-# CR/LF translation when printing.
- if [ $TRANS -eq 1 ]; then
- echo translate
- fi
- echo "print -"
- cat
-) | /usr/local/samba/bin/smbclient "\\\\$server\\$service" $password -U $server -N -P >> $logfile
diff --git a/make-tarball.sh b/make-tarball.sh
deleted file mode 100644
index 1eb05db70dc..00000000000
--- a/make-tarball.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/sh
-
-## A simple script to build a tarball of the current CVS tree.
-## You either need to include the using_samba cvs module in the
-## parent directory or tell the script where to find it
-##
-## Usgae: ./make-tarball.sh
-
-USING_SAMBA=../using_samba/
-SRCDIR=`pwd`
-
-if [ ! -d $USING_SAMBA ]; then
-
- echo Cannot find "Using Samba" directory \(assuming $USING_SAMBA\).
- echo Please set the USING_SAMBA variable in this script to the correct
- echo location. The html files are available in the using_samba CVS
- echo module on cvs.samba.org. See http://cvs/samba.org/ for details
- echo about anonymous CVS access. Exiting now....
-
- exit 1
-
-fi
-
-VERSION=`grep SAMBA_VERSION_OFFICIAL_STRING source/include/version.h | cut -d\" -f2 | sed 's/ /_/g'`
-TARBALLDIR=/tmp/samba-$VERSION
-
-echo Creating the tarball source directory in $TARBALLDIR
-
-/bin/rm -rf $TARBALLDIR
-/bin/rm -f samba-$VERSION.tar
-
-mkdir $TARBALLDIR
-rsync -aC ./ $TARBALLDIR
-rsync -aC $USING_SAMBA $TARBALLDIR/docs/htmldocs/
-
-echo Creating packaging scripts...
-( cd $TARBALLDIR/packaging; sh bin/update-pkginfo $VERSION 1 )
-
-echo Creating source/configure...
-( cd $TARBALLDIR/source; ./autogen.sh )
-
-echo Making tarball samba-$VERSION.tar in current directory...
-( cd `dirname $TARBALLDIR`; tar cf $SRCDIR/samba-$VERSION.tar samba-$VERSION )
diff --git a/packaging/RedHat/samba.spec.tmpl b/packaging/RedHat/samba.spec.tmpl
index ee0b43c0170..063af05dd38 100644
--- a/packaging/RedHat/samba.spec.tmpl
+++ b/packaging/RedHat/samba.spec.tmpl
@@ -68,18 +68,10 @@ autoheader
autoconf
EXTRA="-D_LARGEFILE64_SOURCE"
%endif
-
-## Get number of cpu's, default for 1 cpu on error
NUMCPU=`grep processor /proc/cpuinfo | wc -l`
-if [ $NUMCPU -eq 0 ]; then
- NUMCPU=1;
-fi
-
-## run autogen if missing the configure script
if [ ! -f "configure" ]; then
./autogen.sh
fi
-
CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \
--prefix=%{prefix} \
--localstatedir=/var \
@@ -96,8 +88,9 @@ CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \
--with-swatdir=%{prefix}/share/swat \
--with-libsmbclient
make -j${NUMCPU} proto
-make -j${NUMCPU} all nsswitch/libnss_wins.so
+make -j${NUMCPU} all nsswitch/libnss_wins.so modules
make -j${NUMCPU} debug2html
+make -j${NUMCPU} bin/smbspool
# Remove some permission bits to avoid to many dependencies
find examples docs -type f | xargs -r chmod -x
@@ -161,11 +154,11 @@ cd ..
# Install the nsswitch wins library
install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib
-( cd $RPM_BUILD_ROOT/lib; ln -sf libnss_wins.so libnss_wins.so.2 )
+( cd $RPM_BUILD_ROOT/lib; ln -sf libnss_wins.so libnss_wins.so.2; )
# Install winbind shared libraries
install -m755 source/nsswitch/libnss_winbind.so $RPM_BUILD_ROOT/lib
-( cd $RPM_BUILD_ROOT/lib; ln -sf libnss_winbind.so libnss_winbind.so.2 )
+( cd $RPM_BUILD_ROOT/lib; ln -sf libnss_winbind.so libnss_winbind.so.2; )
install -m755 source/nsswitch/pam_winbind.so $RPM_BUILD_ROOT/lib/security
# Install pam_smbpass.so
@@ -434,6 +427,7 @@ fi
%{prefix}/share/swat/lang/*/images/*
%{prefix}/share/swat/lang/*/include/*.html
%{prefix}/share/swat/using_samba/*
+%attr(755,root,root) %{prefix}/lib/samba/*.msg
%config(noreplace) /etc/samba/lmhosts
%config(noreplace) /etc/samba/smb.conf
%config(noreplace) /etc/samba/smbusers
@@ -451,6 +445,6 @@ MANDIR_MACRO/man8/*
%dir /var/log/samba
%dir /var/run/samba
%attr(1777,root,root) %dir /var/spool/samba
-%attr(-,root,root) /lib/libnss_winbind.so*
+%attr(-,root,root) /lib/libnss_winbind.so
%attr(-,root,root) /lib/security/pam_winbind.so
%attr(-,root,root) /lib/security/pam_smbpass.so
diff --git a/source/Makefile.in b/source/Makefile.in
index 4769604243b..0ea2c4411f8 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -18,7 +18,6 @@ CFLAGS=@CFLAGS@
CPPFLAGS=@CPPFLAGS@
EXEEXT=@EXEEXT@
LDFLAGS=@LDFLAGS@
-AR=@AR@
LDSHFLAGS=@LDSHFLAGS@ @LDFLAGS@
WINBIND_NSS_LDSHFLAGS=@WINBIND_NSS_LDSHFLAGS@ @LDFLAGS@
AWK=@AWK@
@@ -46,7 +45,6 @@ VPATH=@srcdir@
srcdir=@abs_srcdir@
builddir=@abs_builddir@
SHELL=/bin/sh
-DESTDIR=/
# XXX: Perhaps this should be @SHELL@ instead -- apparently autoconf
# will search for a POSIX-compliant shell, and that might not be
@@ -183,8 +181,7 @@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \
nsswitch/wb_client.o nsswitch/wb_common.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
- lib/module.o lib/ldap_escape.o @CHARSET_STATIC@ \
- lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o
+ lib/module.o lib/ldap_escape.o @CHARSET_STATIC@
LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o
@@ -221,7 +218,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \
libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \
libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \
- libsmb/clistr.o lib/util_seaccess.o \
+ libsmb/clistr.o \
libsmb/cliquota.o libsmb/clifsinfo.o \
libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \
@@ -348,7 +345,7 @@ SMBD_OBJ_SRV = smbd/files.o smbd/chgpasswd.o smbd/connection.o \
smbd/vfs.o smbd/vfs-wrap.o smbd/statcache.o \
smbd/posix_acls.o lib/sysacls.o lib/server_mutex.o \
smbd/process.o smbd/service.o smbd/error.o \
- printing/printfsp.o \
+ printing/printfsp.o lib/util_seaccess.o \
lib/sysquotas.o smbd/change_trust_pw.o smbd/fake_file.o \
smbd/quotas.o smbd/ntquotas.o lib/afs.o \
$(MANGLE_OBJ) @VFS_STATIC@
@@ -1183,8 +1180,8 @@ installservers: all installdirs
@$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(SBINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(SBIN_PROGS)
installbin: all installdirs
- @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(DESTDIR) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(SBINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(SBIN_PROGS)
- @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(DESTDIR) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(BINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(BIN_PROGS)
+ @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(SBINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(SBIN_PROGS)
+ @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(BINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(BIN_PROGS)
installmodules: modules installdirs
diff --git a/source/VERSION b/source/VERSION
index d7f386ab42b..da17d316eae 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -18,7 +18,7 @@
# -> "3.0.0" #
########################################################
SAMBA_VERSION_MAJOR=3
-SAMBA_VERSION_MINOR=1
+SAMBA_VERSION_MINOR=0
SAMBA_VERSION_RELEASE=0
########################################################
@@ -71,7 +71,7 @@ SAMBA_VERSION_BETA_RELEASE=
# e.g. SAMBA_VERSION_ALPHA_RELEASE=1 #
# -> "4.0.0alpha1" #
########################################################
-SAMBA_VERSION_ALPHA_RELEASE=1
+SAMBA_VERSION_ALPHA_RELEASE=
########################################################
# For 'test' releases the version will be #
@@ -93,7 +93,7 @@ SAMBA_VERSION_TEST_RELEASE=
# e.g. SAMBA_VERSION_IS_CVS_SNAPSHOT=yes #
# -> "CVS 3.0.0rc2" #
########################################################
-SAMBA_VERSION_IS_CVS_SNAPSHOT=yes
+SAMBA_VERSION_IS_CVS_SNAPSHOT=
########################################################
# This can be set by vendors if they want... #
diff --git a/source/aclocal.m4 b/source/aclocal.m4
index e1ea9385fda..52396e56d6c 100644
--- a/source/aclocal.m4
+++ b/source/aclocal.m4
@@ -179,7 +179,7 @@ AS_IF([test AS_VAR_GET(ac_Lib_ext) = yes],
*-l$1*)
;;
*)
- $2="-l$1 $$2"
+ $2="$$2 -l$1"
;;
esac])
[$6]
diff --git a/source/auth/auth_sam.c b/source/auth/auth_sam.c
index ce97bd7df26..fb66d53cd4f 100644
--- a/source/auth/auth_sam.c
+++ b/source/auth/auth_sam.c
@@ -27,9 +27,8 @@
#define DBGC_CLASS DBGC_AUTH
/****************************************************************************
- Core of smb password checking routine.
+core of smb password checking routine.
****************************************************************************/
-
static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
const uchar *part_passwd,
const DATA_BLOB *sec_blob,
@@ -55,7 +54,8 @@ static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
}
SMBOWFencrypt(part_passwd, sec_blob->data, p24);
- if (user_sess_key != NULL) {
+ if (user_sess_key != NULL)
+ {
SMBsesskeygen_ntv1(part_passwd, NULL, user_sess_key);
}
@@ -74,11 +74,12 @@ static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
return (memcmp(p24, nt_response->data, 24) == 0);
}
+
/****************************************************************************
- Core of smb password checking routine. (NTLMv2, LMv2)
- Note: The same code works with both NTLMv2 and LMv2.
-****************************************************************************/
+core of smb password checking routine. (NTLMv2, LMv2)
+Note: The same code works with both NTLMv2 and LMv2.
+****************************************************************************/
static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
const uchar *part_passwd,
const DATA_BLOB *sec_blob,
@@ -91,7 +92,8 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
uchar client_response[16];
DATA_BLOB client_key_data;
- if (part_passwd == NULL) {
+ if (part_passwd == NULL)
+ {
DEBUG(10,("No password set - DISALLOWING access\n"));
/* No password set - always False */
return False;
@@ -119,7 +121,8 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
}
SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption);
- if (user_sess_key != NULL) {
+ if (user_sess_key != NULL)
+ {
SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key);
}
@@ -139,11 +142,11 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
return (memcmp(value_from_encryption, client_response, 16) == 0);
}
+
/****************************************************************************
Do a specific test for an smb password being correct, given a smb_password and
the lanman and NT responses.
****************************************************************************/
-
static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
TALLOC_CTX *mem_ctx,
SAM_ACCOUNT *sampass,
@@ -155,11 +158,15 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
uint32 auth_flags;
acct_ctrl = pdb_get_acct_ctrl(sampass);
- if (acct_ctrl & ACB_PWNOTREQ) {
- if (lp_null_passwords()) {
+ if (acct_ctrl & ACB_PWNOTREQ)
+ {
+ if (lp_null_passwords())
+ {
DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", pdb_get_username(sampass)));
return(NT_STATUS_OK);
- } else {
+ }
+ else
+ {
DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", pdb_get_username(sampass)));
return(NT_STATUS_LOGON_FAILURE);
}
@@ -184,7 +191,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
user_info->client_domain.str,
- user_sess_key)) {
+ user_sess_key))
+ {
return NT_STATUS_OK;
}
@@ -193,7 +201,9 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
"",
- user_sess_key)) {
+ user_sess_key))
+
+ {
return NT_STATUS_OK;
} else {
DEBUG(3,("sam_password_ok: NTLMv2 password check failed\n"));
@@ -208,7 +218,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
DEBUG(4,("sam_password_ok: Checking NT MD4 password\n"));
if (smb_pwd_check_ntlmv1(&user_info->nt_resp,
nt_pw, &auth_context->challenge,
- user_sess_key)) {
+ user_sess_key))
+ {
return NT_STATUS_OK;
} else {
DEBUG(3,("sam_password_ok: NT MD4 password check failed for user %s\n",pdb_get_username(sampass)));
@@ -236,7 +247,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
DEBUG(4,("sam_password_ok: Checking LM password\n"));
if (smb_pwd_check_ntlmv1(&user_info->lm_resp,
lm_pw, &auth_context->challenge,
- user_sess_key)) {
+ user_sess_key))
+ {
return NT_STATUS_OK;
}
}
@@ -256,7 +268,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
user_info->client_domain.str,
- user_sess_key)) {
+ user_sess_key))
+ {
return NT_STATUS_OK;
}
@@ -265,7 +278,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
"",
- user_sess_key)) {
+ user_sess_key))
+ {
return NT_STATUS_OK;
}
@@ -273,10 +287,12 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
- I think this is related to Win9X pass-though authentication
*/
DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM field\n"));
- if (lp_ntlm_auth()) {
+ if (lp_ntlm_auth())
+ {
if (smb_pwd_check_ntlmv1(&user_info->lm_resp,
nt_pw, &auth_context->challenge,
- user_sess_key)) {
+ user_sess_key))
+ {
return NT_STATUS_OK;
}
DEBUG(3,("sam_password_ok: LM password, NT MD4 password in LM field and LMv2 failed for user %s\n",pdb_get_username(sampass)));
@@ -297,7 +313,6 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
Do a specific test for a SAM_ACCOUNT being vaild for this connection
(ie not disabled, expired and the like).
****************************************************************************/
-
static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
SAM_ACCOUNT *sampass,
const auth_usersupplied_info *user_info)
@@ -310,22 +325,16 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
/* Quit if the account was disabled. */
if (acct_ctrl & ACB_DISABLED) {
- DEBUG(1,("sam_account_ok: Account for user '%s' was disabled.\n", pdb_get_username(sampass)));
+ DEBUG(1,("Account for user '%s' was disabled.\n", pdb_get_username(sampass)));
return NT_STATUS_ACCOUNT_DISABLED;
}
- /* Quit if the account was locked out. */
- if (acct_ctrl & ACB_AUTOLOCK) {
- DEBUG(1,("sam_account_ok: Account for user %s was locked out.\n", pdb_get_username(sampass)));
- return NT_STATUS_ACCOUNT_LOCKED_OUT;
- }
-
/* Test account expire time */
kickoff_time = pdb_get_kickoff_time(sampass);
if (kickoff_time != 0 && time(NULL) > kickoff_time) {
- DEBUG(1,("sam_account_ok: Account for user '%s' has expired.\n", pdb_get_username(sampass)));
- DEBUG(3,("sam_account_ok: Account expired at '%ld' unix time.\n", (long)kickoff_time));
+ DEBUG(1,("Account for user '%s' has expired.\n", pdb_get_username(sampass)));
+ DEBUG(3,("Account expired at '%ld' unix time.\n", (long)kickoff_time));
return NT_STATUS_ACCOUNT_EXPIRED;
}
@@ -335,14 +344,14 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
/* check for immediate expiry "must change at next logon" */
if (must_change_time == 0 && last_set_time != 0) {
- DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", pdb_get_username(sampass)));
+ DEBUG(1,("Account for user '%s' password must change!.\n", pdb_get_username(sampass)));
return NT_STATUS_PASSWORD_MUST_CHANGE;
}
/* check for expired password */
if (must_change_time < time(NULL) && must_change_time != 0) {
- DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n", pdb_get_username(sampass)));
- DEBUG(1,("sam_account_ok: Password expired at '%s' (%ld) unix time.\n", http_timestring(must_change_time), (long)must_change_time));
+ DEBUG(1,("Account for user '%s' password expired!.\n", pdb_get_username(sampass)));
+ DEBUG(1,("Password expired at '%s' (%ld) unix time.\n", http_timestring(must_change_time), (long)must_change_time));
return NT_STATUS_PASSWORD_EXPIRED;
}
}
@@ -350,8 +359,8 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
/* Test workstation. Workstation list is comma separated. */
workstation_list = talloc_strdup(mem_ctx, pdb_get_workstations(sampass));
- if (!workstation_list)
- return NT_STATUS_NO_MEMORY;
+
+ if (!workstation_list) return NT_STATUS_NO_MEMORY;
if (*workstation_list) {
BOOL invalid_ws = True;
@@ -360,7 +369,7 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
fstring tok;
while (next_token(&s, tok, ",", sizeof(tok))) {
- DEBUG(10,("sam_account_ok: checking for workstation match %s and %s (len=%d)\n",
+ DEBUG(10,("checking for workstation match %s and %s (len=%d)\n",
tok, user_info->wksta_name.str, user_info->wksta_name.len));
if(strequal(tok, user_info->wksta_name.str)) {
invalid_ws = False;
@@ -390,6 +399,7 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+
/****************************************************************************
check if a username/password is OK assuming the password is a 24 byte
SMB hash supplied in the user_info structure
@@ -424,8 +434,9 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
ret = pdb_getsampwnam(sampass, user_info->internal_username.str);
unbecome_root();
- if (ret == False) {
- DEBUG(3,("check_sam_security: Couldn't find user '%s' in passdb file.\n", user_info->internal_username.str));
+ if (ret == False)
+ {
+ DEBUG(3,("Couldn't find user '%s' in passdb file.\n", user_info->internal_username.str));
pdb_free_sam(&sampass);
return NT_STATUS_NO_SUCH_USER;
}
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 38037414661..952aa8ba590 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -644,9 +644,6 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups,
*
* currently this is a hack, as there is no sam implementation that is capable
* of groups.
- *
- * NOTE!! This function will fail if you pass in a winbind user without
- * the domain --jerry
******************************************************************************/
static NTSTATUS get_user_groups(const char *username, uid_t uid, gid_t gid,
@@ -929,10 +926,8 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
with just 'username'. This is need for accessing the server
as a trust user that actually maps to a local account */
- if ( !passwd ) {
- fstrcpy( dom_user, username );
- passwd = Get_Pwnam( dom_user );
- }
+ if ( !passwd )
+ passwd = Get_Pwnam(username);
if (passwd == NULL)
return NT_STATUS_NO_SUCH_USER;
@@ -940,13 +935,7 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
*uid = passwd->pw_uid;
*gid = passwd->pw_gid;
- /* This is pointless -- there is no suport for differeing
- unix and windows names. Make sure to always store the
- one we actuall looked up and succeeded. Have I mentioned
- why I hate the 'winbind use default domain' parameter?
- --jerry */
-
- *found_username = talloc_strdup(mem_ctx, dom_user);
+ *found_username = talloc_strdup(mem_ctx, passwd->pw_name);
return pdb_init_sam_pw(sam_account, passwd);
}
diff --git a/source/auth/auth_winbind.c b/source/auth/auth_winbind.c
index d09987ba37a..cae7aadd0c7 100644
--- a/source/auth/auth_winbind.c
+++ b/source/auth/auth_winbind.c
@@ -126,15 +126,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
if (result == NSS_STATUS_SUCCESS && response.extra_data) {
if (NT_STATUS_IS_OK(nt_status)) {
-
- if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3)))
- {
- nt_status = make_server_info_info3(mem_ctx,
- user_info->internal_username.str,
- user_info->smb_name.str, user_info->domain.str,
- server_info, &info3);
+ if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) {
+ nt_status =
+ make_server_info_info3(mem_ctx,
+ user_info->internal_username.str,
+ user_info->smb_name.str,
+ user_info->domain.str,
+ server_info,
+ &info3);
}
-
}
} else if (NT_STATUS_IS_OK(nt_status)) {
nt_status = NT_STATUS_NO_LOGON_SERVERS;
diff --git a/source/configure.in b/source/configure.in
index 0422dd39e35..b981313c9ad 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -166,7 +166,6 @@ AC_SUBST(EXTRA_ALL_TARGETS)
AC_ARG_ENABLE(debug,
[ --enable-debug Turn on compiler debugging information (default=no)],
[if eval "test x$enable_debug = xyes"; then
- echo "DEBUGGING TURNED ON!!!!"
CFLAGS="${CFLAGS} -g"
fi])
@@ -193,21 +192,11 @@ then
fi
dnl Checks for programs.
-
-##
-## for some reason this macro resets the CFLAGS
-## so save and restore
-##
-OLD_CFLAGS=${CFLAGS}
AC_PROG_CC
-CFLAGS=${OLD_CFLAGS}
-
AC_PROG_INSTALL
AC_PROG_AWK
AC_PATH_PROG(PERL, perl)
-AC_CHECK_TOOL(AR, ar)
-
# compile with optimization and without debugging by default, but
# allow people to set their own preference.
if test "x$CFLAGS" = x
@@ -491,7 +480,7 @@ main() {
/* Ensure this is kernel 2.4 or higher */
uname(&uts);
- release = strdup(uts.release);
+ release = uts.release;
major = atoi(strsep(&release, "."));
minor = atoi(strsep(&release, "."));
@@ -1697,7 +1686,7 @@ done
if test x"$ICONV_FOUND" = x"no" -o x"$samba_cv_HAVE_NATIVE_ICONV" != x"yes" ; then
AC_MSG_WARN([Sufficient support for iconv function was not found.
Install libiconv from http://freshmeat.net/projects/libiconv/ for better charset compatibility!])
- AC_DEFINE_UNQUOTED(DEFAULT_DOS_CHARSET,"ASCII",[Default dos charset name])
+ AC_DEFINE_UNQUOTED(DEFAULT_DOS_CHARSET,"CP850",[Default dos charset name])
AC_DEFINE_UNQUOTED(DEFAULT_DISPLAY_CHARSET,"ASCII",[Default display charset name])
AC_DEFINE_UNQUOTED(DEFAULT_UNIX_CHARSET,"UTF8",[Default unix charset name])
fi
@@ -2695,12 +2684,12 @@ AC_ARG_WITH(expsam,
case "$i" in
xml)
## pdb_xml
- AM_PATH_XML2([2.0.0],[default_shared_modules="$default_shared_modules pdb_xml"],[AC_MSG_ERROR([Can't find XML libraries while XML support is requested])])
+ AM_PATH_XML2([2.0.0],[default_shared_modules="$default_shared_modules pdb_xml"],[])
CFLAGS="$CFLAGS $XML_CFLAGS"
;;
mysql)
## pdb_mysql
- AM_PATH_MYSQL([default_shared_modules="$default_shared_modules pdb_mysql"],[AC_MSG_ERROR([Can't find MySQL libraries while MySQL support is requested])])
+ AM_PATH_MYSQL([default_shared_modules="$default_shared_modules pdb_mysql"],[])
CFLAGS="$CFLAGS $MYSQL_CFLAGS"
;;
no)
@@ -3083,7 +3072,7 @@ AC_TRY_RUN_STRICT([
#define HAVE_QUOTACTL_4A 1
#define AUTOCONF_TEST 1
#include "confdefs.h"
-#include "${srcdir-.}/tests/sysquotas.c"],[$Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS],
+#include "${srcdir-.}/lib/sysquotas.c"],[$Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS],
samba_cv_HAVE_QUOTACTL_4A=yes,samba_cv_HAVE_QUOTACTL_4A=no,samba_cv_HAVE_QUOTACTL_4A=cross)])
if test x"$samba_cv_HAVE_QUOTACTL_4A" = x"yes"; then
samba_cv_SYSQUOTA_FOUND=yes;AC_DEFINE(HAVE_QUOTACTL_4A,1,[Whether long quotactl(int cmd, char *special, qid_t id, caddr_t addr) is available])
@@ -3096,7 +3085,7 @@ AC_TRY_RUN_STRICT([
#define HAVE_QUOTACTL_4B 1
#define AUTOCONF_TEST 1
#include "confdefs.h"
-#include "${srcdir-.}/tests/sysquotas.c"],[$Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS],
+#include "${srcdir-.}/lib/sysquotas.c"],[$Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS],
samba_cv_HAVE_QUOTACTL_4B=yes,samba_cv_HAVE_QUOTACTL_4B=no,samba_cv_HAVE_QUOTACTL_4B=cross)])
if test x"$samba_cv_HAVE_QUOTACTL_4B" = x"yes"; then
echo "int quotactl(const char *path, int cmd, int id, char *addr) is not reworked for the new sys_quota api"
@@ -3110,7 +3099,7 @@ AC_TRY_RUN_STRICT([
#define HAVE_QUOTACTL_3 1
#define AUTOCONF_TEST 1
#include "confdefs.h"
-#include "${srcdir-.}/tests/sysquotas.c"],[$Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS],
+#include "${srcdir-.}/lib/sysquotas.c"],[$Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS],
samba_cv_HAVE_QUOTACTL_3=yes,samba_cv_HAVE_QUOTACTL_3=no,samba_cv_HAVE_QUOTACTL_3=cross)])
if test x"$samba_cv_HAVE_QUOTACTL_3" = x"yes"; then
echo "CRAY int quotactl (char *spec, int request, char *arg) is NOT reworked for the sys_quota api"
diff --git a/source/include/genparser.h b/source/include/genparser.h
deleted file mode 100644
index f28cd78249d..00000000000
--- a/source/include/genparser.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GENPARSER_H
-#define _GENPARSER_H
-
-/* these macros are needed for genstruct auto-parsers */
-#ifndef GENSTRUCT
-#define GENSTRUCT
-#define _LEN(x)
-#define _NULLTERM
-#endif
-
-/*
- automatic marshalling/unmarshalling system for C structures
-*/
-
-/* flag to mark a fixed size array as actually being null terminated */
-#define FLAG_NULLTERM 1
-#define FLAG_ALWAYS 2
-
-struct enum_struct {
- const char *name;
- unsigned value;
-};
-
-/* intermediate dumps are stored in one of these */
-struct parse_string {
- unsigned allocated;
- unsigned length;
- char *s;
-};
-
-typedef int (*gen_dump_fn)(TALLOC_CTX *, struct parse_string *, const char *ptr, unsigned indent);
-typedef int (*gen_parse_fn)(TALLOC_CTX *, char *ptr, const char *str);
-
-/* genstruct.pl generates arrays of these */
-struct parse_struct {
- const char *name;
- unsigned ptr_count;
- unsigned size;
- unsigned offset;
- unsigned array_len;
- const char *dynamic_len;
- unsigned flags;
- gen_dump_fn dump_fn;
- gen_parse_fn parse_fn;
-};
-
-#define DUMP_PARSE_DECL(type) \
- int gen_dump_ ## type(TALLOC_CTX *, struct parse_string *, const char *, unsigned); \
- int gen_parse_ ## type(TALLOC_CTX *, char *, const char *);
-
-DUMP_PARSE_DECL(char)
-DUMP_PARSE_DECL(int)
-DUMP_PARSE_DECL(unsigned)
-DUMP_PARSE_DECL(double)
-DUMP_PARSE_DECL(float)
-
-#define gen_dump_unsigned_char gen_dump_char
-#define gen_parse_unsigned_char gen_parse_char
-
-#endif /* _GENPARSER_H */
diff --git a/source/include/genparser_samba.h b/source/include/genparser_samba.h
deleted file mode 100644
index 172ff2362c4..00000000000
--- a/source/include/genparser_samba.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- Copyright (C) Simo Sorce <idra@samba.org> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GENPARSER_SAMBA_H
-#define _GENPARSER_SAMBA_H
-
-const struct parse_struct pinfo_security_ace_info[] = {
-{"type", 0, sizeof(uint8), offsetof(struct security_ace_info, type), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8},
-{"flags", 0, sizeof(uint8), offsetof(struct security_ace_info, flags), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8},
-{"size", 0, sizeof(uint16), offsetof(struct security_ace_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"info", 0, sizeof(char), offsetof(struct security_ace_info, info), 0, NULL, 0, gen_dump_SEC_ACCESS, gen_parse_SEC_ACCESS},
-{"obj_flags", 0, sizeof(uint32), offsetof(struct security_ace_info, obj_flags), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"obj_guid", 0, sizeof(char), offsetof(struct security_ace_info, obj_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID},
-{"inh_guid", 0, sizeof(char), offsetof(struct security_ace_info, inh_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID},
-{"trustee", 0, sizeof(char), offsetof(struct security_ace_info, trustee), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_security_acl_info[] = {
-{"revision", 0, sizeof(uint16), offsetof(struct security_acl_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"size", 0, sizeof(uint16), offsetof(struct security_acl_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"num_aces", 0, sizeof(uint32), offsetof(struct security_acl_info, num_aces), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"ace", 1, sizeof(struct security_ace_info), offsetof(struct security_acl_info, ace), 0, "size", 0, gen_dump_SEC_ACE, gen_parse_SEC_ACE},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_security_descriptor_info[] = {
-{"revision", 0, sizeof(uint16), offsetof(struct security_descriptor_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"type", 0, sizeof(uint16), offsetof(struct security_descriptor_info, type), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"off_owner_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_owner_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_grp_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_grp_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_sacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_sacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_dacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_dacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"dacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, dacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL},
-{"sacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, sacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL},
-{"owner_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, owner_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{"grp_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, grp_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_luid_attr_info[] = {
-{"attr", 0, sizeof(uint32), offsetof(struct LUID_ATTR, attr), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"luid", 1, sizeof(LUID), offsetof(struct LUID_ATTR, luid), 0, NULL, 0, gen_dump_LUID, gen_parse_LUID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-#endif /* _GENPARSER_SAMBA_H */
diff --git a/source/include/gums.h b/source/include/gums.h
deleted file mode 100644
index 789acc269f3..00000000000
--- a/source/include/gums.h
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- GUMS structures
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GUMS_H
-#define _GUMS_H
-
-#define GUMS_VERSION_MAJOR 0
-#define GUMS_VERSION_MINOR 1
-#define GUMS_OBJECT_VERSION 1
-
-#define GUMS_OBJ_DOMAIN 1
-#define GUMS_OBJ_NORMAL_USER 2
-#define GUMS_OBJ_GROUP 3
-#define GUMS_OBJ_ALIAS 4
-#define GUMS_OBJ_WORKSTATION_TRUST 5
-#define GUMS_OBJ_SERVER_TRUST 6
-#define GUMS_OBJ_DOMAIN_TRUST 7
-
-typedef struct gums_user
-{
- DOM_SID *group_sid; /* Primary Group SID */
-
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
-
- char *full_name; /* user's full name string */
- char *home_dir; /* home directory string */
- char *dir_drive; /* home directory drive string */
- char *logon_script; /* logon script string */
- char *profile_path; /* profile path string */
- char *workstations; /* login from workstations string */
- char *unknown_str; /* don't know what this is, yet. */
- char *munged_dial; /* munged path name and dial-back tel number */
-
- DATA_BLOB lm_pw; /* .data is Null if no password */
- DATA_BLOB nt_pw; /* .data is Null if no password */
-
- uint32 unknown_3; /* 0x00ff ffff */
-
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 *hours;
-
- uint32 unknown_5; /* 0x0002 0000 */
- uint32 unknown_6; /* 0x0000 04ec */
-
-} GUMS_USER;
-
-typedef struct gums_group
-{
- uint32 count; /* Number of SIDs */
- DOM_SID **members; /* SID array */
-
-} GUMS_GROUP;
-
-typedef struct gums_domain
-{
- uint32 next_rid;
-
-} GUMS_DOMAIN;
-
-union gums_obj_p {
- GUMS_USER *user;
- GUMS_GROUP *group;
- GUMS_DOMAIN *domain;
-};
-
-typedef struct gums_object
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object Type */
- uint32 version; /* Object Version */
- uint32 seq_num; /* Object Sequence Number */
-
- SEC_DESC *sec_desc; /* Security Descriptor */
-
- DOM_SID *sid; /* Object Sid */
- char *name; /* Object Name */
- char *description; /* Object Description */
-
- union gums_obj_p data; /* Object Specific data */
-
-} GUMS_OBJECT;
-
-typedef struct gums_data_set
-{
- int type; /* GUMS_SET_xxx */
- void *data;
-
-} GUMS_DATA_SET;
-
-typedef struct gums_commit_set
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object type */
- DOM_SID sid; /* Object Sid */
- uint32 count; /* number of changes */
- GUMS_DATA_SET **data;
-
-} GUMS_COMMIT_SET;
-
-typedef struct gums_privilege
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object Type */
- uint32 version; /* Object Version */
- uint32 seq_num; /* Object Sequence Number */
-
- LUID_ATTR *privilege; /* Privilege Type */
- char *name; /* Object Name */
- char *description; /* Object Description */
-
- uint32 count;
- DOM_SID **members;
-
-} GUMS_PRIVILEGE;
-
-
-typedef struct gums_functions
-{
- /* Generic object functions */
-
- NTSTATUS (*get_domain_sid) (DOM_SID **sid, const char* name);
- NTSTATUS (*set_domain_sid) (const DOM_SID *sid);
-
- NTSTATUS (*get_sequence_number) (void);
-
- NTSTATUS (*new_object) (DOM_SID **sid, const char *name, const int obj_type);
- NTSTATUS (*delete_object) (const DOM_SID *sid);
-
- NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *name, const int onj_type);
- /* This function is used to get the list of all objects changed since b_time, it is
- used to support PDC<->BDC synchronization */
- NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
-
- NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle);
- NTSTATUS (*enumerate_objects_stop) (void *handle);
-
- /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
- Never use this function to update an object in the database, use set_object_values() */
- NTSTATUS (*set_object) (const GUMS_OBJECT *object);
-
- /* set object values function */
- NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET **data_set);
-
- /* Group related functions */
- NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
-
- NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid);
-
- NTSTATUS (*lock_sid) (const DOM_SID *sid);
- NTSTATUS (*unlock_sid) (const DOM_SID *sid);
-
- /* privileges related functions */
-
- NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv);
- NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid);
-
- /* warning!: set_privilege will overwrite a prior existing privilege if such exist */
- NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
-
-} GUMS_FUNCTIONS;
-
-/* define value types */
-#define GUMS_SET_PRIMARY_GROUP 0x1
-#define GUMS_SET_SEC_DESC 0x2
-
-#define GUMS_SET_NAME 0x10
-#define GUMS_SET_DESCRIPTION 0x11
-#define GUMS_SET_FULL_NAME 0x12
-
-/* user specific type values */
-#define GUMS_SET_LOGON_TIME 0x20
-#define GUMS_SET_LOGOFF_TIME 0x21
-#define GUMS_SET_KICKOFF_TIME 0x23
-#define GUMS_SET_PASS_LAST_SET_TIME 0x24
-#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25
-#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26
-
-
-#define GUMS_SET_HOME_DIRECTORY 0x31
-#define GUMS_SET_DRIVE 0x32
-#define GUMS_SET_LOGON_SCRIPT 0x33
-#define GUMS_SET_PROFILE_PATH 0x34
-#define GUMS_SET_WORKSTATIONS 0x35
-#define GUMS_SET_UNKNOWN_STRING 0x36
-#define GUMS_SET_MUNGED_DIAL 0x37
-
-#define GUMS_SET_LM_PASSWORD 0x40
-#define GUMS_SET_NT_PASSWORD 0x41
-#define GUMS_SET_PLAINTEXT_PASSWORD 0x42
-#define GUMS_SET_UNKNOWN_3 0x43
-#define GUMS_SET_LOGON_DIVS 0x44
-#define GUMS_SET_HOURS_LEN 0x45
-#define GUMS_SET_HOURS 0x46
-#define GUMS_SET_UNKNOWN_5 0x47
-#define GUMS_SET_UNKNOWN_6 0x48
-
-#define GUMS_SET_MUST_CHANGE_PASS 0x50
-#define GUMS_SET_CANNOT_CHANGE_PASS 0x51
-#define GUMS_SET_PASS_NEVER_EXPIRE 0x52
-#define GUMS_SET_ACCOUNT_DISABLED 0x53
-#define GUMS_SET_ACCOUNT_LOCKOUT 0x54
-
-/*group specific type values */
-#define GUMS_ADD_SID_LIST 0x60
-#define GUMS_DEL_SID_LIST 0x61
-#define GUMS_SET_SID_LIST 0x62
-
-#endif /* _GUMS_H */
diff --git a/source/include/intl.h b/source/include/intl.h
index 01fa3bad976..5b56d9aa2c9 100644
--- a/source/include/intl.h
+++ b/source/include/intl.h
@@ -22,4 +22,3 @@
/* ideally we would have a static mapping, but that precludes
dynamic loading. This is a reasonable compromise */
#define _(x) lang_msg_rotate(x)
-#define N_(x) (x)
diff --git a/source/include/passdb.h b/source/include/passdb.h
index a4b2bcff3fd..e3077eee70a 100644
--- a/source/include/passdb.h
+++ b/source/include/passdb.h
@@ -57,8 +57,7 @@ enum pdb_elements {
PDB_MUNGEDDIAL,
PDB_HOURS,
PDB_UNKNOWN3,
- PDB_BAD_PASSWORD_COUNT,
- PDB_LOGON_COUNT,
+ PDB_UNKNOWN5,
PDB_UNKNOWN6,
PDB_LMPASSWD,
PDB_NTPASSWD,
@@ -137,10 +136,7 @@ typedef struct sam_passwd
uint32 hours_len; /* normally 21 bytes */
uint8 hours[MAX_HOURS_LEN];
- /* Was unknown_5. */
- uint16 bad_password_count;
- uint16 logon_count;
-
+ uint32 unknown_5; /* 0x0002 0000 */
uint32 unknown_6; /* 0x0000 04ec */
/* a tag for who added the private methods */
const struct pdb_methods *backend_private_methods;
diff --git a/source/include/privileges.h b/source/include/privileges.h
index b7e1b44c2af..67d8a2cbcc1 100644
--- a/source/include/privileges.h
+++ b/source/include/privileges.h
@@ -53,8 +53,6 @@ typedef struct LUID_ATTR
typedef struct privilege_set
{
- TALLOC_CTX *mem_ctx;
- BOOL ext_ctx;
uint32 count;
uint32 control;
LUID_ATTR *set;
diff --git a/source/include/rpc_client_proto.h b/source/include/rpc_client_proto.h
deleted file mode 100644
index 0ecb1956913..00000000000
--- a/source/include/rpc_client_proto.h
+++ /dev/null
@@ -1,231 +0,0 @@
-#ifndef _RPC_CLIENT_PROTO_H_
-#define _RPC_CLIENT_PROTO_H_
-/* This file is automatically generated with "make proto". DO NOT EDIT */
-
-
-/*The following definitions come from lib/util_list.c */
-
-BOOL copy_policy_hnd (POLICY_HND *dest, const POLICY_HND *src);
-BOOL compare_rpc_hnd_node(const RPC_HND_NODE *x,
- const RPC_HND_NODE *y);
-BOOL RpcHndList_set_connection(const POLICY_HND *hnd,
- struct cli_connection *con);
-BOOL RpcHndList_del_connection(const POLICY_HND *hnd);
-struct cli_connection* RpcHndList_get_connection(const POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_connect.c */
-
-void init_connections(void);
-void free_connections(void);
-void cli_connection_free(struct cli_connection *con);
-void cli_connection_unlink(struct cli_connection *con);
-BOOL cli_connection_init(const char *srv_name, char *pipe_name,
- struct cli_connection **con);
-BOOL cli_connection_init_auth(const char *srv_name, char *pipe_name,
- struct cli_connection **con,
- cli_auth_fns * auth, void *auth_creds);
-struct _cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con);
-void *cli_conn_get_auth_creds(struct cli_connection *con);
-BOOL rpc_hnd_pipe_req(const POLICY_HND * hnd, uint8 op_num,
- prs_struct * data, prs_struct * rdata);
-BOOL rpc_con_pipe_req(struct cli_connection *con, uint8 op_num,
- prs_struct * data, prs_struct * rdata);
-BOOL rpc_con_ok(struct cli_connection *con);
-
-/*The following definitions come from rpc_client/cli_login.c */
-
-BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]);
-BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd);
-BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username,
- uint32 smb_userid_low, char *password,
- NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
- uint32 smb_userid_low, char lm_chal[8],
- char *lm_chal_resp, char *nt_chal_resp,
- NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
-
-/*The following definitions come from rpc_client/cli_lsarpc.c */
-
-BOOL do_lsa_open_policy(struct cli_state *cli,
- char *system_name, POLICY_HND *hnd,
- BOOL sec_qos);
-BOOL do_lsa_query_info_pol(struct cli_state *cli,
- POLICY_HND *hnd, uint16 info_class,
- fstring domain_name, DOM_SID *domain_sid);
-BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd);
-BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server);
-uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd,
- BOOL sec_qos, uint32 des_access);
-uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids,
- char ***names, uint32 **types, int *num_names);
-uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
- DOM_SID **sids, uint32 **types, int *num_sids);
-
-/*The following definitions come from rpc_client/cli_netlogon.c */
-
-BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint32 status_level);
-BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan,
- uint32 neg_flags, DOM_CHAL *srv_chal);
-BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal);
-BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16]);
-BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
-BOOL change_trust_account_password( char *domain, char *remote_machine_list);
-
-/*The following definitions come from rpc_client/cli_pipe.c */
-
-BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
- prs_struct *data, prs_struct *rdata);
-BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, char *my_name);
-void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs);
-BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name);
-void cli_nt_session_close(struct cli_state *cli);
-
-/*The following definitions come from rpc_client/cli_reg.c */
-
-BOOL do_reg_connect(struct cli_state *cli, char *full_keyname, char *key_name,
- POLICY_HND *reg_hnd);
-BOOL do_reg_open_hklm(struct cli_state *cli, uint16 unknown_0, uint32 level,
- POLICY_HND *hnd);
-BOOL do_reg_open_hku(struct cli_state *cli, uint16 unknown_0, uint32 level,
- POLICY_HND *hnd);
-BOOL do_reg_flush_key(struct cli_state *cli, POLICY_HND *hnd);
-BOOL do_reg_query_key(struct cli_state *cli, POLICY_HND *hnd,
- char *class, uint32 *class_len,
- uint32 *num_subkeys, uint32 *max_subkeylen,
- uint32 *max_subkeysize, uint32 *num_values,
- uint32 *max_valnamelen, uint32 *max_valbufsize,
- uint32 *sec_desc, NTTIME *mod_time);
-BOOL do_reg_unknown_1a(struct cli_state *cli, POLICY_HND *hnd, uint32 *unk);
-BOOL do_reg_query_info(struct cli_state *cli, POLICY_HND *hnd,
- char *key_value, uint32* key_type);
-BOOL do_reg_set_key_sec(struct cli_state *cli, POLICY_HND *hnd, SEC_DESC_BUF *sec_desc_buf);
-BOOL do_reg_get_key_sec(struct cli_state *cli, POLICY_HND *hnd, uint32 *sec_buf_size, SEC_DESC_BUF **ppsec_desc_buf);
-BOOL do_reg_delete_val(struct cli_state *cli, POLICY_HND *hnd, char *val_name);
-BOOL do_reg_delete_key(struct cli_state *cli, POLICY_HND *hnd, char *key_name);
-BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
- char *key_name, char *key_class,
- SEC_ACCESS *sam_access,
- POLICY_HND *key);
-BOOL do_reg_enum_key(struct cli_state *cli, POLICY_HND *hnd,
- int key_index, char *key_name,
- uint32 *unk_1, uint32 *unk_2,
- time_t *mod_time);
-BOOL do_reg_create_val(struct cli_state *cli, POLICY_HND *hnd,
- char *val_name, uint32 type, BUFFER3 *data);
-BOOL do_reg_enum_val(struct cli_state *cli, POLICY_HND *hnd,
- int val_index, int max_valnamelen, int max_valbufsize,
- fstring val_name,
- uint32 *val_type, BUFFER2 *value);
-BOOL do_reg_open_entry(struct cli_state *cli, POLICY_HND *hnd,
- char *key_name, uint32 unk_0,
- POLICY_HND *key_hnd);
-BOOL do_reg_close(struct cli_state *cli, POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_samr.c */
-
-BOOL get_samr_query_usergroups(struct cli_state *cli,
- POLICY_HND *pol_open_domain, uint32 user_rid,
- uint32 *num_groups, DOM_GID *gid);
-BOOL get_samr_query_userinfo(struct cli_state *cli,
- POLICY_HND *pol_open_domain,
- uint32 info_level,
- uint32 user_rid, SAM_USER_INFO_21 *usr);
-BOOL do_samr_chgpasswd_user(struct cli_state *cli,
- char *srv_name, char *user_name,
- char nt_newpass[516], uchar nt_oldhash[16],
- char lm_newpass[516], uchar lm_oldhash[16]);
-BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name);
-BOOL do_samr_query_dom_info(struct cli_state *cli,
- POLICY_HND *domain_pol, uint16 switch_value);
-BOOL do_samr_enum_dom_users(struct cli_state *cli,
- POLICY_HND *pol, uint16 num_entries, uint16 unk_0,
- uint16 acb_mask, uint16 unk_1, uint32 size,
- struct acct_info **sam,
- int *num_sam_users);
-BOOL do_samr_connect(struct cli_state *cli,
- char *srv_name, uint32 unknown_0,
- POLICY_HND *connect_pol);
-BOOL do_samr_open_user(struct cli_state *cli,
- POLICY_HND *pol, uint32 unk_0, uint32 rid,
- POLICY_HND *user_pol);
-BOOL do_samr_open_domain(struct cli_state *cli,
- POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid,
- POLICY_HND *domain_pol);
-BOOL do_samr_query_unknown_12(struct cli_state *cli,
- POLICY_HND *pol, uint32 rid, uint32 num_gids, uint32 *gids,
- uint32 *num_aliases,
- fstring als_names [MAX_LOOKUP_SIDS],
- uint32 num_als_users[MAX_LOOKUP_SIDS]);
-BOOL do_samr_query_usergroups(struct cli_state *cli,
- POLICY_HND *pol, uint32 *num_groups, DOM_GID *gid);
-BOOL do_samr_query_userinfo(struct cli_state *cli,
- POLICY_HND *pol, uint16 switch_value, void* usr);
-BOOL do_samr_close(struct cli_state *cli, POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_spoolss_notify.c */
-
-BOOL spoolss_disconnect_from_client( struct cli_state *cli);
-BOOL spoolss_connect_to_client( struct cli_state *cli, char *remote_machine);
-BOOL cli_spoolss_reply_open_printer(struct cli_state *cli, char *printer, uint32 localprinter, uint32 type, uint32 *status, POLICY_HND *handle);
-BOOL cli_spoolss_reply_rrpcn(struct cli_state *cli, POLICY_HND *handle,
- uint32 change_low, uint32 change_high, uint32 *status);
-BOOL cli_spoolss_reply_close_printer(struct cli_state *cli, POLICY_HND *handle, uint32 *status);
-
-/*The following definitions come from rpc_client/cli_srvsvc.c */
-
-BOOL do_srv_net_srv_conn_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_CONN_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_sess_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_SESS_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_share_enum(struct cli_state *cli,
- char *server_name,
- uint32 switch_value, SRV_R_NET_SHARE_ENUM *r_o,
- uint32 preferred_len, ENUM_HND *hnd);
-BOOL do_srv_net_srv_file_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_FILE_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_get_info(struct cli_state *cli,
- char *server_name, uint32 switch_value, SRV_INFO_CTR *ctr);
-
-/*The following definitions come from rpc_client/cli_use.c */
-
-void init_cli_use(void);
-void free_cli_use(void);
-struct cli_state *cli_net_use_add(const char *srv_name,
- const struct ntuser_creds *usr_creds,
- BOOL reuse, BOOL *is_new);
-BOOL cli_net_use_del(const char *srv_name,
- const struct ntuser_creds *usr_creds,
- BOOL force_close, BOOL *connection_closed);
-void cli_net_use_enum(uint32 *num_cons, struct use_info ***use);
-void cli_use_wait_keyboard(void);
-
-/*The following definitions come from rpc_client/cli_wkssvc.c */
-
-BOOL do_wks_query_info(struct cli_state *cli,
- char *server_name, uint32 switch_value,
- WKS_INFO_100 *wks100);
-
-/*The following definitions come from rpc_client/ncacn_np_use.c */
-
-BOOL ncacn_np_use_del(const char *srv_name, const char *pipe_name,
- const vuser_key * key,
- BOOL force_close, BOOL *connection_closed);
-struct ncacn_np *ncacn_np_initialise(struct ncacn_np *msrpc,
- const vuser_key * key);
-struct ncacn_np *ncacn_np_use_add(const char *pipe_name,
- const vuser_key * key,
- const char *srv_name,
- const struct ntuser_creds *ntc,
- BOOL reuse, BOOL *is_new_connection);
-#endif /* _PROTO_H_ */
diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h
index 52fe08d8753..2e4a418bb7d 100644
--- a/source/include/rpc_dce.h
+++ b/source/include/rpc_dce.h
@@ -61,14 +61,8 @@ enum RPC_PKT_TYPE
/* Netlogon schannel auth type and level */
#define NETSEC_AUTH_TYPE 0x44
-#define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
-#define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
+#define NETSEC_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
#define RPC_AUTH_NETSEC_CHK_LEN 0x20
-
-/* The 7 here seems to be required to get Win2k not to downgrade us
- to NT4. Actually, anything other than 1ff would seem to do... */
-#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
-
#define NETLOGON_NEG_SCHANNEL 0x40000000
enum netsec_direction
@@ -245,14 +239,13 @@ typedef struct rpc_auth_netsec_chk_info
uint8 sig [8]; /* 77 00 7a 00 ff ff 00 00 */
uint8 packet_digest[8]; /* checksum over the packet, MD5'ed with session key */
uint8 seq_num[8]; /* verifier, seq num */
- uint8 confounder[8]; /* random 8-byte nonce */
+ uint8 data8[8]; /* random 8-byte nonce */
} RPC_AUTH_NETSEC_CHK;
struct netsec_auth_struct
{
uchar sess_key[16];
uint32 seq_num;
- int auth_flags;
};
/* RPC_BIND_REQ - ms req bind */
diff --git a/source/include/rpc_lsa.h b/source/include/rpc_lsa.h
index 2064a38056e..fa49d76c885 100644
--- a/source/include/rpc_lsa.h
+++ b/source/include/rpc_lsa.h
@@ -657,7 +657,7 @@ typedef struct lsa_r_enumprivsaccount
{
uint32 ptr;
uint32 count;
- PRIVILEGE_SET *set;
+ PRIVILEGE_SET set;
NTSTATUS status;
} LSA_R_ENUMPRIVSACCOUNT;
@@ -703,7 +703,7 @@ typedef struct lsa_q_addprivs
{
POLICY_HND pol; /* policy handle */
uint32 count;
- PRIVILEGE_SET *set;
+ PRIVILEGE_SET set;
} LSA_Q_ADDPRIVS;
typedef struct lsa_r_addprivs
@@ -718,7 +718,7 @@ typedef struct lsa_q_removeprivs
uint32 allrights;
uint32 ptr;
uint32 count;
- PRIVILEGE_SET *set;
+ PRIVILEGE_SET set;
} LSA_Q_REMOVEPRIVS;
typedef struct lsa_r_removeprivs
@@ -728,3 +728,5 @@ typedef struct lsa_r_removeprivs
#endif /* _RPC_LSA_H */
+
+
diff --git a/source/include/rpc_misc.h b/source/include/rpc_misc.h
index aaaad55c20c..a0572a0bfdc 100644
--- a/source/include/rpc_misc.h
+++ b/source/include/rpc_misc.h
@@ -85,42 +85,49 @@ typedef struct enum_hnd_info
{
uint32 ptr_hnd; /* pointer to enumeration handle */
uint32 handle; /* enumeration handle */
+
} ENUM_HND;
/* LOOKUP_LEVEL - switch value */
typedef struct lookup_level_info
{
- uint16 value;
+ uint16 value;
+
} LOOKUP_LEVEL;
/* DOM_SID2 - security id */
typedef struct sid_info_2
{
uint32 num_auths; /* length, bytes, including length of len :-) */
+
DOM_SID sid;
+
} DOM_SID2;
/* STRHDR - string header */
typedef struct header_info
{
- uint16 str_str_len;
- uint16 str_max_len;
- uint32 buffer; /* non-zero */
+ uint16 str_str_len;
+ uint16 str_max_len;
+ uint32 buffer; /* non-zero */
+
} STRHDR;
/* UNIHDR - unicode string header */
typedef struct unihdr_info
{
- uint16 uni_str_len;
- uint16 uni_max_len;
- uint32 buffer; /* usually has a value of 4 */
+ uint16 uni_str_len;
+ uint16 uni_max_len;
+ uint32 buffer; /* usually has a value of 4 */
+
} UNIHDR;
/* UNIHDR2 - unicode string header and undocumented buffer */
typedef struct unihdr2_info
{
- UNIHDR unihdr;
- uint32 buffer; /* 32 bit buffer pointer */
+ UNIHDR unihdr;
+ uint32 buffer; /* 32 bit buffer pointer */
+
} UNIHDR2;
/* clueless as to what maximum length should be */
@@ -131,15 +138,16 @@ typedef struct unihdr2_info
/* UNISTR - unicode string size and buffer */
typedef struct unistr_info
{
- /* unicode characters. ***MUST*** be little-endian. ***MUST*** be null-terminated */
- uint16 *buffer;
+ /* unicode characters. ***MUST*** be little-endian. ***MUST*** be null-terminated */
+ uint16 *buffer;
} UNISTR;
/* BUFHDR - buffer header */
typedef struct bufhdr_info
{
- uint32 buf_max_len;
- uint32 buf_len;
+ uint32 buf_max_len;
+ uint32 buf_len;
+
} BUFHDR;
/* BUFFER2 - unicode string, size (in uint8 ascii chars) and buffer */
@@ -147,47 +155,51 @@ typedef struct bufhdr_info
/* of a unicode string different from the other \PIPE\ writers */
typedef struct buffer2_info
{
- uint32 buf_max_len;
- uint32 offset;
- uint32 buf_len;
- /* unicode characters. ***MUST*** be little-endian. **NOT** necessarily null-terminated */
- uint16 *buffer;
+ uint32 buf_max_len;
+ uint32 undoc;
+ uint32 buf_len;
+ /* unicode characters. ***MUST*** be little-endian. **NOT** necessarily null-terminated */
+ uint16 *buffer;
+
} BUFFER2;
/* BUFFER3 */
typedef struct buffer3_info
{
- uint32 buf_max_len;
- uint8 *buffer; /* Data */
- uint32 buf_len;
+ uint32 buf_max_len;
+ uint8 *buffer; /* Data */
+ uint32 buf_len;
+
} BUFFER3;
/* BUFFER5 */
typedef struct buffer5_info
{
- uint32 buf_len;
- uint16 *buffer; /* data */
+ uint32 buf_len;
+ uint16 *buffer; /* data */
} BUFFER5;
/* UNISTR2 - unicode string size (in uint16 unicode chars) and buffer */
typedef struct unistr2_info
{
- uint32 uni_max_len;
- uint32 offset;
- uint32 uni_str_len;
- /* unicode characters. ***MUST*** be little-endian.
- **must** be null-terminated and the uni_str_len should include
- the NULL character */
- uint16 *buffer;
+ uint32 uni_max_len;
+ uint32 undoc;
+ uint32 uni_str_len;
+ /* unicode characters. ***MUST*** be little-endian.
+ **must** be null-terminated and the uni_str_len should include
+ the NULL character */
+ uint16 *buffer;
+
} UNISTR2;
/* STRING2 - string size (in uint8 chars) and buffer */
typedef struct string2_info
{
- uint32 str_max_len;
- uint32 offset;
- uint32 str_str_len;
- uint8 *buffer; /* uint8 characters. **NOT** necessarily null-terminated */
+ uint32 str_max_len;
+ uint32 undoc;
+ uint32 str_str_len;
+ uint8 *buffer; /* uint8 characters. **NOT** necessarily null-terminated */
+
} STRING2;
/* UNISTR3 - XXXX not sure about this structure */
@@ -254,77 +266,85 @@ typedef struct domrid3_info
/* DOM_RID4 - rid + user attributes */
typedef struct domrid4_info
{
- uint32 unknown;
- uint16 attr;
- uint32 rid; /* user RID */
+ uint32 unknown;
+ uint16 attr;
+ uint32 rid; /* user RID */
+
} DOM_RID4;
/* DOM_CLNT_SRV - client / server names */
typedef struct clnt_srv_info
{
- uint32 undoc_buffer; /* undocumented 32 bit buffer pointer */
- UNISTR2 uni_logon_srv; /* logon server name */
- uint32 undoc_buffer2; /* undocumented 32 bit buffer pointer */
- UNISTR2 uni_comp_name; /* client machine name */
+ uint32 undoc_buffer; /* undocumented 32 bit buffer pointer */
+ UNISTR2 uni_logon_srv; /* logon server name */
+ uint32 undoc_buffer2; /* undocumented 32 bit buffer pointer */
+ UNISTR2 uni_comp_name; /* client machine name */
+
} DOM_CLNT_SRV;
/* DOM_LOG_INFO - login info */
typedef struct log_info
{
- uint32 undoc_buffer; /* undocumented 32 bit buffer pointer */
- UNISTR2 uni_logon_srv; /* logon server name */
- UNISTR2 uni_acct_name; /* account name */
- uint16 sec_chan; /* secure channel type */
- UNISTR2 uni_comp_name; /* client machine name */
+ uint32 undoc_buffer; /* undocumented 32 bit buffer pointer */
+ UNISTR2 uni_logon_srv; /* logon server name */
+ UNISTR2 uni_acct_name; /* account name */
+ uint16 sec_chan; /* secure channel type */
+ UNISTR2 uni_comp_name; /* client machine name */
+
} DOM_LOG_INFO;
/* DOM_CHAL - challenge info */
typedef struct chal_info
{
- uchar data[8]; /* credentials */
+ uchar data[8]; /* credentials */
} DOM_CHAL;
/* DOM_CREDs - timestamped client or server credentials */
typedef struct cred_info
{
- DOM_CHAL challenge; /* credentials */
- UTIME timestamp; /* credential time-stamp */
+ DOM_CHAL challenge; /* credentials */
+ UTIME timestamp; /* credential time-stamp */
} DOM_CRED;
/* DOM_CLNT_INFO - client info */
typedef struct clnt_info
{
- DOM_LOG_INFO login;
- DOM_CRED cred;
+ DOM_LOG_INFO login;
+ DOM_CRED cred;
+
} DOM_CLNT_INFO;
/* DOM_CLNT_INFO2 - client info */
typedef struct clnt_info2
{
- DOM_CLNT_SRV login;
- uint32 ptr_cred;
- DOM_CRED cred;
+ DOM_CLNT_SRV login;
+ uint32 ptr_cred;
+ DOM_CRED cred;
+
} DOM_CLNT_INFO2;
/* DOM_LOGON_ID - logon id */
typedef struct logon_info
{
- uint32 low;
- uint32 high;
+ uint32 low;
+ uint32 high;
+
} DOM_LOGON_ID;
/* OWF INFO */
typedef struct owf_info
{
- uint8 data[16];
+ uint8 data[16];
+
} OWF_INFO;
/* DOM_GID - group id + user attributes */
typedef struct gid_info
{
- uint32 g_rid; /* a group RID */
- uint32 attr;
+ uint32 g_rid; /* a group RID */
+ uint32 attr;
+
} DOM_GID;
/* POLICY_HND */
@@ -335,6 +355,7 @@ typedef struct lsa_policy_info
uint16 data3;
uint16 data4;
uint8 data5[8];
+
#ifdef __INSURE__
/* To prevent the leakage of policy handles mallocate a bit of
@@ -345,6 +366,7 @@ typedef struct lsa_policy_info
char *marker;
#endif
+
} POLICY_HND;
/*
@@ -403,5 +425,5 @@ typedef struct buffer4_info
}
BUFFER4;
-enum unistr2_term_codes { UNI_FLAGS_NONE = 0, UNI_STR_TERMINATE = 1, UNI_MAXLEN_TERMINATE = 2 };
+
#endif /* _RPC_MISC_H */
diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h
index 3b81042df37..4d9ad0b2e18 100644
--- a/source/include/rpc_samr.h
+++ b/source/include/rpc_samr.h
@@ -189,9 +189,7 @@ typedef struct sam_user_info_23
/* uint8 pad[2] */
uint32 ptr_logon_hrs; /* pointer to logon hours */
- /* Was unknown_5. */
- uint16 bad_password_count;
- uint16 logon_count;
+ uint32 unknown_5; /* 0x0001 0000 */
uint8 padding1[6];
@@ -314,9 +312,7 @@ typedef struct sam_user_info_21
/* uint8 pad[2] */
uint32 ptr_logon_hrs; /* unknown pointer */
- /* Was unknown_5. */
- uint16 bad_password_count;
- uint16 logon_count;
+ uint32 unknown_5; /* 0x0002 0000 */
uint8 padding1[6];
diff --git a/source/include/smbldap.h b/source/include/smbldap.h
index 9765b9fbd60..826fc3c55a1 100644
--- a/source/include/smbldap.h
+++ b/source/include/smbldap.h
@@ -88,8 +88,6 @@
#define LDAP_ATTR_SID 32
#define LDAP_ATTR_ALGORITHMIC_RID_BASE 33
#define LDAP_ATTR_NEXT_RID 34
-#define LDAP_ATTR_BAD_PASSWORD_COUNT 35
-#define LDAP_ATTR_LOGON_COUNT 36
typedef struct _attrib_map_entry {
int attrib;
diff --git a/source/include/talloc.h b/source/include/talloc.h
index 433b52ec954..4badddbb880 100644
--- a/source/include/talloc.h
+++ b/source/include/talloc.h
@@ -30,27 +30,6 @@
/**
* talloc allocation pool. All allocated blocks can be freed in one go.
**/
-
-struct talloc_chunk {
- struct talloc_chunk *next;
- size_t size;
- void *ptr;
-};
-
-struct talloc_ctx {
- struct talloc_chunk *list;
- size_t total_alloc_size;
-
- /** The name recorded for this pool, if any. Should describe
- * the purpose for which it was allocated. The string is
- * allocated within the pool. **/
- char *name;
-
- /** Pointer to the next allocate talloc pool, so that we can
- * summarize all talloc memory usage. **/
- struct talloc_ctx *next_ctx;
-};
-
typedef struct talloc_ctx TALLOC_CTX;
TALLOC_CTX *talloc_init(char const *fmt, ...) PRINTF_ATTRIBUTE(1, 2);
diff --git a/source/include/tdbsam2.h b/source/include/tdbsam2.h
deleted file mode 100644
index 047b4e7c902..00000000000
--- a/source/include/tdbsam2.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * tdbsam2 genstruct enabled header file
- * Copyright (C) Simo Sorce 2002
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-/* ALL strings assumes UTF8 as encoding */
-
-GENSTRUCT struct tdbsam2_domain_data {
- uint32 xcounter; /* counter to be updated at any change */
-
- SEC_DESC *sec_desc; /* Security Descriptor */
- DOM_SID *dom_sid; /* The Domain SID */
- char *name; _NULLTERM /* NT Domain Name */
- char *description; _NULLTERM /* Descritpion (Gecos) */
-
- uint32 next_rid; /* The Next free RID */
-};
-
-GENSTRUCT struct tdbsam2_user_data {
- uint32 xcounter; /* counter to be updated at any change */
-
- SEC_DESC *sec_desc; /* Security Descriptor */
- DOM_SID *user_sid; /* The User SID */
- char *name; _NULLTERM /* NT User Name */
- char *description; _NULLTERM /* Descritpion (Gecos) */
-
- DOM_SID *group_sid; /* The Primary Group SID */
-
- NTTIME *logon_time;
- NTTIME *logoff_time;
- NTTIME *kickoff_time;
- NTTIME *pass_last_set_time;
- NTTIME *pass_can_change_time;
- NTTIME *pass_must_change_time;
-
- char *full_name; _NULLTERM /* The Full Name */
- char *home_dir; _NULLTERM /* Home Directory */
- char *dir_drive; _NULLTERM /* Drive Letter the home should be mapped to */
- char *logon_script; _NULLTERM /* Logon script path */
- char *profile_path; _NULLTERM /* Profile is stored here */
- char *workstations; _NULLTERM /* List of Workstation names the user is allowed to LogIn */
- char *unknown_str; _NULLTERM /* Guess ... Unknown */
- char *munged_dial; _NULLTERM /* Callback Number */
-
- /* passwords are 16 byte leght, pointer is null if no password */
- uint8 *lm_pw_ptr; _LEN(16) /* Lanman hashed password */
- uint8 *nt_pw_ptr; _LEN(16) /* NT hashed password */
-
- uint16 logon_divs; /* 168 - num of hours in a week */
- uint32 hours_len; /* normally 21 */
- uint8 *hours; _LEN(hours_len) /* normally 21 bytes (depends on hours_len) */
-
- uint32 unknown_3; /* 0x00ff ffff */
- uint32 unknown_5; /* 0x0002 0000 */
- uint32 unknown_6; /* 0x0000 04ec */
-};
-
-GENSTRUCT struct tdbsam2_group_data {
- uint32 xcounter; /* counter to be updated at any change */
-
- SEC_DESC *sec_desc; /* Security Descriptor */
- DOM_SID *group_sid; /* The Group SID */
- char *name; _NULLTERM /* NT Group Name */
- char *description; _NULLTERM /* Descritpion (Gecos) */
-
- uint32 count; /* number of sids */
- DOM_SID **members; _LEN(count) /* SID array */
-};
-
-GENSTRUCT struct tdbsam2_privilege_data {
- uint32 xcounter; /* counter to be updated at any change */
-
- LUID_ATTR *privilege; /* Privilege */
- char *name; _NULLTERM /* NT User Name */
- char *description; _NULLTERM /* Descritpion (Gecos) */
-
- uint32 count; /* number of sids */
- DOM_SID **members; _LEN(count) /* SID array */
-};
-
diff --git a/source/intl/lang_tdb.c b/source/intl/lang_tdb.c
index af70b529ff9..5409ce6619d 100644
--- a/source/intl/lang_tdb.c
+++ b/source/intl/lang_tdb.c
@@ -176,47 +176,16 @@ BOOL lang_tdb_init(const char *lang)
const char *lang_msg(const char *msgid)
{
TDB_DATA key, data;
- char *p, *q, *msgid_quoted;
- int count;
lang_tdb_init(NULL);
if (!tdb) return msgid;
- /* Due to the way quotes in msgids are escaped in the msg file we
- must replace " with \" before doing a lookup in the tdb. */
-
- count = 0;
-
- for(p = msgid; *p; p++) {
- if (*p == '\"')
- count++;
- }
-
- if (!(msgid_quoted = malloc(strlen(msgid) + count + 1)))
- return msgid;
-
- /* string_sub() is unsuitable here as it replaces some punctuation
- chars with underscores. */
-
- for(p = msgid, q = msgid_quoted; *p; p++) {
- if (*p == '\"') {
- *q = '\\';
- q++;
- }
- *q = *p;
- q++;
- }
-
- *q = 0;
-
- key.dptr = (char *)msgid_quoted;
- key.dsize = strlen(msgid_quoted)+1;
+ key.dptr = (char *)msgid;
+ key.dsize = strlen(msgid)+1;
data = tdb_fetch(tdb, key);
- free(msgid_quoted);
-
/* if the message isn't found then we still need to return a pointer
that can be freed. Pity. */
if (!data.dptr)
diff --git a/source/lib/afs.c b/source/lib/afs.c
index 882442a79f1..faeca3d0c33 100644
--- a/source/lib/afs.c
+++ b/source/lib/afs.c
@@ -154,7 +154,7 @@ BOOL afs_login(connection_struct *conn)
cell += 1;
strlower_m(cell);
- DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
+ DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
afs_username, cell));
if (!secrets_init())
diff --git a/source/lib/domain_namemap.c b/source/lib/domain_namemap.c
deleted file mode 100644
index 988f5e5d659..00000000000
--- a/source/lib/domain_namemap.c
+++ /dev/null
@@ -1,1317 +0,0 @@
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- Groupname handling
- Copyright (C) Jeremy Allison 1998.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/*
- * UNIX gid and Local or Domain SID resolution. This module resolves
- * only those entries in the map files, it is *NOT* responsible for
- * resolving UNIX groups not listed: that is an entirely different
- * matter, altogether...
- */
-
-/*
- *
- *
-
- format of the file is:
-
- unixname NT Group name
- unixname Domain Admins (well-known Domain Group)
- unixname DOMAIN_NAME\NT Group name
- unixname OTHER_DOMAIN_NAME\NT Group name
- unixname DOMAIN_NAME\Domain Admins (well-known Domain Group)
- ....
-
- if the DOMAIN_NAME\ component is left off, then your own domain is assumed.
-
- *
- *
- */
-
-
-#include "includes.h"
-extern int DEBUGLEVEL;
-
-extern fstring global_myworkgroup;
-extern DOM_SID global_member_sid;
-extern fstring global_sam_name;
-extern DOM_SID global_sam_sid;
-extern DOM_SID global_sid_S_1_5_20;
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uid_t pwdb_user_rid_to_uid(uint32 user_rid)
-{
- return ((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_group_rid_to_gid(uint32 group_rid)
-{
- return ((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_alias_rid_to_gid(uint32 alias_rid)
-{
- return ((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_group_rid(uint32 gid)
-{
- uint32 grp_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
- return grp_rid;
-}
-
-/******************************************************************
- converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_alias_rid(uint32 gid)
-{
- uint32 alias_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
- return alias_rid;
-}
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_uid_to_user_rid(uint32 uid)
-{
- uint32 user_rid = ((((uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
- return user_rid;
-}
-
-/******************************************************************
- converts SID + SID_NAME_USE type to a UNIX id. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_sam_sid_to_unixid(DOM_SID *sid, uint8 type, uint32 *id)
-{
- DOM_SID tmp_sid;
- uint32 rid;
-
- sid_copy(&tmp_sid, sid);
- sid_split_rid(&tmp_sid, &rid);
- if (!sid_equal(&global_sam_sid, &tmp_sid))
- {
- return False;
- }
-
- switch (type)
- {
- case SID_NAME_USER:
- {
- *id = pwdb_user_rid_to_uid(rid);
- return True;
- }
- case SID_NAME_ALIAS:
- {
- *id = pwdb_alias_rid_to_gid(rid);
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- *id = pwdb_group_rid_to_gid(rid);
- return True;
- }
- }
- return False;
-}
-
-/******************************************************************
- converts UNIX gid + SID_NAME_USE type to a SID. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_unixid_to_sam_sid(uint32 id, uint8 type, DOM_SID *sid)
-{
- sid_copy(sid, &global_sam_sid);
- switch (type)
- {
- case SID_NAME_USER:
- {
- sid_append_rid(sid, pwdb_uid_to_user_rid(id));
- return True;
- }
- case SID_NAME_ALIAS:
- {
- sid_append_rid(sid, pwdb_gid_to_alias_rid(id));
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- sid_append_rid(sid, pwdb_gid_to_group_rid(id));
- return True;
- }
- }
- return False;
-}
-
-/*******************************************************************
- Decides if a RID is a well known RID.
- ********************************************************************/
-static BOOL pwdb_rid_is_well_known(uint32 rid)
-{
- return (rid < 1000);
-}
-
-/*******************************************************************
- determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_rid_type(uint32 rid)
-{
- /* lkcl i understand that NT attaches an enumeration to a RID
- * such that it can be identified as either a user, group etc
- * type: SID_ENUM_TYPE.
- */
- if (pwdb_rid_is_well_known(rid))
- {
- /*
- * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
- * and DOMAIN_USER_RID_GUEST.
- */
- if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
- {
- return RID_TYPE_USER;
- }
- if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
- {
- return RID_TYPE_GROUP;
- }
- if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
- {
- return RID_TYPE_ALIAS;
- }
- }
- return (rid & RID_TYPE_MASK);
-}
-
-/*******************************************************************
- checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-BOOL pwdb_rid_is_user(uint32 rid)
-{
- return pwdb_rid_type(rid) == RID_TYPE_USER;
-}
-
-/**************************************************************************
- Groupname map functionality. The code loads a groupname map file and
- (currently) loads it into a linked list. This is slow and memory
- hungry, but can be changed into a more efficient storage format
- if the demands on it become excessive.
-***************************************************************************/
-
-typedef struct name_map
-{
- ubi_slNode next;
- DOM_NAME_MAP grp;
-
-} name_map_entry;
-
-static ubi_slList groupname_map_list;
-static ubi_slList aliasname_map_list;
-static ubi_slList ntusrname_map_list;
-
-static void delete_name_entry(name_map_entry *gmep)
-{
- if (gmep->grp.nt_name)
- {
- free(gmep->grp.nt_name);
- }
- if (gmep->grp.nt_domain)
- {
- free(gmep->grp.nt_domain);
- }
- if (gmep->grp.unix_name)
- {
- free(gmep->grp.unix_name);
- }
- free((char*)gmep);
-}
-
-/**************************************************************************
- Delete all the entries in the name map list.
-***************************************************************************/
-
-static void delete_map_list(ubi_slList *map_list)
-{
- name_map_entry *gmep;
-
- while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL)
- {
- delete_name_entry(gmep);
- }
-}
-
-
-/**************************************************************************
- makes a group sid out of a domain sid and a _unix_ gid.
-***************************************************************************/
-static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
-{
- int ret = False;
- fstring sid_str;
-
- if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
- {
- DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
- grp->nt_domain));
- return False;
- }
-
- if (sid_equal(&grp->sid, &global_sid_S_1_5_20))
- {
- /*
- * only builtin aliases are recognised in S-1-5-20
- */
- DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n",
- grp->nt_name));
-
- if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0)
- {
- DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n",
- grp->unix_name, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_USER)
- {
- DEBUG(0,("well-known NT user %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_DOMAIN)
- {
- DEBUG(0,("well-known NT group %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else
- {
- switch (type)
- {
- case DOM_MAP_USER:
- {
- grp->type = SID_NAME_USER;
- break;
- }
- case DOM_MAP_DOMAIN:
- {
- grp->type = SID_NAME_DOM_GRP;
- break;
- }
- case DOM_MAP_LOCAL:
- {
- grp->type = SID_NAME_ALIAS;
- break;
- }
- }
-
- ret = pwdb_unixid_to_sam_sid(grp->unix_id, grp->type, &grp->sid);
- }
-
- sid_to_string(sid_str, &grp->sid);
- DEBUG(10,("nt name %s\\%s gid %d mapped to %s\n",
- grp->nt_domain, grp->nt_name, grp->unix_id, sid_str));
- return ret;
-}
-
-/**************************************************************************
- makes a group sid out of an nt domain, nt group name or a unix group name.
-***************************************************************************/
-static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP *map, DOM_MAP_TYPE type)
-{
- /*
- * Attempt to get the unix gid_t for this name.
- */
-
- DEBUG(5,("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name));
-
- if (type == DOM_MAP_USER)
- {
- const struct passwd *pwptr = Get_Pwnam(map->unix_name, False);
- if (pwptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: Get_Pwnam for user %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)pwptr->pw_uid;
- }
- else
- {
- struct group *gptr = getgrnam(map->unix_name);
- if (gptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: getgrnam for group %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)gptr->gr_gid;
- }
-
- DEBUG(5,("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id));
-
- /*
- * Now map the name to an NT SID+RID.
- */
-
- if (map->nt_domain != NULL && !strequal(map->nt_domain, global_sam_name))
- {
- /* Must add client-call lookup code here, to
- * resolve remote domain's sid and the group's rid,
- * in that domain.
- *
- * NOTE: it is _incorrect_ to put code here that assumes
- * we are responsible for lookups for foriegn domains' RIDs.
- *
- * for foriegn domains for which we are *NOT* the PDC, all
- * we can be responsible for is the unix gid_t to which
- * the foriegn SID+rid maps to, on this _local_ machine.
- * we *CANNOT* make any short-cuts or assumptions about
- * RIDs in a foriegn domain.
- */
-
- if (!map_domain_name_to_sid(&map->sid, &(map->nt_domain)))
- {
- DEBUG(0,("unix_name_to_nt_name_info: no known sid for %s\n",
- map->nt_domain));
- return False;
- }
- }
-
- return make_mydomain_sid(map, type);
-}
-
-static BOOL make_name_entry(name_map_entry **new_ep,
- char *nt_domain, char *nt_group, char *unix_group,
- DOM_MAP_TYPE type)
-{
- /*
- * Create the list entry and add it onto the list.
- */
-
- DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group));
-
- (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry));
- if ((*new_ep) == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n"));
- return False;
- }
-
- ZERO_STRUCTP(*new_ep);
-
- (*new_ep)->grp.nt_name = strdup(nt_group );
- (*new_ep)->grp.nt_domain = strdup(nt_domain );
- (*new_ep)->grp.unix_name = strdup(unix_group);
-
- if ((*new_ep)->grp.nt_name == NULL ||
- (*new_ep)->grp.unix_name == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n"));
- delete_name_entry((*new_ep));
- return False;
- }
-
- /*
- * look up the group names, make the Group-SID and unix gid
- */
-
- if (!unix_name_to_nt_name_info(&(*new_ep)->grp, type))
- {
- delete_name_entry((*new_ep));
- return False;
- }
-
- return True;
-}
-
-/**************************************************************************
- Load a name map file. Sets last accessed timestamp.
-***************************************************************************/
-static ubi_slList *load_name_map(DOM_MAP_TYPE type)
-{
- static time_t groupmap_file_last_modified = (time_t)0;
- static time_t aliasmap_file_last_modified = (time_t)0;
- static time_t ntusrmap_file_last_modified = (time_t)0;
- static BOOL initialised_group = False;
- static BOOL initialised_alias = False;
- static BOOL initialised_ntusr = False;
- char *groupname_map_file = lp_groupname_map();
- char *aliasname_map_file = lp_aliasname_map();
- char *ntusrname_map_file = lp_ntusrname_map();
-
- FILE *fp;
- char *s;
- pstring buf;
- name_map_entry *new_ep;
-
- time_t *file_last_modified = NULL;
- int *initialised = NULL;
- char *map_file = NULL;
- ubi_slList *map_list = NULL;
-
- switch (type)
- {
- case DOM_MAP_DOMAIN:
- {
- file_last_modified = &groupmap_file_last_modified;
- initialised = &initialised_group;
- map_file = groupname_map_file;
- map_list = &groupname_map_list;
-
- break;
- }
- case DOM_MAP_LOCAL:
- {
- file_last_modified = &aliasmap_file_last_modified;
- initialised = &initialised_alias;
- map_file = aliasname_map_file;
- map_list = &aliasname_map_list;
-
- break;
- }
- case DOM_MAP_USER:
- {
- file_last_modified = &ntusrmap_file_last_modified;
- initialised = &initialised_ntusr;
- map_file = ntusrname_map_file;
- map_list = &ntusrname_map_list;
-
- break;
- }
- }
-
- if (!(*initialised))
- {
- DEBUG(10,("initialising map %s\n", map_file));
- ubi_slInitList(map_list);
- (*initialised) = True;
- }
-
- if (!*map_file)
- {
- return map_list;
- }
-
- /*
- * Load the file.
- */
-
- fp = open_file_if_modified(map_file, "r", file_last_modified);
- if (!fp)
- {
- return map_list;
- }
-
- /*
- * Throw away any previous list.
- */
- delete_map_list(map_list);
-
- DEBUG(4,("load_name_map: Scanning name map %s\n",map_file));
-
- while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL)
- {
- pstring unixname;
- pstring nt_name;
- fstring nt_domain;
- fstring ntname;
- char *p;
-
- DEBUG(10,("Read line |%s|\n", s));
-
- memset(nt_name, 0, sizeof(nt_name));
-
- if (!*s || strchr("#;",*s))
- continue;
-
- if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
- continue;
-
- if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name)))
- continue;
-
- trim_string(unixname, " ", " ");
- trim_string(nt_name, " ", " ");
-
- if (!*nt_name)
- continue;
-
- if (!*unixname)
- continue;
-
- p = strchr(nt_name, '\\');
-
- if (p == NULL)
- {
- memset(nt_domain, 0, sizeof(nt_domain));
- fstrcpy(ntname, nt_name);
- }
- else
- {
- *p = 0;
- p++;
- fstrcpy(nt_domain, nt_name);
- fstrcpy(ntname , p);
- }
-
- if (make_name_entry(&new_ep, nt_domain, ntname, unixname, type))
- {
- ubi_slAddTail(map_list, (ubi_slNode *)new_ep);
- DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n",
- new_ep->grp.unix_name,
- new_ep->grp.nt_domain,
- new_ep->grp.nt_name,
- new_ep->grp.type));
- }
- }
-
- DEBUG(10,("load_name_map: Added %ld entries to name map.\n",
- ubi_slCount(map_list)));
-
- fclose(fp);
-
- return map_list;
-}
-
-static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from)
-{
- sid_copy(&grp->sid, &from->sid);
- grp->unix_id = from->unix_id;
- grp->nt_name = from->nt_name;
- grp->nt_domain = from->nt_domain;
- grp->unix_name = from->unix_name;
- grp->type = from->type;
-}
-
-#if 0
-/***********************************************************
- Lookup unix name.
-************************************************************/
-static BOOL map_unixname(DOM_MAP_TYPE type,
- char *unixname, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.unix_name, unixname))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixname: Mapping unix name %s to nt group %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-#endif
-
-/***********************************************************
- Lookup nt name.
-************************************************************/
-static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain,
- DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.nt_name , ntname) &&
- strequal(gmep->grp.nt_domain, ntdomain))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_ntname: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-
-/***********************************************************
- Lookup by SID
-************************************************************/
-static BOOL map_sid(DOM_MAP_TYPE type,
- DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (sid_equal(&gmep->grp.sid, psid))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_sid: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- Lookup by gid_t.
-************************************************************/
-static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- fstring sid_str;
- sid_to_string(sid_str, &gmep->grp.sid);
- DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n",
- gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str));
- if (gmep->grp.unix_id == unix_id)
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixid: Mapping unix name %s to nt name %s type %d\n",
- gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- *
- * Call four functions to resolve unix group ids and either
- * local group SIDs or domain group SIDs listed in the local group
- * or domain group map files.
- *
- * Note that it is *NOT* the responsibility of these functions to
- * resolve entries that are not in the map files.
- *
- * Any SID can be in the map files (i.e from any Domain).
- *
- ***********************************************************/
-
-#if 0
-
-/***********************************************************
- Lookup a UNIX Group entry by name.
-************************************************************/
-BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info);
-}
-
-/***********************************************************
- Lookup a UNIX Alias entry by name.
-************************************************************/
-BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias name entry
-************************************************************/
-BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info);
-}
-
-/***********************************************************
- Lookup a Group entry
-************************************************************/
-BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info);
-}
-
-#endif
-
-/***********************************************************
- Lookup a Username entry by name.
-************************************************************/
-static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_USER, nt_name, nt_domain, grp_info);
-}
-
-/***********************************************************
- Lookup a Username entry by SID.
-************************************************************/
-static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_USER, sid, grp_info);
-}
-
-/***********************************************************
- Lookup a Username SID entry by uid.
-************************************************************/
-static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_USER, (uint32)gid, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by name.
-************************************************************/
-BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_LOCAL, psid, grp_info);
-}
-
-/***********************************************************
- Lookup a Group entry by sid.
-************************************************************/
-BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_DOMAIN, psid, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by gid_t.
-************************************************************/
-static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_LOCAL, (uint32)gid, grp_info);
-}
-
-/***********************************************************
- Lookup a Group SID entry by gid_t.
-************************************************************/
-static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_DOMAIN, (uint32)gid, grp_info);
-}
-
-
-/************************************************************************
- Routine to look up User details by UNIX name
-*************************************************************************/
-BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp)
-{
- uid_t uid;
- DEBUG(10,("lookupsmbpwnam: unix user name %s\n", unix_usr_name));
- if (nametouid(unix_usr_name, &uid))
- {
- return lookupsmbpwuid(uid, grp);
- }
- else
- {
- return False;
- }
-}
-
-/************************************************************************
- Routine to look up a remote nt name
-*************************************************************************/
-static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type)
-{
- struct cli_state cli;
- POLICY_HND lsa_pol;
- fstring srv_name;
- extern struct ntuser_creds *usr_creds;
- struct ntuser_creds usr;
-
- BOOL res3 = True;
- BOOL res4 = True;
- uint32 num_sids;
- DOM_SID *sids;
- uint8 *types;
- char *names[1];
-
- usr_creds = &usr;
-
- ZERO_STRUCT(usr);
- pwd_set_nullpwd(&usr.pwd);
-
- DEBUG(5,("lookup_remote_ntname: %s\n", ntname));
-
- if (!cli_connect_serverlist(&cli, lp_passwordserver()))
- {
- return False;
- }
-
- names[0] = ntname;
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, cli.desthost);
- strupper(srv_name);
-
- /* lookup domain controller; receive a policy handle */
- res3 = res3 ? lsa_open_policy( srv_name,
- &lsa_pol, True) : False;
-
- /* send lsa lookup sids call */
- res4 = res3 ? lsa_lookup_names( &lsa_pol,
- 1, names,
- &sids, &types, &num_sids) : False;
-
- res3 = res3 ? lsa_close(&lsa_pol) : False;
-
- if (res4 && res3 && sids != NULL && types != NULL)
- {
- sid_copy(sid, &sids[0]);
- *type = types[0];
- }
- else
- {
- res3 = False;
- }
- if (types != NULL)
- {
- free(types);
- }
-
- if (sids != NULL)
- {
- free(sids);
- }
-
- return res3 && res4;
-}
-
-/************************************************************************
- Routine to look up a remote nt name
-*************************************************************************/
-static BOOL get_sid_and_type(const char *fullntname, uint8 expected_type,
- DOM_NAME_MAP *gmep)
-{
- /*
- * check with the PDC to see if it owns the name. if so,
- * the SID is resolved with the PDC database.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- if (lookup_remote_ntname(fullntname, &gmep->sid, &gmep->type))
- {
- if (sid_front_equal(&gmep->sid, &global_member_sid) &&
- strequal(gmep->nt_domain, global_myworkgroup) &&
- gmep->type == expected_type)
- {
- return True;
- }
- return False;
- }
- }
-
- /*
- * ... otherwise, it's one of ours. map the sid ourselves,
- * which can only happen in our own SAM database.
- */
-
- if (!strequal(gmep->nt_domain, global_sam_name))
- {
- return False;
- }
- if (!pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid))
- {
- return False;
- }
-
- return True;
-}
-
-/*
- * used by lookup functions below
- */
-
-static fstring nt_name;
-static fstring unix_name;
-static fstring nt_domain;
-
-/*************************************************************************
- looks up a uid, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbpwuid: unix uid %d\n", uid));
- if (map_username_uid(uid, gmep))
- {
- return True;
- }
-#if 0
- if (lp_server_role() != ROLE_DOMAIN_NONE)
-#endif
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- gmep->unix_id = (uint32)uid;
-
- /*
- * ok, assume it's one of ours. then double-check it
- * if we are a member of a domain
- */
-
- gmep->type = SID_NAME_USER;
- fstrcpy(gmep->nt_name, uidtoname(uid));
- fstrcpy(gmep->unix_name, gmep->nt_name);
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
-#endif
- }
-
- /*
- * ok, it's one of ours.
- */
-
- gmep->nt_domain = global_sam_name;
- pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid);
-
- return True;
- }
-
- /* oops. */
-
- return False;
-}
-
-/*************************************************************************
- looks up by NT name, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbpwntnam: nt user name %s\n", fullntname));
-
- if (!split_domain_name(fullntname, nt_domain, nt_name))
- {
- return False;
- }
-
- if (map_nt_username(nt_name, nt_domain, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- uid_t uid;
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * ok, it's one of ours. we therefore "create" an nt user named
- * after the unix user. this is the point where "appliance mode"
- * should get its teeth in, as unix users won't really exist,
- * they will only be numbers...
- */
-
- gmep->type = SID_NAME_USER;
- fstrcpy(gmep->unix_name, gmep->nt_name);
- if (!nametouid(gmep->unix_name, &uid))
- {
- return False;
- }
- gmep->unix_id = (uint32)uid;
-
- return get_sid_and_type(fullntname, gmep->type, gmep);
- }
-
- /* oops. */
-
- return False;
-}
-
-/*************************************************************************
- looks up by RID, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
-{
- fstring sid_str;
- sid_to_string(sid_str, sid);
- DEBUG(10,("lookupsmbpwsid: nt sid %s\n", sid_str));
-
- if (map_username_sid(sid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- if (lookup_remote_sid(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt user named
- * after the unix user. this is the point where "appliance mode"
- * should get its teeth in, as unix users won't really exist,
- * they will only be numbers...
- */
-
- gmep->type = SID_NAME_USER;
- sid_copy(&gmep->sid, sid);
- if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
- {
- return False;
- }
- fstrcpy(gmep->nt_name, uidtoname((uid_t)gmep->unix_id));
- fstrcpy(gmep->unix_name, gmep->nt_name);
- gmep->nt_domain = global_sam_name;
-
- return True;
- }
-
- /* oops. */
-
- return False;
-}
-
-/************************************************************************
- Routine to look up group / alias / well-known group RID by UNIX name
-*************************************************************************/
-BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp)
-{
- gid_t gid;
- DEBUG(10,("lookupsmbgrpnam: unix user group %s\n", unix_grp_name));
- if (nametogid(unix_grp_name, &gid))
- {
- return lookupsmbgrpgid(gid, grp);
- }
- else
- {
- return False;
- }
-}
-
-/*************************************************************************
- looks up a SID, returns name map entry
-*************************************************************************/
-BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
-{
- fstring sid_str;
- sid_to_string(sid_str, sid);
- DEBUG(10,("lookupsmbgrpsid: nt sid %s\n", sid_str));
-
- if (map_alias_sid(sid, gmep))
- {
- return True;
- }
- if (map_group_sid(sid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt group or
- * alias name named after the unix group. this is the point
- * where "appliance mode" should get its teeth in, as unix
- * groups won't really exist, they will only be numbers...
- */
-
- /* name is not explicitly mapped
- * with map files or the PDC
- * so we are responsible for it...
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- /* ... as a LOCAL group. */
- gmep->type = SID_NAME_ALIAS;
- }
- else
- {
- /* ... as a DOMAIN group. */
- gmep->type = SID_NAME_DOM_GRP;
- }
-
- sid_copy(&gmep->sid, sid);
- if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
- {
- return False;
- }
- fstrcpy(gmep->nt_name, gidtoname((gid_t)gmep->unix_id));
- fstrcpy(gmep->unix_name, gmep->nt_name);
- gmep->nt_domain = global_sam_name;
-
- return True;
- }
-
- /* oops */
- return False;
-}
-
-/*************************************************************************
- looks up a gid, returns RID and type local, domain or well-known domain group
-*************************************************************************/
-BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbgrpgid: unix gid %d\n", (int)gid));
- if (map_alias_gid(gid, gmep))
- {
- return True;
- }
- if (map_group_gid(gid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- gmep->unix_id = (uint32)gid;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- if (lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
- {
- return True;
- }
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt group or
- * alias name named after the unix group. this is the point
- * where "appliance mode" should get its teeth in, as unix
- * groups won't really exist, they will only be numbers...
- */
-
- /* name is not explicitly mapped
- * with map files or the PDC
- * so we are responsible for it...
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- /* ... as a LOCAL group. */
- gmep->type = SID_NAME_ALIAS;
- }
- else
- {
- /* ... as a DOMAIN group. */
- gmep->type = SID_NAME_DOM_GRP;
- }
- fstrcpy(gmep->nt_name, gidtoname(gid));
- fstrcpy(gmep->unix_name, gmep->nt_name);
-
- return get_sid_and_type(gmep->nt_name, gmep->type, gmep);
- }
-
- /* oops */
- return False;
-}
-
diff --git a/source/lib/genparser.c b/source/lib/genparser.c
deleted file mode 100644
index 233050b4327..00000000000
--- a/source/lib/genparser.c
+++ /dev/null
@@ -1,786 +0,0 @@
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/*
- automatic marshalling/unmarshalling system for C structures
-*/
-
-#include "includes.h"
-
-/* see if a range of memory is all zero. Used to prevent dumping of zero elements */
-static int all_zero(const char *ptr, unsigned size)
-{
- int i;
- if (!ptr) return 1;
- for (i=0;i<size;i++) {
- if (ptr[i]) return 0;
- }
- return 1;
-}
-
-/* encode a buffer of bytes into a escaped string */
-static char *encode_bytes(TALLOC_CTX *mem_ctx, const char *ptr, unsigned len)
-{
- const char *hexdig = "0123456789abcdef";
- char *ret, *p;
- unsigned i;
- ret = talloc(mem_ctx, len*3 + 1); /* worst case size */
- if (!ret) return NULL;
- for (p=ret,i=0;i<len;i++) {
- if (isalnum(ptr[i]) || isspace(ptr[i]) ||
- (ispunct(ptr[i]) && !strchr("\\{}", ptr[i]))) {
- *p++ = ptr[i];
- } else {
- unsigned char c = *(unsigned char *)(ptr+i);
- if (c == 0 && all_zero(ptr+i, len-i)) break;
- p[0] = '\\';
- p[1] = hexdig[c>>4];
- p[2] = hexdig[c&0xF];
- p += 3;
- }
- }
-
- *p = 0;
-
- return ret;
-}
-
-/* decode an escaped string from encode_bytes() into a buffer */
-static char *decode_bytes(TALLOC_CTX *mem_ctx, const char *s, unsigned *len)
-{
- char *ret, *p;
- unsigned i;
- int slen = strlen(s) + 1;
-
- ret = talloc(mem_ctx, slen); /* worst case length */
- if (!ret)
- return NULL;
- memset(ret, 0, slen);
-
- if (*s == '{') s++;
-
- for (p=ret,i=0;s[i];i++) {
- if (s[i] == '}') {
- break;
- } else if (s[i] == '\\') {
- unsigned v;
- if (sscanf(&s[i+1], "%02x", &v) != 1 || v > 255) {
- return NULL;
- }
- *(unsigned char *)p = v;
- p++;
- i += 2;
- } else {
- *p++ = s[i];
- }
- }
- *p = 0;
-
- (*len) = (unsigned)(p - ret);
-
- return ret;
-}
-
-/* the add*() functions deal with adding things to a struct
- parse_string */
-
-/* allocate more space if needed */
-static int addgen_alloc(TALLOC_CTX *mem_ctx, struct parse_string *p, int n)
-{
- if (p->length + n <= p->allocated) return 0;
- p->allocated = p->length + n + 200;
- p->s = talloc_realloc(mem_ctx, p->s, p->allocated);
- if (!p->s) {
- errno = ENOMEM;
- return -1;
- }
- return 0;
-}
-
-/* add a character to the buffer */
-static int addchar(TALLOC_CTX *mem_ctx, struct parse_string *p, char c)
-{
- if (addgen_alloc(mem_ctx, p, 2) != 0) {
- return -1;
- }
- p->s[p->length++] = c;
- p->s[p->length] = 0;
- return 0;
-}
-
-/* add a string to the buffer */
-int addstr(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s)
-{
- int len = strlen(s);
- if (addgen_alloc(mem_ctx, p, len+1) != 0) {
- return -1;
- }
- memcpy(p->s + p->length, s, len+1);
- p->length += len;
- return 0;
-}
-
-/* add a string to the buffer with a tab prefix */
-static int addtabbed(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s, unsigned indent)
-{
- int len = strlen(s);
- if (addgen_alloc(mem_ctx, p, indent+len+1) != 0) {
- return -1;
- }
- while (indent--) {
- p->s[p->length++] = '\t';
- }
- memcpy(p->s + p->length, s, len+1);
- p->length += len;
- return 0;
-}
-
-/* note! this can only be used for results up to 60 chars wide! */
-int addshort(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...)
-{
- char buf[60];
- int n;
- va_list ap;
- va_start(ap, fmt);
- n = vsnprintf(buf, sizeof(buf), fmt, ap);
- va_end(ap);
- if (addgen_alloc(mem_ctx, p, n + 1) != 0) {
- return -1;
- }
- if (n != 0) {
- memcpy(p->s + p->length, buf, n);
- }
- p->length += n;
- p->s[p->length] = 0;
- return 0;
-}
-
-/*
- this is here to make it easier for people to write dump functions
- for their own types
- */
-int gen_addgen(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...)
-{
- char *buf = NULL;
- int n;
- va_list ap;
- va_start(ap, fmt);
- n = vasprintf(&buf, fmt, ap);
- va_end(ap);
- if (addgen_alloc(mem_ctx, p, n + 1) != 0) {
- if (buf) free(buf);
- return -1;
- }
- if (n != 0) {
- memcpy(p->s + p->length, buf, n);
- }
- p->length += n;
- p->s[p->length] = 0;
- if (buf) free(buf);
- return 0;
-}
-
-/* dump a enumerated type */
-int gen_dump_enum(TALLOC_CTX *mem_ctx,
- const struct enum_struct *einfo,
- struct parse_string *p,
- const char *ptr,
- unsigned indent)
-{
- unsigned v = *(unsigned *)ptr;
- int i;
- for (i=0;einfo[i].name;i++) {
- if (v == einfo[i].value) {
- addstr(mem_ctx, p, einfo[i].name);
- return 0;
- }
- }
- /* hmm, maybe we should just fail? */
- return gen_dump_unsigned(mem_ctx, p, ptr, indent);
-}
-
-/* dump a single non-array element, hanlding struct and enum */
-static int gen_dump_one(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *ptr,
- unsigned indent)
-{
- if (pinfo->dump_fn == gen_dump_char && pinfo->ptr_count == 1) {
- char *s = encode_bytes(mem_ctx, ptr, strlen(ptr));
- if (addchar(mem_ctx, p,'{') ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}")) {
- return -1;
- }
- return 0;
- }
-
- return pinfo->dump_fn(mem_ctx, p, ptr, indent);
-}
-
-/* handle dumping of an array of arbitrary type */
-static int gen_dump_array(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *ptr,
- int array_len,
- int indent)
-{
- int i, count=0;
-
- /* special handling of fixed length strings */
- if (array_len != 0 &&
- pinfo->ptr_count == 0 &&
- pinfo->dump_fn == gen_dump_char) {
- char *s = encode_bytes(mem_ctx, ptr, array_len);
- if (!s) return -1;
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addstr(mem_ctx, p, " = {") ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}\n")) {
- return -1;
- }
- free(s);
- return 0;
- }
-
- for (i=0;i<array_len;i++) {
- const char *p2 = ptr;
- unsigned size = pinfo->size;
-
- /* generic pointer dereference */
- if (pinfo->ptr_count) {
- p2 = *(const char **)ptr;
- size = sizeof(void *);
- }
-
- if ((count || pinfo->ptr_count) &&
- !(pinfo->flags & FLAG_ALWAYS) &&
- all_zero(ptr, size)) {
- ptr += size;
- continue;
- }
- if (count == 0) {
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addshort(mem_ctx, p, " = %u:", i)) {
- return -1;
- }
- } else {
- if (addshort(mem_ctx, p, ", %u:", i) != 0) {
- return -1;
- }
- }
- if (gen_dump_one(mem_ctx, p, pinfo, p2, indent) != 0) {
- return -1;
- }
- ptr += size;
- count++;
- }
- if (count) {
- return addstr(mem_ctx, p, "\n");
- }
- return 0;
-}
-
-/* find a variable by name in a loaded structure and return its value
- as an integer. Used to support dynamic arrays */
-static int find_var(const struct parse_struct *pinfo,
- const char *data,
- const char *var)
-{
- int i;
- const char *ptr;
-
- /* this allows for constant lengths */
- if (isdigit(*var)) {
- return atoi(var);
- }
-
- for (i=0;pinfo[i].name;i++) {
- if (strcmp(pinfo[i].name, var) == 0) break;
- }
- if (!pinfo[i].name) return -1;
-
- ptr = data + pinfo[i].offset;
-
- switch (pinfo[i].size) {
- case sizeof(int):
- return *(int *)ptr;
- case sizeof(char):
- return *(char *)ptr;
- }
-
- return -1;
-}
-
-
-int gen_dump_struct(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- struct parse_string *p,
- const char *ptr,
- unsigned indent)
-{
- char *s = gen_dump(mem_ctx, pinfo, ptr, indent+1);
- if (!s) return -1;
- if (addstr(mem_ctx, p, "{\n") ||
- addstr(mem_ctx, p, s) ||
- addtabbed(mem_ctx, p, "}", indent)) {
- return -1;
- }
- return 0;
-}
-
-static int gen_dump_string(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *data,
- unsigned indent)
-{
- const char *ptr = *(char **)data;
- char *s = encode_bytes(mem_ctx, ptr, strlen(ptr));
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addstr(mem_ctx, p, " = ") ||
- addchar(mem_ctx, p, '{') ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}\n")) {
- return -1;
- }
- return 0;
-}
-
-/*
- find the length of a nullterm array
-*/
-static int len_nullterm(const char *ptr, int size, int array_len)
-{
- int len;
-
- if (size == 1) {
- len = strnlen(ptr, array_len);
- } else {
- for (len=0; len < array_len; len++) {
- if (all_zero(ptr+len*size, size)) break;
- }
- }
-
- if (len == 0) len = 1;
-
- return len;
-}
-
-
-/* the generic dump routine. Scans the parse information for this structure
- and processes it recursively */
-char *gen_dump(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- const char *data,
- unsigned indent)
-{
- struct parse_string p;
- int i;
-
- p.length = 0;
- p.allocated = 0;
- p.s = NULL;
-
- if (addstr(mem_ctx, &p, "") != 0) {
- return NULL;
- }
-
- for (i=0;pinfo[i].name;i++) {
- const char *ptr = data + pinfo[i].offset;
- unsigned size = pinfo[i].size;
-
- if (pinfo[i].ptr_count) {
- size = sizeof(void *);
- }
-
- /* special handling for array types */
- if (pinfo[i].array_len) {
- unsigned len = pinfo[i].array_len;
- if (pinfo[i].flags & FLAG_NULLTERM) {
- len = len_nullterm(ptr, size, len);
- }
- if (gen_dump_array(mem_ctx, &p, &pinfo[i], ptr,
- len, indent)) {
- goto failed;
- }
- continue;
- }
-
- /* and dynamically sized arrays */
- if (pinfo[i].dynamic_len) {
- int len = find_var(pinfo, data, pinfo[i].dynamic_len);
- struct parse_struct p2 = pinfo[i];
- if (len < 0) {
- goto failed;
- }
- if (len > 0) {
- if (pinfo[i].flags & FLAG_NULLTERM) {
- len = len_nullterm(*(char **)ptr,
- pinfo[i].size, len);
- }
- p2.ptr_count--;
- p2.dynamic_len = NULL;
- if (gen_dump_array(mem_ctx, &p, &p2,
- *(char **)ptr,
- len, indent) != 0) {
- goto failed;
- }
- }
- continue;
- }
-
- /* don't dump zero elements */
- if (!(pinfo[i].flags & FLAG_ALWAYS) && all_zero(ptr, size)) continue;
-
- /* assume char* is a null terminated string */
- if (pinfo[i].size == 1 && pinfo[i].ptr_count == 1 &&
- pinfo[i].dump_fn == gen_dump_char) {
- if (gen_dump_string(mem_ctx, &p, &pinfo[i], ptr, indent) != 0) {
- goto failed;
- }
- continue;
- }
-
- /* generic pointer dereference */
- if (pinfo[i].ptr_count) {
- ptr = *(const char **)ptr;
- }
-
- if (addtabbed(mem_ctx, &p, pinfo[i].name, indent) ||
- addstr(mem_ctx, &p, " = ") ||
- gen_dump_one(mem_ctx, &p, &pinfo[i], ptr, indent) ||
- addstr(mem_ctx, &p, "\n")) {
- goto failed;
- }
- }
- return p.s;
-
-failed:
- return NULL;
-}
-
-/* search for a character in a string, skipping over sections within
- matching braces */
-static char *match_braces(char *s, char c)
-{
- int depth = 0;
- while (*s) {
- switch (*s) {
- case '}':
- depth--;
- break;
- case '{':
- depth++;
- break;
- }
- if (depth == 0 && *s == c) {
- return s;
- }
- s++;
- }
- return s;
-}
-
-/* parse routine for enumerated types */
-int gen_parse_enum(TALLOC_CTX *mem_ctx,
- const struct enum_struct *einfo,
- char *ptr,
- const char *str)
-{
- unsigned v;
- int i;
-
- if (isdigit(*str)) {
- if (sscanf(str, "%u", &v) != 1) {
- errno = EINVAL;
- return -1;
- }
- *(unsigned *)ptr = v;
- return 0;
- }
-
- for (i=0;einfo[i].name;i++) {
- if (strcmp(einfo[i].name, str) == 0) {
- *(unsigned *)ptr = einfo[i].value;
- return 0;
- }
- }
-
- /* unknown enum value?? */
- return -1;
-}
-
-
-/* parse all base types */
-static int gen_parse_base(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- char *ptr,
- const char *str)
-{
- if (pinfo->parse_fn == gen_parse_char && pinfo->ptr_count==1) {
- unsigned len;
- char *s = decode_bytes(mem_ctx, str, &len);
- if (!s) return -1;
- *(char **)ptr = s;
- return 0;
- }
-
- if (pinfo->ptr_count) {
- unsigned size = pinfo->ptr_count>1?sizeof(void *):pinfo->size;
- struct parse_struct p2 = *pinfo;
- *(void **)ptr = talloc(mem_ctx, size);
- if (! *(void **)ptr) {
- return -1;
- }
- memset(*(void **)ptr, 0, size);
- ptr = *(char **)ptr;
- p2.ptr_count--;
- return gen_parse_base(mem_ctx, &p2, ptr, str);
- }
-
- return pinfo->parse_fn(mem_ctx, ptr, str);
-}
-
-/* parse a generic array */
-static int gen_parse_array(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- char *ptr,
- const char *str,
- int array_len)
-{
- char *p, *p2;
- unsigned size = pinfo->size;
-
- /* special handling of fixed length strings */
- if (array_len != 0 &&
- pinfo->ptr_count == 0 &&
- pinfo->dump_fn == gen_dump_char) {
- unsigned len = 0;
- char *s = decode_bytes(mem_ctx, str, &len);
- if (!s || (len > array_len)) return -1;
- memset(ptr, 0, array_len);
- memcpy(ptr, s, len);
- return 0;
- }
-
- if (pinfo->ptr_count) {
- size = sizeof(void *);
- }
-
- while (*str) {
- unsigned idx;
- int done;
-
- idx = atoi(str);
- p = strchr(str,':');
- if (!p) break;
- p++;
- p2 = match_braces(p, ',');
- done = (*p2 != ',');
- *p2 = 0;
-
- if (*p == '{') {
- p++;
- p[strlen(p)-1] = 0;
- }
-
- if (gen_parse_base(mem_ctx, pinfo, ptr + idx*size, p) != 0) {
- return -1;
- }
-
- if (done) break;
- str = p2+1;
- }
-
- return 0;
-}
-
-/* parse one element, hanlding dynamic and static arrays */
-static int gen_parse_one(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- const char *name,
- char *data,
- const char *str)
-{
- int i;
- for (i=0;pinfo[i].name;i++) {
- if (strcmp(pinfo[i].name, name) == 0) {
- break;
- }
- }
- if (pinfo[i].name == NULL) {
- return 0;
- }
-
- if (pinfo[i].array_len) {
- return gen_parse_array(mem_ctx, &pinfo[i],
- data+pinfo[i].offset,
- str, pinfo[i].array_len);
- }
-
- if (pinfo[i].dynamic_len) {
- int len = find_var(pinfo, data, pinfo[i].dynamic_len);
- if (len < 0) {
- errno = EINVAL;
- return -1;
- }
- if (len > 0) {
- struct parse_struct p2 = pinfo[i];
- char *ptr;
- unsigned size = pinfo[i].ptr_count>1?sizeof(void*):pinfo[i].size;
- ptr = talloc(mem_ctx, len*size);
- if (!ptr) {
- errno = ENOMEM;
- return -1;
- }
- memset(ptr, 0, len*size);
- *((char **)(data + pinfo[i].offset)) = ptr;
- p2.ptr_count--;
- p2.dynamic_len = NULL;
- return gen_parse_array(mem_ctx, &p2, ptr, str, len);
- }
- return 0;
- }
-
- return gen_parse_base(mem_ctx, &pinfo[i], data + pinfo[i].offset, str);
-}
-
-int gen_parse_struct(TALLOC_CTX * mem_ctx, const struct parse_struct *pinfo, char *ptr, const char *str)
-{
- return gen_parse(mem_ctx, pinfo, ptr, str);
-}
-
-/* the main parse routine */
-int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data, const char *s)
-{
- char *str, *s0;
-
- s0 = strdup(s);
- str = s0;
-
- while (*str) {
- char *p;
- char *name;
- char *value;
-
- /* skip leading whitespace */
- while (isspace(*str)) str++;
-
- p = strchr(str, '=');
- if (!p) break;
- value = p+1;
- while (p > str && isspace(*(p-1))) {
- p--;
- }
-
- *p = 0;
- name = str;
-
- while (isspace(*value)) value++;
-
- if (*value == '{') {
- str = match_braces(value, '}');
- value++;
- } else {
- str = match_braces(value, '\n');
- }
-
- *str++ = 0;
-
- if (gen_parse_one(mem_ctx, pinfo, name, data, value) != 0) {
- free(s0);
- return -1;
- }
- }
-
- free(s0);
- return 0;
-}
-
-
-
-/* for convenience supply some standard dumpers and parsers here */
-
-int gen_parse_char(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(unsigned char *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_int(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(int *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_unsigned(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(unsigned *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_time_t(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(time_t *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_double(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(double *)ptr = atof(str);
- return 0;
-}
-
-int gen_parse_float(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(float *)ptr = atof(str);
- return 0;
-}
-
-int gen_dump_char(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(unsigned char *)(ptr));
-}
-
-int gen_dump_int(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%d", *(int *)(ptr));
-}
-
-int gen_dump_unsigned(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(unsigned *)(ptr));
-}
-
-int gen_dump_time_t(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(time_t *)(ptr));
-}
-
-int gen_dump_double(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%lg", *(double *)(ptr));
-}
-
-int gen_dump_float(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%g", *(float *)(ptr));
-}
diff --git a/source/lib/genparser_samba.c b/source/lib/genparser_samba.c
deleted file mode 100644
index bece5877473..00000000000
--- a/source/lib/genparser_samba.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
- Copyright (C) Simo Sorce <idra@samba.org> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "genparser_samba.h"
-
-/* PARSE functions */
-
-int gen_parse_uint8(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint8 *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_uint16(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint16 *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_uint32(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint32 *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_NTTIME(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(sscanf(str, "%u,%u", &(((NTTIME *)(ptr))->high), &(((NTTIME *)(ptr))->low)) != 2) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-int gen_parse_DOM_SID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(!string_to_sid((DOM_SID *)ptr, str)) return -1;
- return 0;
-}
-
-int gen_parse_SEC_ACCESS(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- ((SEC_ACCESS *)ptr)->mask = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_GUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- int info[GUID_SIZE];
- int i;
- char *sc;
- char *p;
- char *m;
-
- m = strdup(str);
- if (!m) return -1;
- sc = m;
-
- memset(info, 0, sizeof(info));
- for (i = 0; i < GUID_SIZE; i++) {
- p = strchr(sc, ',');
- if (p != NULL) p = '\0';
- info[i] = atoi(sc);
- if (p != NULL) sc = p + 1;
- }
- free(m);
-
- for (i = 0; i < GUID_SIZE; i++) {
- ((GUID *)ptr)->info[i] = info[i];
- }
-
- return 0;
-}
-
-int gen_parse_SEC_ACE(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_ace_info, ptr, str);
-}
-
-int gen_parse_SEC_ACL(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_acl_info, ptr, str);
-}
-
-int gen_parse_SEC_DESC(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_descriptor_info, ptr, str);
-}
-
-int gen_parse_LUID_ATTR(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_luid_attr_info, ptr, str);
-}
-
-int gen_parse_LUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(sscanf(str, "%u,%u", &(((LUID *)(ptr))->high), &(((LUID *)(ptr))->low)) != 2) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-
-
-/* DUMP functions */
-
-int gen_dump_uint8(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint8 *)(ptr));
-}
-
-int gen_dump_uint16(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint16 *)(ptr));
-}
-
-int gen_dump_uint32(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint32 *)(ptr));
-}
-
-int gen_dump_NTTIME(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- uint32 low, high;
-
- high = ((NTTIME *)(ptr))->high;
- low = ((NTTIME *)(ptr))->low;
- return addshort(mem_ctx, p, "%u,%u", high, low);
-}
-
-int gen_dump_DOM_SID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- fstring sidstr;
-
- sid_to_string(sidstr, (DOM_SID *)ptr);
- return addstr(mem_ctx, p, sidstr);
-}
-
-int gen_dump_SEC_ACCESS(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", ((SEC_ACCESS *)ptr)->mask);
-}
-
-int gen_dump_GUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- int i, r;
-
- for (i = 0; i < (GUID_SIZE - 1); i++) {
- if (!(r = addshort(mem_ctx, p, "%d,", ((GUID *)ptr)->info[i]))) return r;
- }
- return addshort(mem_ctx, p, "%d", ((GUID *)ptr)->info[i]);
-}
-
-int gen_dump_SEC_ACE(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_ace_info, p, ptr, indent);
-}
-
-int gen_dump_SEC_ACL(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_acl_info, p, ptr, indent);
-}
-
-int gen_dump_SEC_DESC(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_descriptor_info, p, ptr, indent);
-}
-
-int gen_dump_LUID_ATTR(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_luid_attr_info, p, ptr, indent);
-}
-
-int gen_dump_LUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- uint32 low, high;
-
- high = ((LUID *)(ptr))->high;
- low = ((LUID *)(ptr))->low;
- return addshort(mem_ctx, p, "%u,%u", high, low);
-}
-
diff --git a/source/lib/getsmbpass.c b/source/lib/getsmbpass.c
index 27cd5e6dfa2..b6ae09b3181 100644
--- a/source/lib/getsmbpass.c
+++ b/source/lib/getsmbpass.c
@@ -83,95 +83,71 @@ static int tcsetattr(int fd, int flags, struct sgttyb *t)
static struct termios t;
#endif /* SYSV_TERMIO */
-static SIG_ATOMIC_T gotintr;
-static int in_fd = -1;
-
-/***************************************************************
- Signal function to tell us were ^C'ed.
-****************************************************************/
-
-static void gotintr_sig(void)
-{
- gotintr = 1;
- if (in_fd != -1)
- close(in_fd); /* Safe way to force a return. */
- in_fd = -1;
-}
-
char *getsmbpass(const char *prompt)
{
- FILE *in, *out;
- int echo_off;
- static char buf[256];
- static size_t bufsize = sizeof(buf);
- size_t nread;
-
- /* Catch problematic signals */
- CatchSignal(SIGINT, SIGNAL_CAST gotintr_sig);
-
- /* Try to write to and read from the terminal if we can.
- If we can't open the terminal, use stderr and stdin. */
-
- in = fopen ("/dev/tty", "w+");
- if (in == NULL) {
- in = stdin;
- out = stderr;
- } else {
- out = in;
- }
-
- setvbuf(in, NULL, _IONBF, 0);
-
- /* Turn echoing off if it is on now. */
-
- if (tcgetattr (fileno (in), &t) == 0) {
- if (ECHO_IS_ON(t)) {
- TURN_ECHO_OFF(t);
- echo_off = tcsetattr (fileno (in), TCSAFLUSH, &t) == 0;
- TURN_ECHO_ON(t);
- } else {
- echo_off = 0;
- }
- } else {
- echo_off = 0;
- }
-
- /* Write the prompt. */
- fputs(prompt, out);
- fflush(out);
-
- /* Read the password. */
- buf[0] = 0;
- if (!gotintr) {
- in_fd = fileno(in);
- fgets(buf, bufsize, in);
- }
- nread = strlen(buf);
- if (buf[nread - 1] == '\n')
- buf[nread - 1] = '\0';
-
- /* Restore echoing. */
- if (echo_off) {
- if (gotintr && in_fd == -1)
- in = fopen ("/dev/tty", "w+");
- if (in != NULL)
- tcsetattr (fileno (in), TCSANOW, &t);
- }
-
- if (in != stdin) /* We opened the terminal; now close it. */
- fclose(in);
-
- /* Catch problematic signals */
- CatchSignal(SIGINT, SIGNAL_CAST SIG_DFL);
-
- printf("\n");
-
- if (gotintr) {
- printf("Interupted by signal.\n");
- fflush(stdout);
- exit(1);
+ FILE *in, *out;
+ int echo_off;
+ static char buf[256];
+ static size_t bufsize = sizeof(buf);
+ size_t nread;
+
+ /* Catch problematic signals */
+ CatchSignal(SIGINT, SIGNAL_CAST SIG_IGN);
+
+ /* Try to write to and read from the terminal if we can.
+ If we can't open the terminal, use stderr and stdin. */
+
+ in = fopen ("/dev/tty", "w+");
+ if (in == NULL)
+ {
+ in = stdin;
+ out = stderr;
+ }
+ else
+ out = in;
+
+ setvbuf(in, NULL, _IONBF, 0);
+
+ /* Turn echoing off if it is on now. */
+
+ if (tcgetattr (fileno (in), &t) == 0)
+ {
+ if (ECHO_IS_ON(t))
+ {
+ TURN_ECHO_OFF(t);
+ echo_off = tcsetattr (fileno (in), TCSAFLUSH, &t) == 0;
+ TURN_ECHO_ON(t);
}
- return buf;
+ else
+ echo_off = 0;
+ }
+ else
+ echo_off = 0;
+
+ /* Write the prompt. */
+ fputs (prompt, out);
+ fflush (out);
+
+ /* Read the password. */
+ buf[0] = 0;
+ fgets(buf, bufsize, in);
+ nread = strlen(buf);
+ if (buf[nread - 1] == '\n')
+ buf[nread - 1] = '\0';
+
+ /* Restore echoing. */
+ if (echo_off)
+ (void) tcsetattr (fileno (in), TCSANOW, &t);
+
+ if (in != stdin)
+ /* We opened the terminal; now close it. */
+ fclose (in);
+
+ /* Catch problematic signals */
+ CatchSignal(SIGINT, SIGNAL_CAST SIG_DFL);
+
+ printf("\n");
+ return buf;
}
#else
diff --git a/source/lib/iconv.c b/source/lib/iconv.c
index 0326ca70611..3d26d7e17c9 100644
--- a/source/lib/iconv.c
+++ b/source/lib/iconv.c
@@ -136,7 +136,7 @@ static size_t sys_iconv(void *cd,
* enough that Samba works on systems that don't have iconv.
**/
size_t smb_iconv(smb_iconv_t cd,
- char **inbuf, size_t *inbytesleft,
+ const char **inbuf, size_t *inbytesleft,
char **outbuf, size_t *outbytesleft)
{
char cvtbuf[2048];
diff --git a/source/lib/module.c b/source/lib/module.c
index 38fcf0f3297..941a6cfbe39 100644
--- a/source/lib/module.c
+++ b/source/lib/module.c
@@ -210,21 +210,18 @@ void smb_run_idle_events(time_t now)
struct smb_idle_list_ent *event = smb_idle_event_list;
while (event) {
- struct smb_idle_list_ent *next = event->next;
time_t interval;
- if (event->interval <= 0) {
- interval = SMB_IDLE_EVENT_DEFAULT_INTERVAL;
- } else if (event->interval >= SMB_IDLE_EVENT_MIN_INTERVAL) {
+ if (event->interval >= SMB_IDLE_EVENT_MIN_INTERVAL) {
interval = event->interval;
} else {
interval = SMB_IDLE_EVENT_MIN_INTERVAL;
}
if (now >(event->lastrun+interval)) {
- event->lastrun = now;
event->fn(&event->data,&event->interval,now);
+ event->lastrun = now;
}
- event = next;
+ event = event->next;
}
return;
diff --git a/source/lib/sysquotas.c b/source/lib/sysquotas.c
index 3223ecb580b..617f624daea 100644
--- a/source/lib/sysquotas.c
+++ b/source/lib/sysquotas.c
@@ -19,6 +19,8 @@
*/
+#ifndef AUTOCONF_TEST
+
#include "includes.h"
#ifdef HAVE_SYS_QUOTAS
@@ -740,7 +742,7 @@ static int command_get_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t
if (lines) {
char *line = lines[0];
- DEBUG (3, ("Read output from get_quota, \"%s\"\n", line));
+ DEBUG (3, ("Read output from get_quota, \"r%s\"\n", line));
/* we need to deal with long long unsigned here, if supported */
@@ -1009,3 +1011,99 @@ int sys_set_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DI
}
#endif /* HAVE_SYS_QUOTAS */
+#else /* ! AUTOCONF_TEST */
+/* this is the autoconf driver to test witch quota system we should use */
+
+#if defined(HAVE_QUOTACTL_4A)
+/* long quotactl(int cmd, char *special, qid_t id, caddr_t addr) */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_ASM_TYPES_H
+#include <asm/types.h>
+#endif
+
+#if defined(HAVE_LINUX_QUOTA_H)
+# include <linux/quota.h>
+# if defined(HAVE_STRUCT_IF_DQBLK)
+# define SYS_DQBLK if_dqblk
+# elif defined(HAVE_STRUCT_MEM_DQBLK)
+# define SYS_DQBLK mem_dqblk
+# endif
+#elif defined(HAVE_SYS_QUOTA_H)
+# include <sys/quota.h>
+#endif
+
+#ifndef SYS_DQBLK
+#define SYS_DQBLK dqblk
+#endif
+
+ int autoconf_quota(void)
+{
+ int ret = -1;
+ struct SYS_DQBLK D;
+
+ ret = quotactl(Q_GETQUOTA,"/dev/hda1",0,(void *)&D);
+
+ return ret;
+}
+
+#elif defined(HAVE_QUOTACTL_4B)
+/* int quotactl(const char *path, int cmd, int id, char *addr); */
+
+#ifdef HAVE_SYS_QUOTA_H
+#include <sys/quota.h>
+#else /* *BSD */
+#include <sys/types.h>
+#include <ufs/ufs/quota.h>
+#include <machine/param.h>
+#endif
+
+ int autoconf_quota(void)
+{
+ int ret = -1;
+ struct dqblk D;
+
+ ret = quotactl("/",Q_GETQUOTA,0,(char *) &D);
+
+ return ret;
+}
+
+#elif defined(HAVE_QUOTACTL_3)
+/* int quotactl (char *spec, int request, char *arg); */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_QUOTA_H
+#include <sys/quota.h>
+#endif
+
+ int autoconf_quota(void)
+{
+ int ret = -1;
+ struct q_request request;
+
+ ret = quotactl("/", Q_GETQUOTA, &request);
+
+ return ret;
+}
+
+#elif defined(HAVE_QUOTACTL_2)
+
+#error HAVE_QUOTACTL_2 not implemented
+
+#else
+
+#error Unknow QUOTACTL prototype
+
+#endif
+
+ int main(void)
+{
+ autoconf_quota();
+ return 0;
+}
+#endif /* AUTOCONF_TEST */
diff --git a/source/lib/system.c b/source/lib/system.c
index 2e95efec79b..b020a203730 100644
--- a/source/lib/system.c
+++ b/source/lib/system.c
@@ -693,6 +693,7 @@ int sys_getgroups(int setlen, gid_t *gidset)
#endif /* HAVE_BROKEN_GETGROUPS */
}
+#ifdef HAVE_SETGROUPS
/**************************************************************************
Wrapper for setgroups. Deals with broken (int) case. Automatically used
@@ -701,11 +702,6 @@ int sys_getgroups(int setlen, gid_t *gidset)
int sys_setgroups(int setlen, gid_t *gidset)
{
-#if !defined(HAVE_SETGROUPS)
- errno = ENOSYS;
- return -1;
-#endif /* HAVE_SETGROUPS */
-
#if !defined(HAVE_BROKEN_GETGROUPS)
return setgroups(setlen, gidset);
#else
@@ -746,6 +742,8 @@ int sys_setgroups(int setlen, gid_t *gidset)
#endif /* HAVE_BROKEN_GETGROUPS */
}
+#endif /* HAVE_SETGROUPS */
+
/**************************************************************************
Wrappers for setpwent(), getpwent() and endpwent()
****************************************************************************/
diff --git a/source/lib/system_smbd.c b/source/lib/system_smbd.c
index 73c910e631d..bcbc8c61e64 100644
--- a/source/lib/system_smbd.c
+++ b/source/lib/system_smbd.c
@@ -92,7 +92,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in
restore_re_gid();
- if (sys_setgroups(ngrp_saved, gids_saved) != 0) {
+ if (setgroups(ngrp_saved, gids_saved) != 0) {
/* yikes! */
DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n"));
smb_panic("getgrouplist: failed to reset group list!\n");
diff --git a/source/lib/talloc.c b/source/lib/talloc.c
index 485dc28f31d..b6c8b2efdf0 100644
--- a/source/lib/talloc.c
+++ b/source/lib/talloc.c
@@ -54,6 +54,27 @@
#include "includes.h"
+struct talloc_chunk {
+ struct talloc_chunk *next;
+ size_t size;
+ void *ptr;
+};
+
+
+struct talloc_ctx {
+ struct talloc_chunk *list;
+ size_t total_alloc_size;
+
+ /** The name recorded for this pool, if any. Should describe
+ * the purpose for which it was allocated. The string is
+ * allocated within the pool. **/
+ char *name;
+
+ /** Pointer to the next allocate talloc pool, so that we can
+ * summarize all talloc memory usage. **/
+ struct talloc_ctx *next_ctx;
+};
+
/**
* Start of linked list of all talloc pools.
diff --git a/source/lib/util_seaccess.c b/source/lib/util_seaccess.c
index cb0f46e2f9d..eba8cab7fb8 100644
--- a/source/lib/util_seaccess.c
+++ b/source/lib/util_seaccess.c
@@ -23,6 +23,22 @@
extern DOM_SID global_sid_Builtin;
+/**********************************************************************************
+ Check if this ACE has a SID in common with the token.
+**********************************************************************************/
+
+static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
+{
+ size_t i;
+
+ for (i = 0; i < token->num_sids; i++) {
+ if (sid_equal(&ace->trustee, &token->user_sids[i]))
+ return True;
+ }
+
+ return False;
+}
+
/*********************************************************************************
Check an ACE against a SID. We return the remaining needed permission
bits not yet granted. Zero means permission allowed (no more needed bits).
@@ -316,6 +332,119 @@ BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token,
return False;
}
+/* Create a child security descriptor using another security descriptor as
+ the parent container. This child object can either be a container or
+ non-container object. */
+
+SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
+ BOOL child_container)
+{
+ SEC_DESC_BUF *sdb;
+ SEC_DESC *sd;
+ SEC_ACL *new_dacl, *the_acl;
+ SEC_ACE *new_ace_list = NULL;
+ unsigned int new_ace_list_ndx = 0, i;
+ size_t size;
+
+ /* Currently we only process the dacl when creating the child. The
+ sacl should also be processed but this is left out as sacls are
+ not implemented in Samba at the moment.*/
+
+ the_acl = parent_ctr->dacl;
+
+ if (!(new_ace_list = talloc(ctx, sizeof(SEC_ACE) * the_acl->num_aces)))
+ return NULL;
+
+ for (i = 0; the_acl && i < the_acl->num_aces; i++) {
+ SEC_ACE *ace = &the_acl->ace[i];
+ SEC_ACE *new_ace = &new_ace_list[new_ace_list_ndx];
+ uint8 new_flags = 0;
+ BOOL inherit = False;
+ fstring sid_str;
+
+ /* The OBJECT_INHERIT_ACE flag causes the ACE to be
+ inherited by non-container children objects. Container
+ children objects will inherit it as an INHERIT_ONLY
+ ACE. */
+
+ if (ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) {
+
+ if (!child_container) {
+ new_flags |= SEC_ACE_FLAG_OBJECT_INHERIT;
+ } else {
+ new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;
+ }
+
+ inherit = True;
+ }
+
+ /* The CONAINER_INHERIT_ACE flag means all child container
+ objects will inherit and use the ACE. */
+
+ if (ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) {
+ if (!child_container) {
+ inherit = False;
+ } else {
+ new_flags |= SEC_ACE_FLAG_CONTAINER_INHERIT;
+ }
+ }
+
+ /* The INHERIT_ONLY_ACE is not used by the se_access_check()
+ function for the parent container, but is inherited by
+ all child objects as a normal ACE. */
+
+ if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+ /* Move along, nothing to see here */
+ }
+
+ /* The SEC_ACE_FLAG_NO_PROPAGATE_INHERIT flag means the ACE
+ is inherited by child objects but not grandchildren
+ objects. We clear the object inherit and container
+ inherit flags in the inherited ACE. */
+
+ if (ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
+ new_flags &= ~(SEC_ACE_FLAG_OBJECT_INHERIT |
+ SEC_ACE_FLAG_CONTAINER_INHERIT);
+ }
+
+ /* Add ACE to ACE list */
+
+ if (!inherit)
+ continue;
+
+ init_sec_access(&new_ace->info, ace->info.mask);
+ init_sec_ace(new_ace, &ace->trustee, ace->type,
+ new_ace->info, new_flags);
+
+ sid_to_string(sid_str, &ace->trustee);
+
+ DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
+ " inherited as %s:%d/0x%02x/0x%08x\n", sid_str,
+ ace->type, ace->flags, ace->info.mask,
+ sid_str, new_ace->type, new_ace->flags,
+ new_ace->info.mask));
+
+ new_ace_list_ndx++;
+ }
+
+ /* Create child security descriptor to return */
+
+ new_dacl = make_sec_acl(ctx, ACL_REVISION, new_ace_list_ndx, new_ace_list);
+
+ /* Use the existing user and group sids. I don't think this is
+ correct. Perhaps the user and group should be passed in as
+ parameters by the caller? */
+
+ sd = make_sec_desc(ctx, SEC_DESC_REVISION,
+ parent_ctr->owner_sid,
+ parent_ctr->grp_sid,
+ parent_ctr->sacl,
+ new_dacl, &size);
+
+ sdb = make_sec_desc_buf(ctx, size, sd);
+
+ return sdb;
+}
/*******************************************************************
samr_make_sam_obj_sd
@@ -350,7 +479,7 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index 50bbb4c72c6..fbb393770d5 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -638,7 +638,7 @@ void print_guid(GUID *guid)
Tallocs a duplicate SID.
********************************************************************/
-DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, const DOM_SID *src)
+DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, DOM_SID *src)
{
DOM_SID *dst;
diff --git a/source/lib/util_unistr.c b/source/lib/util_unistr.c
index e90a824395c..e7c200218e2 100644
--- a/source/lib/util_unistr.c
+++ b/source/lib/util_unistr.c
@@ -819,25 +819,22 @@ UNISTR2* ucs2_to_unistr2(TALLOC_CTX *ctx, UNISTR2* dst, smb_ucs2_t* src)
{
size_t len;
- if (!src)
- return NULL;
+ if (!src) return NULL;
len = strlen_w(src);
/* allocate UNISTR2 destination if not given */
if (!dst) {
dst = (UNISTR2*) talloc(ctx, sizeof(UNISTR2));
- if (!dst)
- return NULL;
+ if (!dst) return NULL;
}
if (!dst->buffer) {
dst->buffer = (uint16*) talloc(ctx, sizeof(uint16) * (len + 1));
- if (!dst->buffer)
- return NULL;
+ if (!dst->buffer) return NULL;
}
/* set UNISTR2 parameters */
dst->uni_max_len = len + 1;
- dst->offset = 0;
+ dst->undoc = 0;
dst->uni_str_len = len;
/* copy the actual unicode string */
@@ -845,3 +842,4 @@ UNISTR2* ucs2_to_unistr2(TALLOC_CTX *ctx, UNISTR2* dst, smb_ucs2_t* src)
return dst;
}
+
diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index 8c3185ea5e3..48401cc3d80 100644
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -1787,8 +1787,7 @@ ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn)
void *res;
status = ads_do_search_retry(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
- if (!ADS_ERR_OK(status))
- return status;
+ if (!ADS_ERR_OK(status)) return status;
if (ads_count_replies(ads, res) != 1) {
return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
diff --git a/source/libads/ldap_utils.c b/source/libads/ldap_utils.c
index 4142bceabca..1fa9ebfc975 100644
--- a/source/libads/ldap_utils.c
+++ b/source/libads/ldap_utils.c
@@ -54,20 +54,15 @@ ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope
return status;
}
- if (*res)
- ads_msgfree(ads, *res);
+ if (*res) ads_msgfree(ads, *res);
*res = NULL;
-
DEBUG(3,("Reopening ads connection to realm '%s' after error %s\n",
ads->config.realm, ads_errstr(status)));
-
if (ads->ld) {
ldap_unbind(ads->ld);
}
-
ads->ld = NULL;
status = ads_connect(ads);
-
if (!ADS_ERR_OK(status)) {
DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
ads_errstr(status)));
diff --git a/source/libsmb/errormap.c b/source/libsmb/errormap.c
index 4d9a717e1c0..3d99e3d5e52 100644
--- a/source/libsmb/errormap.c
+++ b/source/libsmb/errormap.c
@@ -1490,7 +1490,7 @@ const struct unix_error_map unix_dos_nt_errmap[] = {
{ EPERM, ERRDOS, ERRnoaccess, NT_STATUS_ACCESS_DENIED },
{ EACCES, ERRDOS, ERRnoaccess, NT_STATUS_ACCESS_DENIED },
{ ENOENT, ERRDOS, ERRbadfile, NT_STATUS_OBJECT_NAME_NOT_FOUND },
- { ENOTDIR, ERRDOS, ERRbadpath, NT_STATUS_NOT_A_DIRECTORY },
+ { ENOTDIR, ERRDOS, ERRbadpath, NT_STATUS_OBJECT_PATH_NOT_FOUND },
{ EIO, ERRHRD, ERRgeneral, NT_STATUS_IO_DEVICE_ERROR },
{ EBADF, ERRSRV, ERRsrverror, NT_STATUS_INVALID_HANDLE },
{ EINVAL, ERRSRV, ERRsrverror, NT_STATUS_INVALID_HANDLE },
diff --git a/source/locking/brlock.c b/source/locking/brlock.c
index c51a5a2aac9..20d76c9c792 100644
--- a/source/locking/brlock.c
+++ b/source/locking/brlock.c
@@ -172,8 +172,7 @@ static BOOL brl_conflict_other(struct lock_struct *lck1, struct lock_struct *lck
}
if (lck1->start >= (lck2->start + lck2->size) ||
- lck2->start >= (lck1->start + lck1->size))
- return False;
+ lck2->start >= (lck1->start + lck1->size)) return False;
return True;
}
@@ -306,7 +305,7 @@ static int lock_compare(struct lock_struct *lck1,
NTSTATUS brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
uint16 smbpid, pid_t pid, uint16 tid,
br_off start, br_off size,
- enum brl_type lock_type, BOOL *my_lock_ctx)
+ enum brl_type lock_type)
{
TDB_DATA kbuf, dbuf;
int count, i;
@@ -316,7 +315,6 @@ NTSTATUS brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
static int last_failed = -1;
static br_off last_failed_start;
- *my_lock_ctx = False;
kbuf = locking_key(dev,ino);
dbuf.dptr = NULL;
@@ -345,9 +343,6 @@ NTSTATUS brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
for (i=0; i<count; i++) {
if (brl_conflict(&locks[i], &lock)) {
status = NT_STATUS_LOCK_NOT_GRANTED;
- /* Did we block ourselves ? */
- if (brl_same_context(&locks[i].context, &lock.context))
- *my_lock_ctx = True;
goto fail;
}
#if ZERO_ZERO
diff --git a/source/locking/locking.c b/source/locking/locking.c
index c3abd638182..4475f1446f9 100644
--- a/source/locking/locking.c
+++ b/source/locking/locking.c
@@ -98,7 +98,7 @@ BOOL is_locked(files_struct *fsp,connection_struct *conn,
****************************************************************************/
static NTSTATUS do_lock(files_struct *fsp,connection_struct *conn, uint16 lock_pid,
- SMB_BIG_UINT count,SMB_BIG_UINT offset,enum brl_type lock_type, BOOL *my_lock_ctx)
+ SMB_BIG_UINT count,SMB_BIG_UINT offset,enum brl_type lock_type)
{
NTSTATUS status = NT_STATUS_LOCK_NOT_GRANTED;
@@ -114,7 +114,7 @@ static NTSTATUS do_lock(files_struct *fsp,connection_struct *conn, uint16 lock_p
status = brl_lock(fsp->dev, fsp->inode, fsp->fnum,
lock_pid, sys_getpid(), conn->cnum,
offset, count,
- lock_type, my_lock_ctx);
+ lock_type);
if (NT_STATUS_IS_OK(status) && lp_posix_locking(SNUM(conn))) {
@@ -153,7 +153,7 @@ static NTSTATUS do_lock(files_struct *fsp,connection_struct *conn, uint16 lock_p
****************************************************************************/
NTSTATUS do_lock_spin(files_struct *fsp,connection_struct *conn, uint16 lock_pid,
- SMB_BIG_UINT count,SMB_BIG_UINT offset,enum brl_type lock_type, BOOL *my_lock_ctx)
+ SMB_BIG_UINT count,SMB_BIG_UINT offset,enum brl_type lock_type)
{
int j, maxj = lp_lock_spin_count();
int sleeptime = lp_lock_sleep_time();
@@ -165,7 +165,7 @@ NTSTATUS do_lock_spin(files_struct *fsp,connection_struct *conn, uint16 lock_pid
ret = NT_STATUS_OK; /* to keep dumb compilers happy */
for (j = 0; j < maxj; j++) {
- status = do_lock(fsp, conn, lock_pid, count, offset, lock_type, my_lock_ctx);
+ status = do_lock(fsp, conn, lock_pid, count, offset, lock_type);
if (!NT_STATUS_EQUAL(status, NT_STATUS_LOCK_NOT_GRANTED) &&
!NT_STATUS_EQUAL(status, NT_STATUS_FILE_LOCK_CONFLICT)) {
return status;
@@ -173,9 +173,6 @@ NTSTATUS do_lock_spin(files_struct *fsp,connection_struct *conn, uint16 lock_pid
/* if we do fail then return the first error code we got */
if (j == 0) {
ret = status;
- /* Don't spin if we blocked ourselves. */
- if (*my_lock_ctx)
- return ret;
}
if (sleeptime)
sys_usleep(sleeptime);
@@ -422,10 +419,10 @@ int get_share_modes(connection_struct *conn,
struct locking_data *data;
int num_share_modes;
share_mode_entry *shares = NULL;
- TDB_DATA key = locking_key(dev, inode);
+
*pp_shares = NULL;
- dbuf = tdb_fetch(tdb, key);
+ dbuf = tdb_fetch(tdb, locking_key(dev, inode));
if (!dbuf.dptr)
return 0;
@@ -472,7 +469,7 @@ int get_share_modes(connection_struct *conn,
/* The record has shrunk a bit */
dbuf.dsize -= del_count * sizeof(share_mode_entry);
- if (tdb_store(tdb, key, dbuf, TDB_REPLACE) == -1) {
+ if (tdb_store(tdb, locking_key(dev, inode), dbuf, TDB_REPLACE) == -1) {
SAFE_FREE(shares);
SAFE_FREE(dbuf.dptr);
return 0;
@@ -547,13 +544,12 @@ ssize_t del_share_entry( SMB_DEV_T dev, SMB_INO_T inode,
int i, del_count=0;
share_mode_entry *shares;
ssize_t count = 0;
- TDB_DATA key = locking_key(dev, inode);
if (ppse)
*ppse = NULL;
/* read in the existing share modes */
- dbuf = tdb_fetch(tdb, key);
+ dbuf = tdb_fetch(tdb, locking_key(dev, inode));
if (!dbuf.dptr)
return -1;
@@ -594,10 +590,10 @@ ssize_t del_share_entry( SMB_DEV_T dev, SMB_INO_T inode,
/* store it back in the database */
if (data->u.num_share_mode_entries == 0) {
- if (tdb_delete(tdb, key) == -1)
+ if (tdb_delete(tdb, locking_key(dev, inode)) == -1)
count = -1;
} else {
- if (tdb_store(tdb, key, dbuf, TDB_REPLACE) == -1)
+ if (tdb_store(tdb, locking_key(dev, inode), dbuf, TDB_REPLACE) == -1)
count = -1;
}
}
@@ -634,11 +630,10 @@ BOOL set_share_mode(files_struct *fsp, uint16 port, uint16 op_type)
struct locking_data *data;
char *p=NULL;
int size;
- TDB_DATA key = locking_key_fsp(fsp);
BOOL ret = True;
/* read in the existing share modes if any */
- dbuf = tdb_fetch(tdb, key);
+ dbuf = tdb_fetch(tdb, locking_key_fsp(fsp));
if (!dbuf.dptr) {
size_t offset;
/* we'll need to create a new record */
@@ -663,7 +658,7 @@ BOOL set_share_mode(files_struct *fsp, uint16 port, uint16 op_type)
fill_share_mode(p + sizeof(*data), fsp, port, op_type);
dbuf.dptr = p;
dbuf.dsize = size;
- if (tdb_store(tdb, key, dbuf, TDB_REPLACE) == -1)
+ if (tdb_store(tdb, locking_key_fsp(fsp), dbuf, TDB_REPLACE) == -1)
ret = False;
print_share_mode_table((struct locking_data *)p);
@@ -693,7 +688,7 @@ BOOL set_share_mode(files_struct *fsp, uint16 port, uint16 op_type)
SAFE_FREE(dbuf.dptr);
dbuf.dptr = p;
dbuf.dsize = size;
- if (tdb_store(tdb, key, dbuf, TDB_REPLACE) == -1)
+ if (tdb_store(tdb, locking_key_fsp(fsp), dbuf, TDB_REPLACE) == -1)
ret = False;
print_share_mode_table((struct locking_data *)p);
SAFE_FREE(p);
@@ -714,10 +709,9 @@ static BOOL mod_share_mode( SMB_DEV_T dev, SMB_INO_T inode, share_mode_entry *en
share_mode_entry *shares;
BOOL need_store=False;
BOOL ret = True;
- TDB_DATA key = locking_key(dev, inode);
/* read in the existing share modes */
- dbuf = tdb_fetch(tdb, key);
+ dbuf = tdb_fetch(tdb, locking_key(dev, inode));
if (!dbuf.dptr)
return False;
@@ -735,10 +729,10 @@ static BOOL mod_share_mode( SMB_DEV_T dev, SMB_INO_T inode, share_mode_entry *en
/* if the mod fn was called then store it back */
if (need_store) {
if (data->u.num_share_mode_entries == 0) {
- if (tdb_delete(tdb, key) == -1)
+ if (tdb_delete(tdb, locking_key(dev, inode)) == -1)
ret = False;
} else {
- if (tdb_store(tdb, key, dbuf, TDB_REPLACE) == -1)
+ if (tdb_store(tdb, locking_key(dev, inode), dbuf, TDB_REPLACE) == -1)
ret = False;
}
}
@@ -814,10 +808,9 @@ BOOL modify_delete_flag( SMB_DEV_T dev, SMB_INO_T inode, BOOL delete_on_close)
struct locking_data *data;
int i;
share_mode_entry *shares;
- TDB_DATA key = locking_key(dev, inode);
/* read in the existing share modes */
- dbuf = tdb_fetch(tdb, key);
+ dbuf = tdb_fetch(tdb, locking_key(dev, inode));
if (!dbuf.dptr)
return False;
@@ -833,7 +826,7 @@ BOOL modify_delete_flag( SMB_DEV_T dev, SMB_INO_T inode, BOOL delete_on_close)
/* store it back */
if (data->u.num_share_mode_entries) {
- if (tdb_store(tdb, key, dbuf, TDB_REPLACE)==-1) {
+ if (tdb_store(tdb, locking_key(dev,inode), dbuf, TDB_REPLACE)==-1) {
SAFE_FREE(dbuf.dptr);
return False;
}
diff --git a/source/modules/developer.c b/source/modules/developer.c
deleted file mode 100644
index 7ffc3ff50d2..00000000000
--- a/source/modules/developer.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Samba module with developer tools
- Copyright (C) Andrew Tridgell 2001
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-static struct {
- char from;
- char *to;
- int len;
-} weird_table[] = {
- {'q', "^q^", 3},
- {'Q', "^Q^", 3},
- {0, NULL}
-};
-
-static size_t weird_pull(void *cd, char **inbuf, size_t *inbytesleft,
- char **outbuf, size_t *outbytesleft)
-{
- while (*inbytesleft >= 1 && *outbytesleft >= 2) {
- int i;
- int done = 0;
- for (i=0;weird_table[i].from;i++) {
- if (strncmp((*inbuf),
- weird_table[i].to,
- weird_table[i].len) == 0) {
- if (*inbytesleft < weird_table[i].len) {
- DEBUG(0,("ERROR: truncated weird string\n"));
- /* smb_panic("weird_pull"); */
-
- } else {
- (*outbuf)[0] = weird_table[i].from;
- (*outbuf)[1] = 0;
- (*inbytesleft) -= weird_table[i].len;
- (*outbytesleft) -= 2;
- (*inbuf) += weird_table[i].len;
- (*outbuf) += 2;
- done = 1;
- break;
- }
- }
- }
- if (done) continue;
- (*outbuf)[0] = (*inbuf)[0];
- (*outbuf)[1] = 0;
- (*inbytesleft) -= 1;
- (*outbytesleft) -= 2;
- (*inbuf) += 1;
- (*outbuf) += 2;
- }
-
- if (*inbytesleft > 0) {
- errno = E2BIG;
- return -1;
- }
-
- return 0;
-}
-
-static size_t weird_push(void *cd, char **inbuf, size_t *inbytesleft,
- char **outbuf, size_t *outbytesleft)
-{
- int ir_count=0;
-
- while (*inbytesleft >= 2 && *outbytesleft >= 1) {
- int i;
- int done=0;
- for (i=0;weird_table[i].from;i++) {
- if ((*inbuf)[0] == weird_table[i].from &&
- (*inbuf)[1] == 0) {
- if (*outbytesleft < weird_table[i].len) {
- DEBUG(0,("No room for weird character\n"));
- /* smb_panic("weird_push"); */
- } else {
- memcpy(*outbuf, weird_table[i].to,
- weird_table[i].len);
- (*inbytesleft) -= 2;
- (*outbytesleft) -= weird_table[i].len;
- (*inbuf) += 2;
- (*outbuf) += weird_table[i].len;
- done = 1;
- break;
- }
- }
- }
- if (done) continue;
-
- (*outbuf)[0] = (*inbuf)[0];
- if ((*inbuf)[1]) ir_count++;
- (*inbytesleft) -= 2;
- (*outbytesleft) -= 1;
- (*inbuf) += 2;
- (*outbuf) += 1;
- }
-
- if (*inbytesleft == 1) {
- errno = EINVAL;
- return -1;
- }
-
- if (*inbytesleft > 1) {
- errno = E2BIG;
- return -1;
- }
-
- return ir_count;
-}
-
-struct charset_functions weird_functions = {"WEIRD", weird_pull, weird_push};
-
-int charset_weird_init(void)
-{
- smb_register_charset(&weird_functions);
- return True;
-}
diff --git a/source/modules/vfs_recycle.c b/source/modules/vfs_recycle.c
index 9b31f6afb95..b1b2ac03538 100644
--- a/source/modules/vfs_recycle.c
+++ b/source/modules/vfs_recycle.c
@@ -213,7 +213,7 @@ static BOOL recycle_create_dir(vfs_handle_struct *handle, const char *dname)
char *tok_str;
BOOL ret = False;
- mode = S_IRUSR | S_IWUSR | S_IXUSR;
+ mode = S_IREAD | S_IWRITE | S_IEXEC;
tmp_str = strdup(dname);
ALLOC_CHECK(tmp_str, done);
diff --git a/source/nmbd/nmbd_winsserver.c b/source/nmbd/nmbd_winsserver.c
index 36940724207..484588c6626 100644
--- a/source/nmbd/nmbd_winsserver.c
+++ b/source/nmbd/nmbd_winsserver.c
@@ -107,7 +107,7 @@ static void wins_hook(const char *operation, struct name_record *namerec, int tt
{
pstring command;
char *cmd = lp_wins_hook();
- char *p, *namestr;
+ char *p;
int i;
if (!cmd || !*cmd) return;
@@ -119,17 +119,11 @@ static void wins_hook(const char *operation, struct name_record *namerec, int tt
}
}
- /* Use the name without the nametype (and scope) appended */
-
- namestr = nmb_namestr(&namerec->name);
- if ((p = strchr(namestr, '<')))
- *p = 0;
-
p = command;
p += slprintf(p, sizeof(command)-1, "%s %s %s %02x %d",
cmd,
operation,
- namestr,
+ nmb_namestr(&namerec->name),
namerec->name.name_type,
ttl);
diff --git a/source/nsswitch/winbindd_ads.c b/source/nsswitch/winbindd_ads.c
index ef3f0f8fc20..c64359a2241 100644
--- a/source/nsswitch/winbindd_ads.c
+++ b/source/nsswitch/winbindd_ads.c
@@ -787,13 +787,9 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
}
rc = ads_USN(ads, seq);
-
if (!ADS_ERR_OK(rc)) {
-
- /* its a dead connection ; don't destroy it
- through since ads_USN() has already done
- that indirectly */
-
+ /* its a dead connection */
+ ads_destroy(&ads);
domain->private = NULL;
}
return ads_ntstatus(rc);
@@ -914,11 +910,8 @@ static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
rc = ads_domain_sid(ads, sid);
if (!ADS_ERR_OK(rc)) {
-
- /* its a dead connection; don't destroy it though
- since that has already been done indirectly
- by ads_domain_sid() */
-
+ /* its a dead connection */
+ ads_destroy(&ads);
domain->private = NULL;
}
diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c
index d696428de4c..ea2868b2cf9 100644
--- a/source/nsswitch/winbindd_pam.c
+++ b/source/nsswitch/winbindd_pam.c
@@ -65,7 +65,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
time_t last_change_time;
uint32 sec_channel_type;
NET_USER_INFO_3 info3;
- struct cli_state *cli = NULL;
+ struct cli_state *cli;
uchar chal[8];
TALLOC_CTX *mem_ctx = NULL;
DATA_BLOB lm_resp;
@@ -128,6 +128,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
do {
ZERO_STRUCT(info3);
ZERO_STRUCT(ret_creds);
+ cli = NULL;
retry = False;
/* Don't shut this down - it belongs to the connection cache code */
@@ -147,17 +148,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
&info3);
attempts += 1;
- /* We have to try a second time as cm_get_netlogon_cli
- might not yet have noticed that the DC has killed
- our connection. */
-
- if ( cli->fd == -1 ) {
- retry = True;
- continue;
- }
-
/* if we get access denied, a possible cuase was that we had and open
- connection to the DC, but someone changed our machine account password
+ connection to the DC, but someone changed our machine accoutn password
out from underneath us using 'net rpc changetrustpw' */
if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) ) {
@@ -166,9 +158,12 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
name_domain));
winbindd_cm_flush();
retry = True;
- cli = NULL;
}
+ /* We have to try a second time as cm_get_netlogon_cli
+ might not yet have noticed that the DC has killed
+ our connection. */
+
} while ( (attempts < 2) && retry );
clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &ret_creds);
@@ -211,7 +206,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
time_t last_change_time;
uint32 sec_channel_type;
NET_USER_INFO_3 info3;
- struct cli_state *cli = NULL;
+ struct cli_state *cli;
TALLOC_CTX *mem_ctx = NULL;
char *user = NULL;
const char *domain = NULL;
@@ -306,6 +301,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
do {
ZERO_STRUCT(info3);
ZERO_STRUCT(ret_creds);
+ cli = NULL;
retry = False;
/* Don't shut this down - it belongs to the connection cache code */
@@ -327,17 +323,8 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
attempts += 1;
- /* We have to try a second time as cm_get_netlogon_cli
- might not yet have noticed that the DC has killed
- our connection. */
-
- if ( cli->fd == -1 ) {
- retry = True;
- continue;
- }
-
- /* if we get access denied, a possible cause was that we had and open
- connection to the DC, but someone changed our machine account password
+ /* if we get access denied, a possible cuase was that we had and open
+ connection to the DC, but someone changed our machine accoutn password
out from underneath us using 'net rpc changetrustpw' */
if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) ) {
@@ -346,9 +333,12 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
domain));
winbindd_cm_flush();
retry = True;
- cli = NULL;
}
+ /* We have to try a second time as cm_get_netlogon_cli
+ might not yet have noticed that the DC has killed
+ our connection. */
+
} while ( (attempts < 2) && retry );
clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &ret_creds);
diff --git a/source/nsswitch/winbindd_passdb.c b/source/nsswitch/winbindd_passdb.c
deleted file mode 100644
index 503b97899c4..00000000000
--- a/source/nsswitch/winbindd_passdb.c
+++ /dev/null
@@ -1,360 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Winbind rpc backend functions
-
- Copyright (C) Tim Potter 2000-2001,2003
- Copyright (C) Simo Sorce 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "winbindd.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_WINBIND
-
-
-/* Query display info for a domain. This returns enough information plus a
- bit extra to give an overview of domain users for the User Manager
- application. */
-static NTSTATUS query_user_list(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 *num_entries,
- WINBIND_USERINFO **info)
-{
- SAM_ACCOUNT *sam_account = NULL;
- NTSTATUS result;
- uint32 i;
-
- DEBUG(3,("pdb: query_user_list\n"));
-
- if (NT_STATUS_IS_ERR(result = pdb_init_sam(&sam_account))) {
- return result;
- }
-
- i = 0;
- *info = NULL;
-
- if (pdb_setsampwent(False)) {
-
- while (pdb_getsampwent(sam_account)) {
-
- /* we return only nua accounts, or we will have duplicates */
- if (!idmap_check_sid_is_in_free_range(pdb_get_user_sid(sam_account))) {
- continue;
- }
-
- *info = talloc_realloc(mem_ctx, *info, (i + 1) * sizeof(WINBIND_USERINFO));
- if (!(*info)) {
- DEBUG(0,("query_user_list: out of memory!\n"));
- result = NT_STATUS_NO_MEMORY;
- break;
- }
-
- (*info)[i].user_sid = talloc(mem_ctx, sizeof(DOM_SID));
- (*info)[i].group_sid = talloc(mem_ctx, sizeof(DOM_SID));
- if (!((*info)[i].user_sid) || !((*info)[i].group_sid)) {
- DEBUG(0,("query_user_list: out of memory!\n"));
- result = NT_STATUS_NO_MEMORY;
- break;
- }
- sid_copy((*info)[i].user_sid, pdb_get_user_sid(sam_account));
- sid_copy((*info)[i].group_sid, pdb_get_group_sid(sam_account));
-
- (*info)[i].acct_name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
- (*info)[i].full_name = talloc_strdup(mem_ctx, pdb_get_fullname(sam_account));
- if (!((*info)[i].acct_name) || !((*info)[i].full_name)) {
- DEBUG(0,("query_user_list: out of memory!\n"));
- result = NT_STATUS_NO_MEMORY;
- break;
- }
-
- i++;
-
- if (NT_STATUS_IS_ERR(pdb_reset_sam(sam_account))) {
- result = NT_STATUS_UNSUCCESSFUL;
- break;
- }
- }
-
- *num_entries = i;
- result = NT_STATUS_OK;
-
- } else {
- result = NT_STATUS_UNSUCCESSFUL;
- }
-
- pdb_free_sam(&sam_account);
- return result;
-}
-
-/* list all domain groups */
-static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 *num_entries,
- struct acct_info **info)
-{
- NTSTATUS result = NT_STATUS_OK;
-
- DEBUG(3,("pdb: enum_dom_groups (group support not implemented)\n"));
-
- *num_entries = 0;
- *info = 0;
-
- return result;
-}
-
-/* List all domain groups */
-
-static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 *num_entries,
- struct acct_info **info)
-{
- NTSTATUS result = NT_STATUS_OK;
-
- DEBUG(3,("pdb: enum_local_groups (group support not implemented)\n"));
-
- *num_entries = 0;
- *info = 0;
-
- return result;
-}
-
-/* convert a single name to a sid in a domain */
-static NTSTATUS name_to_sid(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const char *name,
- DOM_SID *sid,
- enum SID_NAME_USE *type)
-{
- SAM_ACCOUNT *sam_account = NULL;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(3,("pdb: name_to_sid name=%s (group support not implemented)\n", name));
-
- if (NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
- if (!pdb_getsampwnam(sam_account, name)) {
- result = NT_STATUS_UNSUCCESSFUL;
- } else { /* it is a sam user */
- sid_copy(sid, pdb_get_user_sid(sam_account));
- *type = SID_NAME_USER;
- result = NT_STATUS_OK;
- }
- }
-
- pdb_free_sam(&sam_account);
- return result;
-}
-
-/*
- convert a domain SID to a user or group name
-*/
-static NTSTATUS sid_to_name(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- DOM_SID *sid,
- char **name,
- enum SID_NAME_USE *type)
-{
- SAM_ACCOUNT *sam_account = NULL;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- uint32 id;
-
- DEBUG(3,("pdb: sid_to_name sid=%s\n", sid_string_static(sid)));
-
- if (NT_STATUS_IS_OK(sid_to_uid(sid, &id))) { /* this is a user */
-
- if (NT_STATUS_IS_ERR(result = pdb_init_sam(&sam_account))) {
- return result;
- }
-
- if (!pdb_getsampwsid(sam_account, sid)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
- if (!(*name)) {
- DEBUG(0,("query_user: out of memory!\n"));
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_MEMORY;
- }
-
- pdb_free_sam(&sam_account);
- *type = SID_NAME_USER;
- result = NT_STATUS_OK;
-
- } else if (NT_STATUS_IS_OK(sid_to_gid(sid, &id))) { /* this is a group */
-
- DEBUG(3,("pdb: sid_to_name: group support not implemented\n"));
- result = NT_STATUS_UNSUCCESSFUL;
- }
-
- return result;
-}
-
-/* Lookup user information from a rid or username. */
-static NTSTATUS query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- DOM_SID *user_sid,
- WINBIND_USERINFO *user_info)
-{
- SAM_ACCOUNT *sam_account = NULL;
- NTSTATUS result;
-
- DEBUG(3,("pdb: query_user sid=%s\n", sid_string_static(user_sid)));
-
- if (NT_STATUS_IS_ERR(result = pdb_init_sam(&sam_account))) {
- return result;
- }
-
- if (!pdb_getsampwsid(sam_account, user_sid)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* we return only nua accounts, or we will have duplicates */
- if (!idmap_check_sid_is_in_free_range(user_sid)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- user_info->user_sid = talloc(mem_ctx, sizeof(DOM_SID));
- user_info->group_sid = talloc(mem_ctx, sizeof(DOM_SID));
- if (!(user_info->user_sid) || !(user_info->group_sid)) {
- DEBUG(0,("query_user: out of memory!\n"));
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_MEMORY;
- }
- sid_copy(user_info->user_sid, pdb_get_user_sid(sam_account));
- sid_copy(user_info->group_sid, pdb_get_group_sid(sam_account));
-
- user_info->acct_name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
- user_info->full_name = talloc_strdup(mem_ctx, pdb_get_fullname(sam_account));
- if (!(user_info->acct_name) || !(user_info->full_name)) {
- DEBUG(0,("query_user: out of memory!\n"));
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_MEMORY;
- }
-
- pdb_free_sam(&sam_account);
- return NT_STATUS_OK;
-}
-
-/* Lookup groups a user is a member of. I wish Unix had a call like this! */
-static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- DOM_SID *user_sid,
- uint32 *num_groups, DOM_SID ***user_gids)
-{
- NTSTATUS result = NT_STATUS_OK;
-
- DEBUG(3,("pdb: lookup_usergroups (group support not implemented)\n"));
-
- num_groups = 0;
- user_gids = 0;
-
- return result;
-}
-
-
-/* Lookup group membership given a rid. */
-static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- DOM_SID *group_sid, uint32 *num_names,
- DOM_SID ***sid_mem, char ***names,
- uint32 **name_types)
-{
- NTSTATUS result = NT_STATUS_NOT_IMPLEMENTED;
-
- DEBUG(3,("pdb: lookup_groupmem (group support not implemented)\n"));
-
- num_names = 0;
- sid_mem = 0;
- names = 0;
- name_types = 0;
-
- return result;
-}
-
-/* find the sequence number for a domain */
-static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
-{
- /* FIXME: we fake up the seq_num untill our passdb support it */
- static uint32 seq_num;
-
- DEBUG(3,("pdb: sequence_number\n"));
-
- *seq = seq_num++;
-
- return NT_STATUS_OK;
-}
-
-/* get a list of trusted domains */
-static NTSTATUS trusted_domains(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids)
-{
- NTSTATUS result = NT_STATUS_NOT_IMPLEMENTED;
-
- DEBUG(3,("pdb: trusted_domains (todo!)\n"));
-
- return result;
-}
-
-/* find the domain sid for a domain */
-static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
-{
- DEBUG(3,("pdb: domain_sid\n"));
-
- if (strcmp(domain->name, lp_workgroup())) {
- return NT_STATUS_INVALID_PARAMETER;
- } else {
- sid_copy(sid, get_global_sam_sid());
- return NT_STATUS_OK;
- }
-}
-
-/* find alternate names list for the domain
- * should we look for netbios aliases??
- SSS */
-static NTSTATUS alternate_name(struct winbindd_domain *domain)
-{
- DEBUG(3,("pdb: alternate_name\n"));
-
- return NT_STATUS_OK;
-}
-
-
-/* the rpc backend methods are exposed via this structure */
-struct winbindd_methods passdb_methods = {
- False,
- query_user_list,
- enum_dom_groups,
- enum_local_groups,
- name_to_sid,
- sid_to_name,
- query_user,
- lookup_usergroups,
- lookup_groupmem,
- sequence_number,
- trusted_domains,
- domain_sid,
- alternate_name
-};
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 5a5ac4a2cc1..0efa2796c36 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -185,6 +185,7 @@ typedef struct
int mangle_prefix;
int max_log_size;
char *szLogLevel;
+ int mangled_stack;
int max_xmit;
int max_mux;
int max_open_files;
@@ -752,7 +753,7 @@ static const struct enum_list enum_map_to_guest[] = {
*/
static struct parm_struct parm_table[] = {
- {N_("Base Options"), P_SEP, P_SEPARATOR},
+ {"Base Options", P_SEP, P_SEPARATOR},
{"dos charset", P_STRING, P_GLOBAL, &Globals.dos_charset, handle_charset, NULL, FLAG_ADVANCED},
{"unix charset", P_STRING, P_GLOBAL, &Globals.unix_charset, handle_charset, NULL, FLAG_ADVANCED},
@@ -772,7 +773,7 @@ static struct parm_struct parm_table[] = {
{"interfaces", P_LIST, P_GLOBAL, &Globals.szInterfaces, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
{"bind interfaces only", P_BOOL, P_GLOBAL, &Globals.bBindInterfacesOnly, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD},
- {N_("Security Options"), P_SEP, P_SEPARATOR},
+ {"Security Options", P_SEP, P_SEPARATOR},
{"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
{"auth methods", P_LIST, P_GLOBAL, &Globals.AuthMethods, NULL, NULL, FLAG_ADVANCED},
@@ -856,7 +857,7 @@ static struct parm_struct parm_table[] = {
{"deny hosts", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_HIDE},
{"preload modules", P_LIST, P_GLOBAL, &Globals.szPreloadModules, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL},
- {N_("Logging Options"), P_SEP, P_SEPARATOR},
+ {"Logging Options", P_SEP, P_SEPARATOR},
{"log level", P_STRING, P_GLOBAL, &Globals.szLogLevel, handle_debug_list, NULL, FLAG_ADVANCED},
{"debuglevel", P_STRING, P_GLOBAL, &Globals.szLogLevel, handle_debug_list, NULL, FLAG_HIDE},
@@ -871,7 +872,7 @@ static struct parm_struct parm_table[] = {
{"debug pid", P_BOOL, P_GLOBAL, &Globals.bDebugPid, NULL, NULL, FLAG_ADVANCED},
{"debug uid", P_BOOL, P_GLOBAL, &Globals.bDebugUid, NULL, NULL, FLAG_ADVANCED},
- {N_("Protocol Options"), P_SEP, P_SEPARATOR},
+ {"Protocol Options", P_SEP, P_SEPARATOR},
{"smb ports", P_STRING, P_GLOBAL, &Globals.smb_ports, NULL, NULL, FLAG_ADVANCED},
{"protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, FLAG_ADVANCED},
@@ -908,7 +909,7 @@ static struct parm_struct parm_table[] = {
{"server signing", P_ENUM, P_GLOBAL, &Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED},
{"client use spnego", P_BOOL, P_GLOBAL, &Globals.bClientUseSpnego, NULL, NULL, FLAG_ADVANCED},
- {N_("Tuning Options"), P_SEP, P_SEPARATOR},
+ {"Tuning Options", P_SEP, P_SEPARATOR},
{"block size", P_INTEGER, P_LOCAL, &sDefault.iBlock_size, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"change notify timeout", P_INTEGER, P_GLOBAL, &Globals.change_notify_timeout, NULL, NULL, FLAG_ADVANCED},
@@ -937,7 +938,7 @@ static struct parm_struct parm_table[] = {
{"name cache timeout", P_INTEGER, P_GLOBAL, &Globals.name_cache_timeout, NULL, NULL, FLAG_ADVANCED},
- {N_("Printing Options"), P_SEP, P_SEPARATOR},
+ {"Printing Options", P_SEP, P_SEPARATOR},
{"max reported print jobs", P_INTEGER, P_LOCAL, &sDefault.iMaxReportedPrintJobs, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT},
{"max print jobs", P_INTEGER, P_LOCAL, &sDefault.iMaxPrintJobs, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT},
@@ -967,10 +968,11 @@ static struct parm_struct parm_table[] = {
{"use client driver", P_BOOL, P_LOCAL, &sDefault.bUseClientDriver, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT},
{"default devmode", P_BOOL, P_LOCAL, &sDefault.bDefaultDevmode, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT},
- {N_("Filename Handling"), P_SEP, P_SEPARATOR},
+ {"Filename Handling", P_SEP, P_SEPARATOR},
{"mangling method", P_STRING, P_GLOBAL, &Globals.szManglingMethod, NULL, NULL, FLAG_ADVANCED},
{"mangle prefix", P_INTEGER, P_GLOBAL, &Globals.mangle_prefix, NULL, NULL, FLAG_ADVANCED},
+ {"mangled stack", P_INTEGER, P_GLOBAL, &Globals.mangled_stack, NULL, NULL, FLAG_ADVANCED},
{"default case", P_ENUM, P_LOCAL, &sDefault.iDefaultCase, NULL, enum_case, FLAG_ADVANCED | FLAG_SHARE},
{"case sensitive", P_BOOL, P_LOCAL, &sDefault.bCaseSensitive, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"casesignames", P_BOOL, P_LOCAL, &sDefault.bCaseSensitive, NULL, NULL, FLAG_HIDE},
@@ -990,14 +992,14 @@ static struct parm_struct parm_table[] = {
{"map hidden", P_BOOL, P_LOCAL, &sDefault.bMap_hidden, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"map archive", P_BOOL, P_LOCAL, &sDefault.bMap_archive, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"mangled names", P_BOOL, P_LOCAL, &sDefault.bMangledNames, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
- {"mangled map", P_STRING, P_LOCAL, &sDefault.szMangledMap, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL | FLAG_DEPRECATED },
+ {"mangled map", P_STRING, P_LOCAL, &sDefault.szMangledMap, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"stat cache", P_BOOL, P_GLOBAL, &Globals.bStatCache, NULL, NULL, FLAG_ADVANCED},
- {N_("Domain Options"), P_SEP, P_SEPARATOR},
+ {"Domain Options", P_SEP, P_SEPARATOR},
{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD},
- {N_("Logon Options"), P_SEP, P_SEPARATOR},
+ {"Logon Options", P_SEP, P_SEPARATOR},
{"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, FLAG_ADVANCED},
{"delete user script", P_STRING, P_GLOBAL, &Globals.szDelUserScript, NULL, NULL, FLAG_ADVANCED},
@@ -1016,7 +1018,7 @@ static struct parm_struct parm_table[] = {
{"logon home", P_STRING, P_GLOBAL, &Globals.szLogonHome, NULL, NULL, FLAG_ADVANCED},
{"domain logons", P_BOOL, P_GLOBAL, &Globals.bDomainLogons, NULL, NULL, FLAG_ADVANCED},
- {N_("Browse Options"), P_SEP, P_SEPARATOR},
+ {"Browse Options", P_SEP, P_SEPARATOR},
{"os level", P_INTEGER, P_GLOBAL, &Globals.os_level, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED},
{"lm announce", P_ENUM, P_GLOBAL, &Globals.lm_announce, NULL, enum_bool_auto, FLAG_ADVANCED},
@@ -1030,7 +1032,7 @@ static struct parm_struct parm_table[] = {
{"browsable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, FLAG_HIDE},
{"enhanced browsing", P_BOOL, P_GLOBAL, &Globals.enhanced_browsing, NULL, NULL, FLAG_ADVANCED},
- {N_("WINS Options"), P_SEP, P_SEPARATOR},
+ {"WINS Options", P_SEP, P_SEPARATOR},
{"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, FLAG_ADVANCED},
{"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, FLAG_ADVANCED},
@@ -1040,7 +1042,7 @@ static struct parm_struct parm_table[] = {
{"wins hook", P_STRING, P_GLOBAL, &Globals.szWINSHook, NULL, NULL, FLAG_ADVANCED},
{"wins partners", P_STRING, P_GLOBAL, &Globals.szWINSPartners, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD},
- {N_("Locking Options"), P_SEP, P_SEPARATOR},
+ {"Locking Options", P_SEP, P_SEPARATOR},
{"blocking locks", P_BOOL, P_LOCAL, &sDefault.bBlockingLocks, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"csc policy", P_ENUM, P_LOCAL, &sDefault.iCSCPolicy, NULL, enum_csc_policy, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
@@ -1058,7 +1060,7 @@ static struct parm_struct parm_table[] = {
{"strict locking", P_BOOL, P_LOCAL, &sDefault.bStrictLocking, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"share modes", P_BOOL, P_LOCAL, &sDefault.bShareModes, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
- {N_("Ldap Options"), P_SEP, P_SEPARATOR},
+ {"Ldap Options", P_SEP, P_SEPARATOR},
#ifdef WITH_LDAP_SAMCONFIG
{"ldap server", P_STRING, P_GLOBAL, &Globals.szLdapServer, NULL, NULL, FLAG_ADVANCED},
@@ -1075,7 +1077,7 @@ static struct parm_struct parm_table[] = {
{"ldap passwd sync", P_ENUM, P_GLOBAL, &Globals.ldap_passwd_sync, NULL, enum_ldap_passwd_sync, FLAG_ADVANCED},
{"ldap delete dn", P_BOOL, P_GLOBAL, &Globals.ldap_delete_dn, NULL, NULL, FLAG_ADVANCED},
- {N_("Miscellaneous Options"), P_SEP, P_SEPARATOR},
+ {"Miscellaneous Options", P_SEP, P_SEPARATOR},
{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, FLAG_ADVANCED},
{"change share command", P_STRING, P_GLOBAL, &Globals.szChangeShareCommand, NULL, NULL, FLAG_ADVANCED},
{"delete share command", P_STRING, P_GLOBAL, &Globals.szDeleteShareCommand, NULL, NULL, FLAG_ADVANCED},
@@ -1135,7 +1137,7 @@ static struct parm_struct parm_table[] = {
{"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, FLAG_ADVANCED},
{"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL, NULL, FLAG_ADVANCED},
- {N_("VFS module options"), P_SEP, P_SEPARATOR},
+ {"VFS module options", P_SEP, P_SEPARATOR},
{"vfs objects", P_LIST, P_LOCAL, &sDefault.szVfsObjects, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE},
{"vfs object", P_LIST, P_LOCAL, &sDefault.szVfsObjects, NULL, NULL, FLAG_HIDE},
@@ -1145,7 +1147,7 @@ static struct parm_struct parm_table[] = {
{"msdfs proxy", P_STRING, P_LOCAL, &sDefault.szMSDfsProxy, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE},
{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, FLAG_ADVANCED},
- {N_("Winbind options"), P_SEP, P_SEPARATOR},
+ {"Winbind options", P_SEP, P_SEPARATOR},
{"enable rid algorithm", P_BOOL, P_GLOBAL, &Globals.bEnableRidAlgorithm, NULL, NULL, FLAG_DEPRECATED},
{"idmap backend", P_STRING, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED},
@@ -1359,6 +1361,7 @@ static void init_globals(void)
Globals.AlgorithmicRidBase = BASE_RID;
Globals.bLoadPrinters = True;
+ Globals.mangled_stack = 50;
/* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
/* Discovered by 2 days of pain by Don McCall @ HP :-). */
Globals.max_xmit = 0x4104;
diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c
index 0afa130a67f..78f36eb9b6d 100644
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@@ -83,8 +83,7 @@ void pdb_fill_default_sam(SAM_ACCOUNT *user)
user->private.logon_divs = 168; /* hours per week */
user->private.hours_len = 21; /* 21 times 8 bits = 168 */
memset(user->private.hours, 0xff, user->private.hours_len); /* available at all hours */
- user->private.bad_password_count = 0;
- user->private.logon_count = 0;
+ user->private.unknown_5 = 0x00000000; /* don't know */
user->private.unknown_6 = 0x000004ec; /* don't know */
/* Some parts of samba strlen their pdb_get...() returns,
@@ -936,7 +935,7 @@ BOOL local_password_change(const char *user_name, int local_flags,
if ((local_flags & LOCAL_ADD_USER) || (local_flags & LOCAL_DELETE_USER)) {
/* Might not exist in /etc/passwd. Use rid algorithm here */
if (!NT_STATUS_IS_OK(pdb_init_sam_new(&sam_pass, user_name, 0))) {
- slprintf(err_str, err_str_len-1, "Failed to initialise SAM_ACCOUNT for user %s.\n", user_name);
+ slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
return False;
}
} else {
@@ -1281,7 +1280,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_
Marshall/unmarshall SAM_ACCOUNT structs.
*********************************************************************/
-#define TDB_FORMAT_STRING "ddddddBBBBBBBBBBBBddBBwdwdBwwd"
+#define TDB_FORMAT_STRING "ddddddBBBBBBBBBBBBddBBwdwdBdd"
/**********************************************************************
Intialize a SAM_ACCOUNT struct from a BYTE buffer of size len
@@ -1316,9 +1315,8 @@ BOOL init_sam_from_buffer(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
fullname_len, homedir_len, logon_script_len,
profile_path_len, acct_desc_len, workstations_len;
- uint32 user_rid, group_rid, unknown_3, hours_len, unknown_6;
+ uint32 user_rid, group_rid, unknown_3, hours_len, unknown_5, unknown_6;
uint16 acct_ctrl, logon_divs;
- uint16 bad_password_count, logon_count;
uint8 *hours;
static uint8 *lm_pw_ptr, *nt_pw_ptr;
uint32 len = 0;
@@ -1359,8 +1357,7 @@ BOOL init_sam_from_buffer(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
&logon_divs,
&hours_len,
&hourslen, &hours,
- &bad_password_count,
- &logon_count,
+ &unknown_5,
&unknown_6);
if (len == -1) {
@@ -1435,8 +1432,7 @@ BOOL init_sam_from_buffer(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
pdb_set_unknown_3(sampass, unknown_3, PDB_SET);
pdb_set_hours_len(sampass, hours_len, PDB_SET);
- pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
- pdb_set_logon_count(sampass, logon_count, PDB_SET);
+ pdb_set_unknown_5(sampass, unknown_5, PDB_SET);
pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
@@ -1644,8 +1640,7 @@ uint32 init_buffer_from_sam (uint8 **buf, const SAM_ACCOUNT *sampass, BOOL size_
pdb_get_logon_divs(sampass),
pdb_get_hours_len(sampass),
MAX_HOURS_LEN, pdb_get_hours(sampass),
- pdb_get_bad_password_count(sampass),
- pdb_get_logon_count(sampass),
+ pdb_get_unknown_5(sampass),
pdb_get_unknown_6(sampass));
@@ -1687,8 +1682,7 @@ uint32 init_buffer_from_sam (uint8 **buf, const SAM_ACCOUNT *sampass, BOOL size_
pdb_get_logon_divs(sampass),
pdb_get_hours_len(sampass),
MAX_HOURS_LEN, pdb_get_hours(sampass),
- pdb_get_bad_password_count(sampass),
- pdb_get_logon_count(sampass),
+ pdb_get_unknown_5(sampass),
pdb_get_unknown_6(sampass));
diff --git a/source/passdb/pdb_get_set.c b/source/passdb/pdb_get_set.c
index 46c49be8b11..15054585512 100644
--- a/source/passdb/pdb_get_set.c
+++ b/source/passdb/pdb_get_set.c
@@ -314,20 +314,12 @@ uint32 pdb_get_unknown_3 (const SAM_ACCOUNT *sampass)
return (-1);
}
-uint16 pdb_get_bad_password_count(const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown_5 (const SAM_ACCOUNT *sampass)
{
if (sampass)
- return (sampass->private.bad_password_count);
+ return (sampass->private.unknown_5);
else
- return 0;
-}
-
-uint16 pdb_get_logon_count(const SAM_ACCOUNT *sampass)
-{
- if (sampass)
- return (sampass->private.logon_count);
- else
- return 0;
+ return (-1);
}
uint32 pdb_get_unknown_6 (const SAM_ACCOUNT *sampass)
@@ -509,7 +501,7 @@ BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, enum pdb_elements element, enum p
return True;
}
-BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
+BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid, enum pdb_value_state flag)
{
if (!sampass || !u_sid)
return False;
@@ -545,7 +537,7 @@ BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid, enum pdb
return True;
}
-BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
+BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, DOM_SID *g_sid, enum pdb_value_state flag)
{
if (!sampass || !g_sid)
return False;
@@ -992,24 +984,14 @@ BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state
return pdb_set_init_flags(sampass, PDB_UNKNOWN3, flag);
}
-BOOL pdb_set_bad_password_count(SAM_ACCOUNT *sampass, uint16 bad_password_count, enum pdb_value_state flag)
-{
- if (!sampass)
- return False;
-
- sampass->private.bad_password_count = bad_password_count;
-
- return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
-}
-
-BOOL pdb_set_logon_count(SAM_ACCOUNT *sampass, uint16 logon_count, enum pdb_value_state flag)
+BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state flag)
{
if (!sampass)
return False;
- sampass->private.logon_count = logon_count;
+ sampass->private.unknown_5 = unkn;
- return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
+ return pdb_set_init_flags(sampass, PDB_UNKNOWN5, flag);
}
BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state flag)
diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index 5cf1691f0dd..e00631fb7dd 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -61,7 +61,7 @@
#if defined(LDAP_EXOP_X_MODIFY_PASSWD) && !defined(LDAP_EXOP_MODIFY_PASSWD)
#define LDAP_EXOP_MODIFY_PASSWD LDAP_EXOP_X_MODIFY_PASSWD
#elif !defined(LDAP_EXOP_MODIFY_PASSWD)
-#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"
+#define "1.3.6.1.4.1.4203.1.11.1"
#endif
#if defined(LDAP_EXOP_X_MODIFY_PASSWD_ID) && !defined(LDAP_EXOP_MODIFY_PASSWD_ID)
@@ -422,8 +422,6 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
smbntpwd[NT_HASH_LEN];
uint16 acct_ctrl = 0,
logon_divs;
- uint16 bad_password_count = 0,
- logon_count = 0;
uint32 hours_len;
uint8 hours[MAX_HOURS_LEN];
pstring temp;
@@ -706,23 +704,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
/* pdb_set_unknown_3(sampass, unknown3, PDB_SET); */
-
- if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_COUNT), temp)) {
- /* leave as default */
- } else {
- bad_password_count = (uint32) atol(temp);
- pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
- }
-
- if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_COUNT), temp)) {
- /* leave as default */
- } else {
- logon_count = (uint32) atol(temp);
- pdb_set_logon_count(sampass, logon_count, PDB_SET);
- }
-
+ /* pdb_set_unknown_5(sampass, unknown5, PDB_SET); */
/* pdb_set_unknown_6(sampass, unknown6, PDB_SET); */
pdb_set_hours(sampass, hours, PDB_SET);
diff --git a/source/passdb/pdb_mysql.c b/source/passdb/pdb_mysql.c
index 7c2c56e3594..6c200be5045 100644
--- a/source/passdb/pdb_mysql.c
+++ b/source/passdb/pdb_mysql.c
@@ -49,8 +49,7 @@
#define CONFIG_UNKNOWN_3_DEFAULT "unknown_3"
#define CONFIG_LOGON_DIVS_DEFAULT "logon_divs"
#define CONFIG_HOURS_LEN_DEFAULT "hours_len"
-#define CONFIG_BAD_PASSWORD_COUNT_DEFAULT "bad_password_count"
-#define CONFIG_LOGON_COUNT_DEFAULT "logon_count"
+#define CONFIG_UNKNOWN_5_DEFAULT "unknown_5"
#define CONFIG_UNKNOWN_6_DEFAULT "unknown_6"
#define CONFIG_HOST_DEFAULT "localhost"
#define CONFIG_USER_DEFAULT "samba"
@@ -156,7 +155,7 @@ static const char * config_value_write(pdb_mysql_data * data, const char *name,
if (!v)
return NULL;
- swrite = strrchr(v, ':');
+ swrite = strchr(v, ':');
/* Default to the same field as read field */
if (!swrite)
@@ -182,7 +181,7 @@ static const char * config_value_read(pdb_mysql_data * data, const char *name, c
if (!v)
return "NULL";
- swrite = strrchr(v, ':');
+ swrite = strchr(v, ':');
/* If no write is specified, there are no problems */
if (!swrite) {
@@ -241,20 +240,14 @@ static NTSTATUS row_to_sam_account(MYSQL_RES * r, SAM_ACCOUNT * u)
pdb_set_unknown_str(u, row[16], PDB_SET);
pdb_set_munged_dial(u, row[17], PDB_SET);
- if(!row[18] || !string_to_sid(&sid, row[18])) {
- DEBUG(0,("No user SID retrieved from database!\n"));
- } else {
- pdb_set_user_sid(u, &sid, PDB_SET);
- }
+ if(row[18])string_to_sid(&sid, row[18]);
+ pdb_set_user_sid(u, &sid, PDB_SET);
+ if(row[19])string_to_sid(&sid, row[19]);
+ pdb_set_group_sid(u, &sid, PDB_SET);
- if(row[19]) {
- string_to_sid(&sid, row[19]);
- pdb_set_group_sid(u, &sid, PDB_SET);
- }
-
- if (pdb_gethexpwd(row[20], temp))
+ if (pdb_gethexpwd(row[20], temp), PDB_SET)
pdb_set_lanman_passwd(u, temp, PDB_SET);
- if (pdb_gethexpwd(row[21], temp))
+ if (pdb_gethexpwd(row[21], temp), PDB_SET)
pdb_set_nt_passwd(u, temp, PDB_SET);
/* Only use plaintext password storage when lanman and nt are
@@ -266,9 +259,8 @@ static NTSTATUS row_to_sam_account(MYSQL_RES * r, SAM_ACCOUNT * u)
pdb_set_unknown_3(u, xatol(row[24]), PDB_SET);
pdb_set_logon_divs(u, xatol(row[25]), PDB_SET);
pdb_set_hours_len(u, xatol(row[26]), PDB_SET);
- pdb_set_bad_password_count(u, xatol(row[27]), PDB_SET);
- pdb_set_logon_count(u, xatol(row[28]), PDB_SET);
- pdb_set_unknown_6(u, xatol(row[29]), PDB_SET);
+ pdb_set_unknown_5(u, xatol(row[27]), PDB_SET);
+ pdb_set_unknown_6(u, xatol(row[28]), PDB_SET);
return NT_STATUS_OK;
}
@@ -286,7 +278,7 @@ static NTSTATUS mysqlsam_setsampwent(struct pdb_methods *methods, BOOL update)
}
asprintf(&query,
- "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s",
+ "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s",
config_value_read(data, "logon time column",
CONFIG_LOGON_TIME_DEFAULT),
config_value_read(data, "logoff time column",
@@ -341,10 +333,8 @@ static NTSTATUS mysqlsam_setsampwent(struct pdb_methods *methods, BOOL update)
CONFIG_LOGON_DIVS_DEFAULT),
config_value_read(data, "hours len column",
CONFIG_HOURS_LEN_DEFAULT),
- config_value_read(data, "bad password count column",
- CONFIG_BAD_PASSWORD_COUNT_DEFAULT),
- config_value_read(data, "logon count column",
- CONFIG_LOGON_COUNT_DEFAULT),
+ config_value_read(data, "unknown 5 column",
+ CONFIG_UNKNOWN_5_DEFAULT),
config_value_read(data, "unknown 6 column",
CONFIG_UNKNOWN_6_DEFAULT),
config_value(data, "table", CONFIG_TABLE_DEFAULT)
@@ -452,7 +442,7 @@ static NTSTATUS mysqlsam_select_by_field(struct pdb_methods * methods, SAM_ACCOU
}
asprintf(&query,
- "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s WHERE %s = '%s'",
+ "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s WHERE %s = '%s'",
config_value_read(data, "logon time column",
CONFIG_LOGON_TIME_DEFAULT),
config_value_read(data, "logoff time column",
@@ -507,10 +497,8 @@ static NTSTATUS mysqlsam_select_by_field(struct pdb_methods * methods, SAM_ACCOU
CONFIG_LOGON_DIVS_DEFAULT),
config_value_read(data, "hours len column",
CONFIG_HOURS_LEN_DEFAULT),
- config_value_read(data, "bad password count column",
- CONFIG_BAD_PASSWORD_COUNT_DEFAULT),
- config_value_read(data, "logon count column",
- CONFIG_LOGON_COUNT_DEFAULT),
+ config_value_read(data, "unknown 5 column",
+ CONFIG_UNKNOWN_5_DEFAULT),
config_value_read(data, "unknown 6 column",
CONFIG_UNKNOWN_6_DEFAULT),
config_value(data, "table", CONFIG_TABLE_DEFAULT), field,
@@ -657,7 +645,6 @@ static NTSTATUS mysqlsam_replace_sam_account(struct pdb_methods *methods,
const SAM_ACCOUNT * newpwd, char isupdate)
{
pstring temp;
- char *field;
struct pdb_mysql_data *data;
pdb_mysql_query query;
fstring sid_str;
@@ -668,7 +655,6 @@ static NTSTATUS mysqlsam_replace_sam_account(struct pdb_methods *methods,
}
data = (struct pdb_mysql_data *) methods->private_data;
-
if (data == NULL || data->handle == NULL) {
DEBUG(0, ("invalid handle!\n"));
return NT_STATUS_INVALID_HANDLE;
@@ -886,7 +872,6 @@ static NTSTATUS mysqlsam_init(struct pdb_context * pdb_context, struct pdb_metho
{
NTSTATUS nt_status;
struct pdb_mysql_data *data;
- const char *sid_column, *username_column;
mysqlsam_debug_level = debug_add_class("mysqlsam");
if (mysqlsam_debug_level == -1) {
@@ -895,7 +880,6 @@ static NTSTATUS mysqlsam_init(struct pdb_context * pdb_context, struct pdb_metho
("mysqlsam: Couldn't register custom debugging class!\n"));
}
-
if (!pdb_context) {
DEBUG(0, ("invalid pdb_methods specified\n"));
return NT_STATUS_UNSUCCESSFUL;
@@ -943,14 +927,6 @@ static NTSTATUS mysqlsam_init(struct pdb_context * pdb_context, struct pdb_metho
DEBUG(0, ("Failed to connect to server\n"));
return NT_STATUS_UNSUCCESSFUL;
}
-
- sid_column = config_value_read(data, "user sid column", CONFIG_USER_SID_DEFAULT);
- username_column = config_value_read(data, "username column", CONFIG_USERNAME_DEFAULT);
- if(!strcmp(sid_column,"NULL") || !strcmp(username_column, "NULL")) {
- DEBUG(0,("Please specify both a valid 'user sid column' and a valid 'username column' in smb.conf\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
/* Process correct entry in $HOME/.my.conf */
if (!mysql_real_connect(data->handle,
config_value(data, "mysql host", CONFIG_HOST_DEFAULT),
diff --git a/source/passdb/pdb_smbpasswd.c b/source/passdb/pdb_smbpasswd.c
index 8cdbec9b9d0..8171b65adcc 100644
--- a/source/passdb/pdb_smbpasswd.c
+++ b/source/passdb/pdb_smbpasswd.c
@@ -261,11 +261,7 @@ static FILE *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int
setvbuf(fp, (char *)NULL, _IOFBF, 1024);
/* Make sure it is only rw by the owner */
-#ifdef HAVE_FCHMOD
if(fchmod(fileno(fp), S_IRUSR|S_IWUSR) == -1) {
-#else
- if(chmod(pfile, S_IRUSR|S_IWUSR) == -1) {
-#endif
DEBUG(0, ("startsmbfilepwent_internal: failed to set 0600 permissions on password file %s. \
Error was %s\n.", pfile, strerror(errno) ));
pw_file_unlock(fileno(fp), lock_depth);
diff --git a/source/passdb/pdb_xml.c b/source/passdb/pdb_xml.c
index 29922bca4f9..7af2fdd9402 100644
--- a/source/passdb/pdb_xml.c
+++ b/source/passdb/pdb_xml.c
@@ -159,13 +159,8 @@ static BOOL parseUser(xmlDocPtr doc, xmlNsPtr ns, xmlNodePtr cur, SAM_ACCOUNT *
atol(xmlNodeListGetString
(doc, cur->xmlChildrenNode, 1)), PDB_SET);
- else if (!strcmp(cur->name, "bad_password_count") && cur->ns == ns)
- pdb_set_bad_password_count(u,
- atol(xmlNodeListGetString
- (doc, cur->xmlChildrenNode, 1)), PDB_SET);
-
- else if (!strcmp(cur->name, "logon_count") && cur->ns == ns)
- pdb_set_logon_count(u,
+ else if (!strcmp(cur->name, "unknown_5") && cur->ns == ns)
+ pdb_set_unknown_5(u,
atol(xmlNodeListGetString
(doc, cur->xmlChildrenNode, 1)), PDB_SET);
@@ -500,8 +495,7 @@ static NTSTATUS xmlsam_add_sam_account(struct pdb_methods *methods, SAM_ACCOUNT
xmlNewChild(user, data->ns, "hours_len",
iota(pdb_get_hours_len(u)));
- xmlNewChild(user, data->ns, "bad_password_count", iota(pdb_get_bad_password_count(u)));
- xmlNewChild(user, data->ns, "logon_count", iota(pdb_get_logon_count(u)));
+ xmlNewChild(user, data->ns, "unknown_5", iota(pdb_get_unknown_5(u)));
xmlNewChild(user, data->ns, "unknown_6", iota(pdb_get_unknown_6(u)));
xmlSaveFile(data->location, data->doc);
diff --git a/source/po/de.msg b/source/po/de.msg
index e2294d50871..6a8da43ae3a 100644
--- a/source/po/de.msg
+++ b/source/po/de.msg
@@ -1,593 +1,1707 @@
# German messages for international release of SWAT.
# Copyright (C) 2001 Andreas Moroder
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
+
msgid ""
msgstr ""
-"Project-Id-Version: i18n_swat\n"
-"POT-Creation-Date: 2003-10-06 05:30+0900\n"
+"Project-Id-Version: i18n_swat \n"
+"POT-Creation-Date: 2001-10-27 14:05+0100\n"
"PO-Revision-Date: 2000-02-08 14:45+0100\n"
-"Last-Translator: Andreas Moroder\n"
+"Last-Translator: Andreas Moroder"
"Language-Team: (Samba Team) <samba-technical@samba.org>\n"
"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=iso-8859-1\n"
-"Content-Transfer-Encoding: 8bit\n"
+"Content-Type: text/plain; charset=US-ASCII\n"
+"Content-Transfer-Encoding: \n"
-#: ../web/swat.c:117
+#: web/swat.c:120
#, c-format
-msgid "ERROR: Can't open %s"
-msgstr "ERRORE: Kann %s nicht ffnen"
+msgid "ERROR: Can't open %s\n"
+msgstr "ERRORE: Kann %s nicht ffnen\n"
-#: ../web/swat.c:200
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
msgid "Help"
msgstr "Hilfe"
-#: ../web/swat.c:206 ../web/swat.c:220 ../web/swat.c:235 ../web/swat.c:243 ../web/swat.c:252 ../web/swat.c:261 ../web/swat.c:267 ../web/swat.c:273 ../web/swat.c:286
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
msgid "Set Default"
msgstr "Setze Standardwerte"
-#: ../web/swat.c:408
-#, c-format
-msgid "failed to open %s for writing"
-msgstr ""
-
-#: ../web/swat.c:431
+#: web/swat.c:502
#, c-format
-msgid "Can't reload %s"
-msgstr ""
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr "Verbunden als <b>%s</b><p>\n"
-#: ../web/swat.c:501
-#, c-format
-msgid "Logged in as <b>%s</b>"
-msgstr "Verbunden als <b>%s</b>"
-
-#: ../web/swat.c:505
+#: web/swat.c:505
msgid "Home"
msgstr "Home"
-#: ../web/swat.c:507
+#: web/swat.c:507
msgid "Globals"
msgstr "Globals"
-#: ../web/swat.c:508
+#: web/swat.c:508
msgid "Shares"
msgstr "Freigaben"
-#: ../web/swat.c:509
+#: web/swat.c:509
msgid "Printers"
msgstr "Drucker"
-#: ../web/swat.c:510
-msgid "Wizard"
-msgstr ""
-
-#: ../web/swat.c:513
+#: web/swat.c:512
msgid "Status"
msgstr "Status"
-#: ../web/swat.c:514
+#: web/swat.c:513
msgid "View Config"
msgstr "Zeige Konfiguration"
-#: ../web/swat.c:516
+#: web/swat.c:515
msgid "Password Management"
msgstr "Passwortverwaltung"
-#: ../web/swat.c:526
-msgid "Current View Is"
-msgstr "Aktuelle Konfiguration"
-
-#: ../web/swat.c:527 ../web/swat.c:530
-msgid "Basic"
-msgstr "Basis Ansicht"
-
-#: ../web/swat.c:528 ../web/swat.c:531
-msgid "Advanced"
-msgstr "Erweiterte Ansicht"
-
-#: ../web/swat.c:529
-msgid "Change View To"
-msgstr "トndere Passwort"
-
-#: ../web/swat.c:554
+#: web/swat.c:539
msgid "Current Config"
msgstr "Aktuelle Konfiguration"
-#: ../web/swat.c:558
+#: web/swat.c:543
msgid "Normal View"
msgstr "Normale Ansich"
-#: ../web/swat.c:560
+#: web/swat.c:545
msgid "Full View"
msgstr "Komplette Ansicht"
-#. Here we first set and commit all the parameters that were selected
-#. in the previous screen.
-#: ../web/swat.c:579
-msgid "Wizard Parameter Edit Page"
-msgstr ""
-
-#: ../web/swat.c:608
-msgid "Note: smb.conf file has been read and rewritten"
-msgstr ""
-
-#. Here we go ...
-#: ../web/swat.c:716
-msgid "Samba Configuration Wizard"
-msgstr ""
-
-#: ../web/swat.c:720
-msgid "The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."
-msgstr ""
-
-#: ../web/swat.c:721
-msgid "The same will happen if you press the commit button."
-msgstr ""
-
-#: ../web/swat.c:724
-msgid "Rewrite smb.conf file"
-msgstr ""
-
-#: ../web/swat.c:725
-msgid "Commit"
-msgstr "Kommentar"
-
-#: ../web/swat.c:726
-msgid "Edit Parameter Values"
-msgstr "Drucker Parameter"
-
-#: ../web/swat.c:732
-msgid "Server Type"
-msgstr ""
-
-#: ../web/swat.c:733
-msgid "Stand Alone"
-msgstr ""
-
-#: ../web/swat.c:734
-msgid "Domain Member"
-msgstr "Dom舅en master"
-
-#: ../web/swat.c:735
-msgid "Domain Controller"
-msgstr "Dom舅en master"
-
-#: ../web/swat.c:738
-msgid "Unusual Type in smb.conf - Please Select New Mode"
-msgstr ""
-
-#: ../web/swat.c:740
-msgid "Configure WINS As"
-msgstr ""
-
-#: ../web/swat.c:741
-msgid "Not Used"
-msgstr "nicht hinabsteigen"
-
-#: ../web/swat.c:742
-msgid "Server for client use"
-msgstr ""
-
-#: ../web/swat.c:743
-msgid "Client of another WINS server"
-msgstr ""
-
-#: ../web/swat.c:745
-msgid "Remote WINS Server"
-msgstr ""
-
-#: ../web/swat.c:756
-msgid "Error: WINS Server Mode and WINS Support both set in smb.conf"
-msgstr ""
-
-#: ../web/swat.c:757
-msgid "Please Select desired WINS mode above."
-msgstr ""
-
-#: ../web/swat.c:759
-msgid "Expose Home Directories"
-msgstr ""
-
-#: ../web/swat.c:774
-msgid "The above configuration options will set multiple parameters and will generally assist with rapid Samba deployment."
-msgstr ""
-
-#: ../web/swat.c:787
-msgid "Global Parameters"
+#: web/swat.c:561
+msgid "Global Variables"
msgstr "Globale Variablen"
-#: ../web/swat.c:815 ../web/swat.c:916 ../web/swat.c:1265
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
msgid "Commit Changes"
msgstr "Speichere トnderungen"
-#: ../web/swat.c:819 ../web/swat.c:919 ../web/swat.c:1267
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
msgid "Reset Values"
msgstr "Setze Werte zurck"
-#: ../web/swat.c:844
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "Erweiterte Ansicht"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "Basis Ansicht"
+
+#: web/swat.c:613
msgid "Share Parameters"
msgstr "Parameter der Freigabe"
-#: ../web/swat.c:887
+#: web/swat.c:642
msgid "Choose Share"
msgstr "W臧le Freigabe"
-#: ../web/swat.c:901
+#: web/swat.c:656
msgid "Delete Share"
msgstr "Lsche Freigabe"
-#: ../web/swat.c:908
+#: web/swat.c:663
msgid "Create Share"
msgstr "Erstelle Freigabe"
-#: ../web/swat.c:944
-msgid "password change in demo mode rejected"
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
msgstr "トnderung des Passworts im Demo modus nicht aktiv"
-#: ../web/swat.c:957
-msgid "Can't setup password database vectors."
-msgstr ""
-
-#: ../web/swat.c:983
-msgid " Must specify \"User Name\" "
-msgstr " \"Benutzername\" muss angegeben werden "
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr " \"Benutzername\" muss angegeben werden \n"
-#: ../web/swat.c:999
-msgid " Must specify \"Old Password\" "
-msgstr " \"Altes Passwort\" mu゚ angegeben werden "
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr " \"Altes Passwort\" mu゚ angegeben werden \n"
-#: ../web/swat.c:1005
-msgid " Must specify \"Remote Machine\" "
-msgstr " \"Remote Maschine\" mu゚ angegeben werden "
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr " \"Remote Maschine\" mu゚ angegeben werden \n"
-#: ../web/swat.c:1012
-msgid " Must specify \"New, and Re-typed Passwords\" "
-msgstr " \"Neues/Best舩ige Passwort\" mu゚ angegeben werden "
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr " "Neues/Best舩ige Passwort" mu゚ angegeben werden \n"
-#: ../web/swat.c:1018
-msgid " Re-typed password didn't match new password "
-msgstr " Das best舩igte Passwort stimmt nicht mit dem neuen Passwort berein"
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr " Das best舩igte Passwort stimmt nicht mit dem neuen Passwort berein\n"
-#: ../web/swat.c:1048
+#: web/swat.c:812
#, c-format
-msgid " The passwd for '%s' has been changed."
-msgstr " Das Passwort fr '%s' wurde ge舅dert."
+msgid " The passwd for '%s' has been changed. \n"
+msgstr " Das Passwort fr '%s' wurde ge舅dert. \n"
-#: ../web/swat.c:1051
+#: web/swat.c:814
#, c-format
-msgid " The passwd for '%s' has NOT been changed."
-msgstr " Das Passwort fr '%s' wurde nicht ge舅dert."
+msgid " The passwd for '%s' has NOT been changed. \n"
+msgstr " Das Passwort fr '%s' wurde nicht ge舅dert. \n"
-#: ../web/swat.c:1076
+#: web/swat.c:838
msgid "Server Password Management"
msgstr "Verwaltung des Server Passwortes"
#.
#. * Create all the dialog boxes for data collection
#.
-#: ../web/swat.c:1085 ../web/swat.c:1132
-msgid "User Name"
-msgstr "Benutzername"
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr " Benutzername : "
-#: ../web/swat.c:1088 ../web/swat.c:1134
-msgid "Old Password"
-msgstr "Altes Passwort"
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr " Altes Passwort : "
-#: ../web/swat.c:1091 ../web/swat.c:1136
-msgid "New Password"
-msgstr "Neues Passwort"
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr " Neues Passwort : "
-#: ../web/swat.c:1093 ../web/swat.c:1138
-msgid "Re-type New Password"
-msgstr "Best舩ige neues Passwort"
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr " Best舩ige neues Passwort : "
-#: ../web/swat.c:1101 ../web/swat.c:1149
+#: web/swat.c:863 web/swat.c:911
msgid "Change Password"
msgstr "トndere Passwort"
-#: ../web/swat.c:1104
+#: web/swat.c:866
msgid "Add New User"
msgstr "Fge Benutzer hinzu"
-#: ../web/swat.c:1106
+#: web/swat.c:868
msgid "Delete User"
msgstr "Lsche Benutzer"
-#: ../web/swat.c:1108
+#: web/swat.c:870
msgid "Disable User"
msgstr "Desaktiviere Benutzer"
-#: ../web/swat.c:1110
+#: web/swat.c:872
msgid "Enable User"
msgstr "Aktiviere Benutzer"
-#: ../web/swat.c:1123
+#: web/swat.c:885
msgid "Client/Server Password Management"
msgstr "Client/Server Passwort Verwaltung"
-#: ../web/swat.c:1140
-msgid "Remote Machine"
-msgstr "Remote Maschine"
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr " Remote Maschine : "
-#: ../web/swat.c:1179
+#: web/swat.c:940
msgid "Printer Parameters"
msgstr "Drucker Parameter"
-#: ../web/swat.c:1181
+#: web/swat.c:942
msgid "Important Note:"
msgstr "Wichtige Hinweise:"
-#: ../web/swat.c:1182
+#: web/swat.c:943
msgid "Printer names marked with [*] in the Choose Printer drop-down box "
msgstr "Mit [*] gekennzeichnete Druckername in der Druckerauswahlliste"
-#: ../web/swat.c:1183
+#: web/swat.c:944
msgid "are autoloaded printers from "
msgstr "wurde automatisch geladen von :"
-#: ../web/swat.c:1184
+#: web/swat.c:945
msgid "Printcap Name"
msgstr "Printcap Name"
-#: ../web/swat.c:1185
-msgid "Attempting to delete these printers from SWAT will have no effect."
-msgstr "Der Versuch diese Drucker von SWAT aus zu lschen wird keine Auswirkung haben."
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
+msgstr "Der Versuch diese Drucker von SWAT aus zu lschen wird keine Auswirkung haben.\n"
-#: ../web/swat.c:1231
+#: web/swat.c:980
msgid "Choose Printer"
msgstr "W臧le Drucker"
-#: ../web/swat.c:1250
+#: web/swat.c:999
msgid "Delete Printer"
msgstr "Lsche Drucker"
-#: ../web/swat.c:1257
+#: web/swat.c:1006
msgid "Create Printer"
msgstr "Ersteller Drucker"
-#: ../web/statuspage.c:123
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr ""
+
+#: web/statuspage.c:41
+msgid "DENY_ALL "
+msgstr ""
+
+#: web/statuspage.c:42
+msgid "DENY_DOS "
+msgstr ""
+
+#: web/statuspage.c:43
+msgid "DENY_READ "
+msgstr ""
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr ""
+
+#: web/statuspage.c:50
msgid "RDONLY "
msgstr ""
-#: ../web/statuspage.c:124
+#: web/statuspage.c:51
msgid "WRONLY "
msgstr ""
-#: ../web/statuspage.c:125
+#: web/statuspage.c:52
msgid "RDWR "
msgstr ""
-#: ../web/statuspage.c:309
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr ""
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE "
+msgstr ""
+
+#: web/statuspage.c:64
+msgid "BATCH "
+msgstr ""
+
+#: web/statuspage.c:66
+msgid "LEVEL_II "
+msgstr ""
+
+#: web/statuspage.c:68
+msgid "NONE "
+msgstr ""
+
+#: web/statuspage.c:195
msgid "Server Status"
msgstr "Server Status"
-#: ../web/statuspage.c:314
+#: web/statuspage.c:200
msgid "Auto Refresh"
msgstr "Automatische Aktualisierung"
-#: ../web/statuspage.c:315 ../web/statuspage.c:320
+#: web/statuspage.c:201 web/statuspage.c:206
msgid "Refresh Interval: "
msgstr "Aktualisierungsintervall: "
-#: ../web/statuspage.c:319
+#: web/statuspage.c:205
msgid "Stop Refreshing"
msgstr "Stop Aktualisierung"
-#: ../web/statuspage.c:334
+#: web/statuspage.c:220
msgid "version:"
msgstr "Version:"
-#: ../web/statuspage.c:337
+#: web/statuspage.c:223
msgid "smbd:"
msgstr ""
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "running"
msgstr "aktiv"
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "not running"
msgstr "inaktiv"
-#: ../web/statuspage.c:341
+#: web/statuspage.c:226
msgid "Stop smbd"
msgstr "Stopp smbd"
-#: ../web/statuspage.c:343
+#: web/statuspage.c:228
msgid "Start smbd"
msgstr "Start smbd"
-#: ../web/statuspage.c:345
+#: web/statuspage.c:230
msgid "Restart smbd"
msgstr "Neustart smbd"
-#: ../web/statuspage.c:350
+#: web/statuspage.c:235
msgid "nmbd:"
msgstr ""
-#: ../web/statuspage.c:354
+#: web/statuspage.c:238
msgid "Stop nmbd"
msgstr "Stopp nmbd"
-#: ../web/statuspage.c:356
+#: web/statuspage.c:240
msgid "Start nmbd"
msgstr "Start nmbd"
-#: ../web/statuspage.c:358
+#: web/statuspage.c:242
msgid "Restart nmbd"
msgstr "Neustart nmbd"
-#: ../web/statuspage.c:364
-msgid "winbindd:"
-msgstr ""
-
-#: ../web/statuspage.c:368
-msgid "Stop winbindd"
-msgstr "Stopp nmbd"
-
-#: ../web/statuspage.c:370
-msgid "Start winbindd"
-msgstr "Start nmbd"
-
-#: ../web/statuspage.c:372
-msgid "Restart winbindd"
-msgstr "Neustart nmbd"
-
-#. stop, restart all
-#: ../web/statuspage.c:381
-msgid "Stop All"
-msgstr ""
-
-#: ../web/statuspage.c:382
-msgid "Restart All"
-msgstr "Neustart nmbd"
-
-#. start all
-#: ../web/statuspage.c:386
-msgid "Start All"
-msgstr "Start nmbd"
-
-#: ../web/statuspage.c:393
+#: web/statuspage.c:249
msgid "Active Connections"
msgstr "Aktive Verbindungen"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "PID"
msgstr ""
-#: ../web/statuspage.c:395 ../web/statuspage.c:408
+#: web/statuspage.c:251 web/statuspage.c:264
msgid "Client"
msgstr ""
-#: ../web/statuspage.c:395
+#: web/statuspage.c:251
msgid "IP address"
msgstr "IP Adresse"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "Date"
msgstr "Datum"
-#: ../web/statuspage.c:397
+#: web/statuspage.c:253
msgid "Kill"
msgstr "Kill"
-#: ../web/statuspage.c:405
+#: web/statuspage.c:261
msgid "Active Shares"
msgstr "Aktive Freigaben"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Share"
msgstr "Freigabe"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "User"
msgstr "Benutzer"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Group"
msgstr "Gruppe"
-#: ../web/statuspage.c:414
+#: web/statuspage.c:270
msgid "Open Files"
msgstr "Offene Dateien"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Sharing"
msgstr ""
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "R/W"
msgstr ""
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Oplock"
msgstr ""
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "File"
msgstr ""
-#: ../web/statuspage.c:425
-msgid "Show Client in col 1"
-msgstr ""
-
-#: ../web/statuspage.c:426
-msgid "Show PID in col 1"
-msgstr ""
-
-#: ../param/loadparm.c:755
+#: param/loadparm.c:641
msgid "Base Options"
msgstr "Basisoptionen"
-#: ../param/loadparm.c:775
+#: param/loadparm.c:643
+msgid "dos charset"
+msgstr "dos Charakterset"
+
+#: param/loadparm.c:644
+msgid "unix charset"
+msgstr "unix Charakterset"
+
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr "Anzeige Charakterset"
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr "Kommentar"
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr "Pfad"
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr "Verzeichnis"
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr "Arbeitsgruppe"
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr "netbios name"
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr "netbios aliase"
+
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr "netbios scope"
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr "server string"
+
+#: param/loadparm.c:654
+msgid "interfaces"
+msgstr "Schnittstellen"
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr "verwende nur definierte Schnittstellen"
+
+#: param/loadparm.c:657
msgid "Security Options"
msgstr "Sicherheitsoptionen"
-#: ../param/loadparm.c:859
+#: param/loadparm.c:659
+msgid "security"
+msgstr "Sicherheit"
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr "Verschlsselte Passwrter"
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr "update Verschlsselte"
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr "Erlaube Vertrauneswrdige Dom舅en"
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr "Alternative Berechtigungen"
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr ""
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr "Min. L舅ge Passwort"
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr "Min. L舅ge Passwort"
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr "Map nach Gast"
+
+#: param/loadparm.c:668
+msgid "null passwords"
+msgstr "leere Passwrter"
+
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
+msgstr "Folge pam Einschr舅kungen"
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr "Serverpasswort"
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr "smb passwd Datei"
+
+#: param/loadparm.c:672
+msgid "private dir"
+msgstr "Privates Verzeichnis"
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr "Pfad passdb Modul"
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr ""
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr ""
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr ""
+
+#: param/loadparm.c:678
+msgid "pam password change"
+msgstr "pam Passwort舅derung"
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr ""
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr ""
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr ""
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr "username map"
+
+#: param/loadparm.c:683
+msgid "password level"
+msgstr "Stufe Passwort "
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr "Stufe Benutzer"
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr "Synchronisiere unix Passwort "
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr "Beschr舅ke anonymus"
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr ""
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr ""
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr "plaintext to smbpasswd"
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr "use rhosts"
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr "Benutzername"
+
+#: param/loadparm.c:693
+msgid "user"
+msgstr "Benutzer"
+
+#: param/loadparm.c:694
+msgid "users"
+msgstr "Benutzer"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr "Gast Account"
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr "Ungltige Benutzer"
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr "Gltige Benutzer"
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr "Administratoren"
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr ""
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr ""
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr "Druckerverwalter"
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr ""
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr ""
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr "Gruppe"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr "nur lesen"
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr "Schreiben zulassen"
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr "Beschreibbar"
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr "Beschreibbar"
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr "Erstellungsmaske"
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr "Erstellungsmodus"
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr "Erzwinge Erstellungsmodus"
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr ""
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr "Erzwinge Sicherheitsmodus"
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr "Verzeichnismaske"
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr "Verzeichnismodus"
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr "Erzwinge Verzeichnismodus"
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr "Verzeichnis Sicherheitsmaske"
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr "Erzwinge Verzeichnis Sicherheitsmodus"
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr "Vererbe Rechte"
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr "nur G舖te"
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr "nur G舖te"
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr "G舖te erlaubt"
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr "ヨffentlich"
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr "Nur Benutzer"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr "Erlaube hosts"
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr "Erlaube hosts"
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr "verbiete hosts"
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr "verbiete hosts"
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "Secure Socket Layer Optionen"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr ""
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr ""
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr ""
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr ""
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr ""
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr ""
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr ""
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr ""
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr ""
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr "ssl bedarf eines Clientzertifikats"
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr "ssl bedarf eines Serverzertifikats"
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr ""
+
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr ""
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr ""
+
+#: param/loadparm.c:754
msgid "Logging Options"
msgstr "Log Optionen"
-#: ../param/loadparm.c:874
+#: param/loadparm.c:755
+msgid "log level"
+msgstr "Log Stufe"
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr "Debug Stufe"
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr ""
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr "nur syslog"
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr "Log Datei"
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr "max log Grsse"
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr ""
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr ""
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr ""
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr ""
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr ""
+
+#: param/loadparm.c:768
msgid "Protocol Options"
-msgstr "Protokoll Optionen"
+msgstr " Protokoll Optionen"
+
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr "Protokoll"
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
-#: ../param/loadparm.c:911
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr "max Protokoll"
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr "min Protokoll"
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr ""
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr ""
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr ""
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr "nt smb Untersttzung"
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr "nt pipe Untersttzung"
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr "ntacl Untersttzung"
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr "Melde Version"
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr "Melde als"
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr ""
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr ""
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr "Reihenfolge Namensauflsung"
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr "max Paket"
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr "Paketgr゚e"
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr ""
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr ""
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr "wins ttl minimo"
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr "Zeitserver"
+
+#: param/loadparm.c:795
msgid "Tuning Options"
msgstr "Optimierungsoptionen"
-#: ../param/loadparm.c:940
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr ""
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr ""
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr ""
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr ""
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr "Max Anzahl smbd Prozesse"
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr "Max. Verbindungen"
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr "Paranoide Serversicherheit"
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr "Max. Festplattengr゚e"
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr "max Anzahl offener Dateien"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr ""
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr ""
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr "Socket Optionen"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr "Grsse stat cache"
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr ""
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr ""
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr ""
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr "verwende mmap"
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr "gr゚e Schreibpuffer"
+
+#: param/loadparm.c:820
msgid "Printing Options"
msgstr "Druckoptionen"
-#: ../param/loadparm.c:970
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr "Druckauftr臠e insges."
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr "Druckauftr臠e max."
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr "lade Drucker"
+
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr "printcap name"
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr ""
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr "Bedruckbar"
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr "Druck ok"
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr ""
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr "Druck"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr "Druckbefehl"
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr "deaktiviere spoolss"
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr "lpq Befehl"
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr "lprm Befehl"
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr "lppause Befehl"
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr "lpresume Befehl"
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr "queuepause Befehl"
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr "queueresume Befehl"
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr "enumports Befehl"
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr "addprinter Befehl"
+
+#: param/loadparm.c:842
+msgid "deleteprinter command"
+msgstr "deleteprinter Befehl"
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr "Zeige Wizzard zum hinzufgen von Druckern"
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr ""
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr "Druckername"
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr "Drucker
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr "Verwende client Treiber"
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr "Druckertreiber"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr "Druckertreiber Datei"
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr "Pfad Druckertreiber"
+
+#: param/loadparm.c:853
msgid "Filename Handling"
msgstr "Verwaltung Dateinamen"
-#: ../param/loadparm.c:996
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr "Entferne den Punkt"
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr ""
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr ""
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr ""
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr ""
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr ""
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr ""
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr ""
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr ""
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr ""
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr ""
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr ""
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr "Verstecke Dateien"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr ""
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr ""
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr ""
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr ""
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr ""
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr ""
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr ""
+
+#: param/loadparm.c:877
msgid "Domain Options"
msgstr "Dom舅en Optionen"
-#: ../param/loadparm.c:1000
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr "Gruppe Dom舅enadministratoren"
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr "Dom舅en Gastgruppen"
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr ""
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr "Verfall Maschinenpasswort"
+
+#: param/loadparm.c:888
msgid "Logon Options"
msgstr "Login optionen"
-#: ../param/loadparm.c:1019
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr ""
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr ""
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr ""
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr ""
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr ""
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr ""
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr ""
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr ""
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr ""
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr ""
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr ""
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr ""
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr ""
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr ""
+
+#: param/loadparm.c:906
msgid "Browse Options"
msgstr "Browsing Optionen"
-#: ../param/loadparm.c:1033
+#: param/loadparm.c:908
+msgid "os level"
+msgstr "os Stufe"
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr ""
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr ""
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr "Bevorzugter master"
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr "Bevorzugter master"
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr "Lokaler master"
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr "Dom舅en master"
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr "browsing Liste"
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr ""
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr ""
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr "Erweitertes browsing"
+
+#: param/loadparm.c:920
msgid "WINS Options"
msgstr "WINS Optionen"
-#: ../param/loadparm.c:1043
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr ""
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr ""
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr ""
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr ""
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr ""
+
+#: param/loadparm.c:928
msgid "Locking Options"
msgstr "Locking Optionen"
-#: ../param/loadparm.c:1061
+#: param/loadparm.c:930
+msgid "blocking locks"
+msgstr ""
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr ""
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr ""
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr ""
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr ""
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr ""
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr ""
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr ""
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr ""
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr ""
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr ""
+
+#: param/loadparm.c:944
msgid "Ldap Options"
msgstr "LDAP Optionen"
-#: ../param/loadparm.c:1078
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr ""
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr ""
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr ""
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr ""
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr ""
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr ""
+
+#: param/loadparm.c:954
msgid "Miscellaneous Options"
msgstr "Verschiedene Optionen"
-#: ../param/loadparm.c:1138
-msgid "VFS module options"
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr ""
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr ""
+
+#: param/loadparm.c:957
+msgid "delete share command"
+msgstr ""
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr "Konfigurationsdatei"
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr "Lade im Voraus"
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr ""
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr "Lock Verzeichnis"
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr "Lock Verzeichnis"
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr "utmp Verzeichnis"
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr "wtmp Verzeichnis"
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr ""
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr ""
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr ""
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr "Message Befehl"
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr "dfree Befehl"
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr "remote announce"
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr ""
+
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr ""
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr ""
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr ""
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr ""
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr ""
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr "Kopie"
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr "include"
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr ""
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr ""
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr ""
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr ""
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr ""
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr ""
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr ""
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr "Verfgbar"
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr ""
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr "Typ Dateisystem"
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr ""
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr ""
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr "Folge symlinks"
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr "nicht hinabsteigen"
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr ""
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr ""
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr "Lsche nur-lesen"
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr ""
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr ""
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr ""
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr ""
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr ""
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr "verstecke lokale Benutzer"
+
+#: param/loadparm.c:1012
+msgid "VFS options"
msgstr "VFS Optionen"
-#: ../param/loadparm.c:1148
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+msgid "vfs options"
+msgstr ""
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr ""
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr ""
+
+#: param/loadparm.c:1021
msgid "Winbind options"
msgstr "Winbind Optionen"
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr ""
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr ""
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr ""
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr ""
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr ""
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
diff --git a/source/po/en.msg b/source/po/en.msg
index 6a1fcb55bac..2f78cb835e7 100644
--- a/source/po/en.msg
+++ b/source/po/en.msg
@@ -1,593 +1,1707 @@
# English messages for international release of SWAT.
-# Copyright (C) 2003 TAKAHASHI Motonobu <monyo@samba.org>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
+# Copyright (C) 2001 Free Software Foundation, Inc.
+# TAKAHASHI Motonobu <monyo@samba.org>, 2001.
msgid ""
msgstr ""
"Project-Id-Version: i18n_swat \n"
-"POT-Creation-Date: 2003-10-06 05:30+0900\n"
+"POT-Creation-Date: 2001-09-20 20:29+0900\n"
"PO-Revision-Date: 2000-02-08 12:48+09:00\n"
-"Last-Translator: TAKAHASHI Motonobu <monyo@samba.org>\n"
+"Last-Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp>\n"
"Language-Team: (Samba Team) <samba-technical@samba.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=US-ASCII\n"
"Content-Transfer-Encoding: \n"
-#: ../web/swat.c:117
+#: web/swat.c:120
#, c-format
-msgid "ERROR: Can't open %s"
+msgid "ERROR: Can't open %s\n"
msgstr ""
-#: ../web/swat.c:200
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
msgid "Help"
msgstr ""
-#: ../web/swat.c:206 ../web/swat.c:220 ../web/swat.c:235 ../web/swat.c:243 ../web/swat.c:252 ../web/swat.c:261 ../web/swat.c:267 ../web/swat.c:273 ../web/swat.c:286
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
msgid "Set Default"
msgstr ""
-#: ../web/swat.c:408
+#: web/swat.c:502
#, c-format
-msgid "failed to open %s for writing"
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr ""
+
+#: web/swat.c:505
+msgid "Home"
+msgstr ""
+
+#: web/swat.c:507
+msgid "Globals"
+msgstr ""
+
+#: web/swat.c:508
+msgid "Shares"
+msgstr ""
+
+#: web/swat.c:509
+msgid "Printers"
+msgstr ""
+
+#: web/swat.c:512
+msgid "Status"
+msgstr ""
+
+#: web/swat.c:513
+msgid "View Config"
+msgstr ""
+
+#: web/swat.c:515
+msgid "Password Management"
msgstr ""
-#: ../web/swat.c:431
+#: web/swat.c:539
+msgid "Current Config"
+msgstr ""
+
+#: web/swat.c:543
+msgid "Normal View"
+msgstr ""
+
+#: web/swat.c:545
+msgid "Full View"
+msgstr ""
+
+#: web/swat.c:561
+msgid "Global Variables"
+msgstr ""
+
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
+msgid "Commit Changes"
+msgstr ""
+
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
+msgid "Reset Values"
+msgstr ""
+
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr ""
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr ""
+
+#: web/swat.c:613
+msgid "Share Parameters"
+msgstr ""
+
+#: web/swat.c:642
+msgid "Choose Share"
+msgstr ""
+
+#: web/swat.c:656
+msgid "Delete Share"
+msgstr ""
+
+#: web/swat.c:663
+msgid "Create Share"
+msgstr ""
+
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
+msgstr ""
+
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr ""
+
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr ""
+
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr ""
+
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr ""
+
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr ""
+
+#: web/swat.c:812
#, c-format
-msgid "Can't reload %s"
+msgid " The passwd for '%s' has been changed. \n"
msgstr ""
-#: ../web/swat.c:501
+#: web/swat.c:814
#, c-format
-msgid "Logged in as <b>%s</b>"
+msgid " The passwd for '%s' has NOT been changed. \n"
msgstr ""
-#: ../web/swat.c:505
-msgid "Home"
+#: web/swat.c:838
+msgid "Server Password Management"
msgstr ""
-#: ../web/swat.c:507
-msgid "Globals"
+#.
+#. * Create all the dialog boxes for data collection
+#.
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
msgstr ""
-#: ../web/swat.c:508
-msgid "Shares"
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
msgstr ""
-#: ../web/swat.c:509
-msgid "Printers"
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
msgstr ""
-#: ../web/swat.c:510
-msgid "Wizard"
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
msgstr ""
-#: ../web/swat.c:513
-msgid "Status"
+#: web/swat.c:863 web/swat.c:911
+msgid "Change Password"
msgstr ""
-#: ../web/swat.c:514
-msgid "View Config"
+#: web/swat.c:866
+msgid "Add New User"
msgstr ""
-#: ../web/swat.c:516
-msgid "Password Management"
+#: web/swat.c:868
+msgid "Delete User"
msgstr ""
-#: ../web/swat.c:526
-msgid "Current View Is"
+#: web/swat.c:870
+msgid "Disable User"
msgstr ""
-#: ../web/swat.c:527 ../web/swat.c:530
-msgid "Basic"
+#: web/swat.c:872
+msgid "Enable User"
msgstr ""
-#: ../web/swat.c:528 ../web/swat.c:531
-msgid "Advanced"
+#: web/swat.c:885
+msgid "Client/Server Password Management"
msgstr ""
-#: ../web/swat.c:529
-msgid "Change View To"
+#: web/swat.c:902
+msgid " Remote Machine : "
msgstr ""
-#: ../web/swat.c:554
-msgid "Current Config"
+#: web/swat.c:940
+msgid "Printer Parameters"
msgstr ""
-#: ../web/swat.c:558
-msgid "Normal View"
+#: web/swat.c:942
+msgid "Important Note:"
msgstr ""
-#: ../web/swat.c:560
-msgid "Full View"
+#: web/swat.c:943
+msgid "Printer names marked with [*] in the Choose Printer drop-down box "
msgstr ""
-#. Here we first set and commit all the parameters that were selected
-#. in the previous screen.
-#: ../web/swat.c:579
-msgid "Wizard Parameter Edit Page"
+#: web/swat.c:944
+msgid "are autoloaded printers from "
msgstr ""
-#: ../web/swat.c:608
-msgid "Note: smb.conf file has been read and rewritten"
+#: web/swat.c:945
+msgid "Printcap Name"
msgstr ""
-#. Here we go ...
-#: ../web/swat.c:716
-msgid "Samba Configuration Wizard"
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
msgstr ""
-#: ../web/swat.c:720
-msgid "The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."
+#: web/swat.c:980
+msgid "Choose Printer"
msgstr ""
-#: ../web/swat.c:721
-msgid "The same will happen if you press the commit button."
+#: web/swat.c:999
+msgid "Delete Printer"
msgstr ""
-#: ../web/swat.c:724
-msgid "Rewrite smb.conf file"
+#: web/swat.c:1006
+msgid "Create Printer"
msgstr ""
-#: ../web/swat.c:725
-msgid "Commit"
+#: web/statuspage.c:40
+msgid "DENY_NONE"
msgstr ""
-#: ../web/swat.c:726
-msgid "Edit Parameter Values"
+#: web/statuspage.c:41
+msgid "DENY_ALL "
msgstr ""
-#: ../web/swat.c:732
-msgid "Server Type"
+#: web/statuspage.c:42
+msgid "DENY_DOS "
msgstr ""
-#: ../web/swat.c:733
-msgid "Stand Alone"
+#: web/statuspage.c:43
+msgid "DENY_READ "
msgstr ""
-#: ../web/swat.c:734
-msgid "Domain Member"
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
msgstr ""
-#: ../web/swat.c:735
-msgid "Domain Controller"
+#: web/statuspage.c:50
+msgid "RDONLY "
msgstr ""
-#: ../web/swat.c:738
-msgid "Unusual Type in smb.conf - Please Select New Mode"
+#: web/statuspage.c:51
+msgid "WRONLY "
msgstr ""
-#: ../web/swat.c:740
-msgid "Configure WINS As"
+#: web/statuspage.c:52
+msgid "RDWR "
msgstr ""
-#: ../web/swat.c:741
-msgid "Not Used"
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
msgstr ""
-#: ../web/swat.c:742
-msgid "Server for client use"
+#: web/statuspage.c:62
+msgid "EXCLUSIVE "
msgstr ""
-#: ../web/swat.c:743
-msgid "Client of another WINS server"
+#: web/statuspage.c:64
+msgid "BATCH "
msgstr ""
-#: ../web/swat.c:745
-msgid "Remote WINS Server"
+#: web/statuspage.c:66
+msgid "LEVEL_II "
msgstr ""
-#: ../web/swat.c:756
-msgid "Error: WINS Server Mode and WINS Support both set in smb.conf"
+#: web/statuspage.c:68
+msgid "NONE "
msgstr ""
-#: ../web/swat.c:757
-msgid "Please Select desired WINS mode above."
+#: web/statuspage.c:195
+msgid "Server Status"
msgstr ""
-#: ../web/swat.c:759
-msgid "Expose Home Directories"
+#: web/statuspage.c:200
+msgid "Auto Refresh"
msgstr ""
-#: ../web/swat.c:774
-msgid "The above configuration options will set multiple parameters and will generally assist with rapid Samba deployment."
+#: web/statuspage.c:201 web/statuspage.c:206
+msgid "Refresh Interval: "
msgstr ""
-#: ../web/swat.c:787
-msgid "Global Parameters"
+#: web/statuspage.c:205
+msgid "Stop Refreshing"
msgstr ""
-#: ../web/swat.c:815 ../web/swat.c:916 ../web/swat.c:1265
-msgid "Commit Changes"
+#: web/statuspage.c:220
+msgid "version:"
msgstr ""
-#: ../web/swat.c:819 ../web/swat.c:919 ../web/swat.c:1267
-msgid "Reset Values"
+#: web/statuspage.c:223
+msgid "smbd:"
msgstr ""
-#: ../web/swat.c:844
-msgid "Share Parameters"
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "running"
msgstr ""
-#: ../web/swat.c:887
-msgid "Choose Share"
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "not running"
msgstr ""
-#: ../web/swat.c:901
-msgid "Delete Share"
+#: web/statuspage.c:226
+msgid "Stop smbd"
msgstr ""
-#: ../web/swat.c:908
-msgid "Create Share"
+#: web/statuspage.c:228
+msgid "Start smbd"
msgstr ""
-#: ../web/swat.c:944
-msgid "password change in demo mode rejected"
+#: web/statuspage.c:230
+msgid "Restart smbd"
msgstr ""
-#: ../web/swat.c:957
-msgid "Can't setup password database vectors."
+#: web/statuspage.c:235
+msgid "nmbd:"
msgstr ""
-#: ../web/swat.c:983
-msgid " Must specify \"User Name\" "
+#: web/statuspage.c:238
+msgid "Stop nmbd"
msgstr ""
-#: ../web/swat.c:999
-msgid " Must specify \"Old Password\" "
+#: web/statuspage.c:240
+msgid "Start nmbd"
msgstr ""
-#: ../web/swat.c:1005
-msgid " Must specify \"Remote Machine\" "
+#: web/statuspage.c:242
+msgid "Restart nmbd"
msgstr ""
-#: ../web/swat.c:1012
-msgid " Must specify \"New, and Re-typed Passwords\" "
+#: web/statuspage.c:249
+msgid "Active Connections"
msgstr ""
-#: ../web/swat.c:1018
-msgid " Re-typed password didn't match new password "
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "PID"
msgstr ""
-#: ../web/swat.c:1048
-#, c-format
-msgid " The passwd for '%s' has been changed."
+#: web/statuspage.c:251 web/statuspage.c:264
+msgid "Client"
msgstr ""
-#: ../web/swat.c:1051
-#, c-format
-msgid " The passwd for '%s' has NOT been changed."
+#: web/statuspage.c:251
+msgid "IP address"
msgstr ""
-#: ../web/swat.c:1076
-msgid "Server Password Management"
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "Date"
msgstr ""
-#.
-#. * Create all the dialog boxes for data collection
-#.
-#: ../web/swat.c:1085 ../web/swat.c:1132
-msgid "User Name"
+#: web/statuspage.c:253
+msgid "Kill"
msgstr ""
-#: ../web/swat.c:1088 ../web/swat.c:1134
-msgid "Old Password"
+#: web/statuspage.c:261
+msgid "Active Shares"
msgstr ""
-#: ../web/swat.c:1091 ../web/swat.c:1136
-msgid "New Password"
+#: web/statuspage.c:264
+msgid "Share"
msgstr ""
-#: ../web/swat.c:1093 ../web/swat.c:1138
-msgid "Re-type New Password"
+#: web/statuspage.c:264
+msgid "User"
msgstr ""
-#: ../web/swat.c:1101 ../web/swat.c:1149
-msgid "Change Password"
+#: web/statuspage.c:264
+msgid "Group"
msgstr ""
-#: ../web/swat.c:1104
-msgid "Add New User"
+#: web/statuspage.c:270
+msgid "Open Files"
msgstr ""
-#: ../web/swat.c:1106
-msgid "Delete User"
+#: web/statuspage.c:272
+msgid "Sharing"
msgstr ""
-#: ../web/swat.c:1108
-msgid "Disable User"
+#: web/statuspage.c:272
+msgid "R/W"
msgstr ""
-#: ../web/swat.c:1110
-msgid "Enable User"
+#: web/statuspage.c:272
+msgid "Oplock"
msgstr ""
-#: ../web/swat.c:1123
-msgid "Client/Server Password Management"
+#: web/statuspage.c:272
+msgid "File"
msgstr ""
-#: ../web/swat.c:1140
-msgid "Remote Machine"
+#: param/loadparm.c:641
+msgid "Base Options"
msgstr ""
-#: ../web/swat.c:1179
-msgid "Printer Parameters"
+#: param/loadparm.c:643
+msgid "dos charset"
msgstr ""
-#: ../web/swat.c:1181
-msgid "Important Note:"
+#: param/loadparm.c:644
+msgid "unix charset"
msgstr ""
-#: ../web/swat.c:1182
-msgid "Printer names marked with [*] in the Choose Printer drop-down box "
+#: param/loadparm.c:645
+msgid "display charset"
msgstr ""
-#: ../web/swat.c:1183
-msgid "are autoloaded printers from "
+#: param/loadparm.c:646
+msgid "comment"
msgstr ""
-#: ../web/swat.c:1184
-msgid "Printcap Name"
+#: param/loadparm.c:647
+msgid "path"
msgstr ""
-#: ../web/swat.c:1185
-msgid "Attempting to delete these printers from SWAT will have no effect."
+#: param/loadparm.c:648
+msgid "directory"
msgstr ""
-#: ../web/swat.c:1231
-msgid "Choose Printer"
+#: param/loadparm.c:649
+msgid "workgroup"
msgstr ""
-#: ../web/swat.c:1250
-msgid "Delete Printer"
+#: param/loadparm.c:650
+msgid "netbios name"
msgstr ""
-#: ../web/swat.c:1257
-msgid "Create Printer"
+#: param/loadparm.c:651
+msgid "netbios aliases"
msgstr ""
-#: ../web/statuspage.c:123
-msgid "RDONLY "
+#: param/loadparm.c:652
+msgid "netbios scope"
msgstr ""
-#: ../web/statuspage.c:124
-msgid "WRONLY "
+#: param/loadparm.c:653
+msgid "server string"
msgstr ""
-#: ../web/statuspage.c:125
-msgid "RDWR "
+#: param/loadparm.c:654
+msgid "interfaces"
msgstr ""
-#: ../web/statuspage.c:309
-msgid "Server Status"
+#: param/loadparm.c:655
+msgid "bind interfaces only"
msgstr ""
-#: ../web/statuspage.c:314
-msgid "Auto Refresh"
+#: param/loadparm.c:657
+msgid "Security Options"
msgstr ""
-#: ../web/statuspage.c:315 ../web/statuspage.c:320
-msgid "Refresh Interval: "
+#: param/loadparm.c:659
+msgid "security"
msgstr ""
-#: ../web/statuspage.c:319
-msgid "Stop Refreshing"
+#: param/loadparm.c:660
+msgid "encrypt passwords"
msgstr ""
-#: ../web/statuspage.c:334
-msgid "version:"
+#: param/loadparm.c:661
+msgid "update encrypted"
msgstr ""
-#: ../web/statuspage.c:337
-msgid "smbd:"
+#: param/loadparm.c:662
+msgid "allow trusted domains"
msgstr ""
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
-msgid "running"
+#: param/loadparm.c:663
+msgid "alternate permissions"
msgstr ""
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
-msgid "not running"
+#: param/loadparm.c:664
+msgid "hosts equiv"
msgstr ""
-#: ../web/statuspage.c:341
-msgid "Stop smbd"
+#: param/loadparm.c:665
+msgid "min passwd length"
msgstr ""
-#: ../web/statuspage.c:343
-msgid "Start smbd"
+#: param/loadparm.c:666
+msgid "min password length"
msgstr ""
-#: ../web/statuspage.c:345
-msgid "Restart smbd"
+#: param/loadparm.c:667
+msgid "map to guest"
msgstr ""
-#: ../web/statuspage.c:350
-msgid "nmbd:"
+#: param/loadparm.c:668
+msgid "null passwords"
msgstr ""
-#: ../web/statuspage.c:354
-msgid "Stop nmbd"
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
msgstr ""
-#: ../web/statuspage.c:356
-msgid "Start nmbd"
+#: param/loadparm.c:670
+msgid "password server"
msgstr ""
-#: ../web/statuspage.c:358
-msgid "Restart nmbd"
+#: param/loadparm.c:671
+msgid "smb passwd file"
msgstr ""
-#: ../web/statuspage.c:364
-msgid "winbindd:"
+#: param/loadparm.c:672
+msgid "private dir"
msgstr ""
-#: ../web/statuspage.c:368
-msgid "Stop winbindd"
+#: param/loadparm.c:673
+msgid "passdb module path"
msgstr ""
-#: ../web/statuspage.c:370
-msgid "Start winbindd"
+#: param/loadparm.c:674
+msgid "root directory"
msgstr ""
-#: ../web/statuspage.c:372
-msgid "Restart winbindd"
+#: param/loadparm.c:675
+msgid "root dir"
msgstr ""
-#. stop, restart all
-#: ../web/statuspage.c:381
-msgid "Stop All"
+#: param/loadparm.c:676
+msgid "root"
msgstr ""
-#: ../web/statuspage.c:382
-msgid "Restart All"
+#: param/loadparm.c:678
+msgid "pam password change"
msgstr ""
-#. start all
-#: ../web/statuspage.c:386
-msgid "Start All"
+#: param/loadparm.c:679
+msgid "passwd program"
msgstr ""
-#: ../web/statuspage.c:393
-msgid "Active Connections"
+#: param/loadparm.c:680
+msgid "passwd chat"
msgstr ""
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
-msgid "PID"
+#: param/loadparm.c:681
+msgid "passwd chat debug"
msgstr ""
-#: ../web/statuspage.c:395 ../web/statuspage.c:408
-msgid "Client"
+#: param/loadparm.c:682
+msgid "username map"
msgstr ""
-#: ../web/statuspage.c:395
-msgid "IP address"
+#: param/loadparm.c:683
+msgid "password level"
msgstr ""
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
-msgid "Date"
+#: param/loadparm.c:684
+msgid "username level"
msgstr ""
-#: ../web/statuspage.c:397
-msgid "Kill"
+#: param/loadparm.c:685
+msgid "unix password sync"
msgstr ""
-#: ../web/statuspage.c:405
-msgid "Active Shares"
+#: param/loadparm.c:686
+msgid "restrict anonymous"
msgstr ""
-#: ../web/statuspage.c:408
-msgid "Share"
+#: param/loadparm.c:687
+msgid "lanman auth"
msgstr ""
-#: ../web/statuspage.c:408
-msgid "User"
+#: param/loadparm.c:688
+msgid "ntlm auth"
msgstr ""
-#: ../web/statuspage.c:408
-msgid "Group"
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
msgstr ""
-#: ../web/statuspage.c:414
-msgid "Open Files"
+#: param/loadparm.c:690
+msgid "use rhosts"
msgstr ""
-#: ../web/statuspage.c:416
-msgid "Sharing"
+#: param/loadparm.c:692
+msgid "username"
msgstr ""
-#: ../web/statuspage.c:416
-msgid "R/W"
+#: param/loadparm.c:693
+msgid "user"
msgstr ""
-#: ../web/statuspage.c:416
-msgid "Oplock"
+#: param/loadparm.c:694
+msgid "users"
msgstr ""
-#: ../web/statuspage.c:416
-msgid "File"
+#: param/loadparm.c:696
+msgid "guest account"
msgstr ""
-#: ../web/statuspage.c:425
-msgid "Show Client in col 1"
+#: param/loadparm.c:697
+msgid "invalid users"
msgstr ""
-#: ../web/statuspage.c:426
-msgid "Show PID in col 1"
+#: param/loadparm.c:698
+msgid "valid users"
msgstr ""
-#: ../param/loadparm.c:755
-msgid "Base Options"
+#: param/loadparm.c:699
+msgid "admin users"
msgstr ""
-#: ../param/loadparm.c:775
-msgid "Security Options"
+#: param/loadparm.c:700
+msgid "read list"
+msgstr ""
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr ""
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr ""
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr ""
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr ""
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr ""
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr ""
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr ""
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr ""
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr ""
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr ""
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr ""
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr ""
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr ""
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr ""
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr ""
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr ""
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr ""
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr ""
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr ""
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr ""
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr ""
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr ""
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr ""
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr ""
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr ""
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr ""
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr ""
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr ""
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr ""
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr ""
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr ""
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr ""
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr ""
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr ""
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr ""
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr ""
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr ""
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr ""
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr ""
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr ""
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr ""
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
msgstr ""
-#: ../param/loadparm.c:859
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr ""
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr ""
+
+#: param/loadparm.c:754
msgid "Logging Options"
msgstr ""
-#: ../param/loadparm.c:874
+#: param/loadparm.c:755
+msgid "log level"
+msgstr ""
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr ""
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr ""
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr ""
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr ""
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr ""
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr ""
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr ""
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr ""
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr ""
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr ""
+
+#: param/loadparm.c:768
msgid "Protocol Options"
msgstr ""
-#: ../param/loadparm.c:911
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr ""
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
+
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr ""
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr ""
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr ""
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr ""
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr ""
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr ""
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr ""
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr ""
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr ""
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr ""
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr ""
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr ""
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr ""
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr ""
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr ""
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr ""
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr ""
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr ""
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr ""
+
+#: param/loadparm.c:795
msgid "Tuning Options"
msgstr ""
-#: ../param/loadparm.c:940
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr ""
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr ""
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr ""
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr ""
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr ""
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr ""
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr ""
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr ""
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr ""
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr ""
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr ""
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr ""
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr ""
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr ""
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr ""
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr ""
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr ""
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr ""
+
+#: param/loadparm.c:820
msgid "Printing Options"
msgstr ""
-#: ../param/loadparm.c:970
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr ""
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr ""
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr ""
+
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr ""
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr ""
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr ""
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr ""
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr ""
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr ""
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr ""
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr ""
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr ""
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr ""
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr ""
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr ""
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr ""
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr ""
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr ""
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr ""
+
+#: param/loadparm.c:842
+msgid "deleteprinter command"
+msgstr ""
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr ""
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr ""
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr ""
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr ""
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr ""
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr ""
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr ""
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr ""
+
+#: param/loadparm.c:853
msgid "Filename Handling"
msgstr ""
-#: ../param/loadparm.c:996
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr ""
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr ""
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr ""
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr ""
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr ""
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr ""
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr ""
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr ""
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr ""
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr ""
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr ""
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr ""
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr ""
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr ""
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr ""
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr ""
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr ""
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr ""
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr ""
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr ""
+
+#: param/loadparm.c:877
msgid "Domain Options"
msgstr ""
-#: ../param/loadparm.c:1000
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr ""
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr ""
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr ""
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr ""
+
+#: param/loadparm.c:888
msgid "Logon Options"
msgstr ""
-#: ../param/loadparm.c:1019
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr ""
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr ""
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr ""
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr ""
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr ""
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr ""
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr ""
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr ""
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr ""
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr ""
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr ""
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr ""
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr ""
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr ""
+
+#: param/loadparm.c:906
msgid "Browse Options"
msgstr ""
-#: ../param/loadparm.c:1033
+#: param/loadparm.c:908
+msgid "os level"
+msgstr ""
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr ""
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr ""
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr ""
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr ""
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr ""
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr ""
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr ""
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr ""
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr ""
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr ""
+
+#: param/loadparm.c:920
msgid "WINS Options"
msgstr ""
-#: ../param/loadparm.c:1043
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr ""
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr ""
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr ""
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr ""
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr ""
+
+#: param/loadparm.c:928
msgid "Locking Options"
msgstr ""
-#: ../param/loadparm.c:1061
+#: param/loadparm.c:930
+msgid "blocking locks"
+msgstr ""
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr ""
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr ""
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr ""
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr ""
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr ""
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr ""
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr ""
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr ""
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr ""
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr ""
+
+#: param/loadparm.c:944
msgid "Ldap Options"
msgstr ""
-#: ../param/loadparm.c:1078
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr ""
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr ""
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr ""
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr ""
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr ""
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr ""
+
+#: param/loadparm.c:954
msgid "Miscellaneous Options"
msgstr ""
-#: ../param/loadparm.c:1138
-msgid "VFS module options"
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr ""
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr ""
+
+#: param/loadparm.c:957
+msgid "delete share command"
+msgstr ""
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr ""
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr ""
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr ""
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr ""
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr ""
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr ""
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr ""
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr ""
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr ""
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr ""
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr ""
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr ""
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr ""
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
msgstr ""
-#: ../param/loadparm.c:1148
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr ""
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr ""
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr ""
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr ""
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr ""
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr ""
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr ""
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr ""
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr ""
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr ""
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr ""
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr ""
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr ""
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr ""
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr ""
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr ""
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr ""
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr ""
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr ""
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr ""
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr ""
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr ""
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr ""
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr ""
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr ""
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr ""
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr ""
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr ""
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr ""
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr ""
+
+#: param/loadparm.c:1012
+msgid "VFS options"
+msgstr ""
+
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+msgid "vfs options"
+msgstr ""
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr ""
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr ""
+
+#: param/loadparm.c:1021
msgid "Winbind options"
msgstr ""
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr ""
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr ""
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr ""
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr ""
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr ""
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
diff --git a/source/po/fr.msg b/source/po/fr.msg
index 134f1d6390b..493db659ae6 100644
--- a/source/po/fr.msg
+++ b/source/po/fr.msg
@@ -1,593 +1,1709 @@
# French messages for international release of SWAT.
# Copyright (C) 2001 Fran輟is Le Lay <fanch@tuxfamily.org>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
+
msgid ""
msgstr ""
"Project-Id-Version: i18n_swat \n"
-"POT-Creation-Date: 2003-10-06 05:30+0900\n"
+"POT-Creation-Date: 2001-09-20 14:05+0100\n"
"PO-Revision-Date: 2000-02-08 14:45+0100\n"
"Last-Translator: Fran輟is Le Lay <fanch@tuxfamily.org>\n"
"Language-Team: (Samba Team) <samba-technical@samba.org>\n"
"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=iso-8859-1\n"
+"Content-Type: text/plain; charset=US-ASCII\n"
"Content-Transfer-Encoding: \n"
-#: ../web/swat.c:117
+#: web/swat.c:120
#, c-format
-msgid "ERROR: Can't open %s"
-msgstr ""
+msgid "ERROR: Can't open %s\n"
+msgstr "ERREUR: Impossible d'ouvrir %s\n"
-#: ../web/swat.c:200
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
msgid "Help"
msgstr "Aide"
-#: ../web/swat.c:206 ../web/swat.c:220 ../web/swat.c:235 ../web/swat.c:243 ../web/swat.c:252 ../web/swat.c:261 ../web/swat.c:267 ../web/swat.c:273 ../web/swat.c:286
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
msgid "Set Default"
msgstr "D馭inir par d馭aut"
-#: ../web/swat.c:408
+#: web/swat.c:502
#, c-format
-msgid "failed to open %s for writing"
-msgstr ""
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr "Connect en tant que <b>%s</b><p>\n"
-#: ../web/swat.c:431
-#, c-format
-msgid "Can't reload %s"
-msgstr ""
-
-#: ../web/swat.c:501
-#, c-format
-msgid "Logged in as <b>%s</b>"
-msgstr "Connect en tant que <b>%s</b>"
-
-#: ../web/swat.c:505
+#: web/swat.c:505
msgid "Home"
msgstr "Home"
-#: ../web/swat.c:507
+#: web/swat.c:507
msgid "Globals"
msgstr "Param鑼res G駭駻aux"
-#: ../web/swat.c:508
+#: web/swat.c:508
msgid "Shares"
msgstr "Partages"
-#: ../web/swat.c:509
+#: web/swat.c:509
msgid "Printers"
msgstr "Imprimantes"
-#: ../web/swat.c:510
-msgid "Wizard"
-msgstr ""
-
-#: ../web/swat.c:513
+#: web/swat.c:512
msgid "Status"
msgstr "Statut"
-#: ../web/swat.c:514
+#: web/swat.c:513
msgid "View Config"
msgstr "Voir Configuration"
-#: ../web/swat.c:516
+#: web/swat.c:515
msgid "Password Management"
msgstr "Gestion des mots de passe"
-#: ../web/swat.c:526
-msgid "Current View Is"
-msgstr "Configuration Actuelle"
-
-#: ../web/swat.c:527 ../web/swat.c:530
-msgid "Basic"
-msgstr "Vue Basique"
-
-#: ../web/swat.c:528 ../web/swat.c:531
-msgid "Advanced"
-msgstr "Vue D騁aill馥"
-
-#: ../web/swat.c:529
-msgid "Change View To"
-msgstr "Modifier le mot de passe"
-
-#: ../web/swat.c:554
+#: web/swat.c:539
msgid "Current Config"
msgstr "Configuration Actuelle"
-#: ../web/swat.c:558
+#: web/swat.c:543
msgid "Normal View"
msgstr "Vue Normale"
-#: ../web/swat.c:560
+#: web/swat.c:545
msgid "Full View"
msgstr "Vue Compl鑼e"
-#. Here we first set and commit all the parameters that were selected
-#. in the previous screen.
-#: ../web/swat.c:579
-msgid "Wizard Parameter Edit Page"
-msgstr ""
-
-#: ../web/swat.c:608
-msgid "Note: smb.conf file has been read and rewritten"
-msgstr ""
-
-#. Here we go ...
-#: ../web/swat.c:716
-msgid "Samba Configuration Wizard"
-msgstr ""
-
-#: ../web/swat.c:720
-msgid "The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."
-msgstr ""
-
-#: ../web/swat.c:721
-msgid "The same will happen if you press the commit button."
-msgstr ""
-
-#: ../web/swat.c:724
-msgid "Rewrite smb.conf file"
-msgstr ""
-
-#: ../web/swat.c:725
-msgid "Commit"
-msgstr "commentaire"
-
-#: ../web/swat.c:726
-msgid "Edit Parameter Values"
-msgstr "Param鑼res Imprimantes"
-
-#: ../web/swat.c:732
-msgid "Server Type"
-msgstr ""
-
-#: ../web/swat.c:733
-msgid "Stand Alone"
-msgstr ""
-
-#: ../web/swat.c:734
-msgid "Domain Member"
-msgstr "master de domaine"
-
-#: ../web/swat.c:735
-msgid "Domain Controller"
-msgstr "master de domaine"
-
-#: ../web/swat.c:738
-msgid "Unusual Type in smb.conf - Please Select New Mode"
-msgstr ""
-
-#: ../web/swat.c:740
-msgid "Configure WINS As"
-msgstr ""
-
-#: ../web/swat.c:741
-msgid "Not Used"
-msgstr "ne pas descendre"
-
-#: ../web/swat.c:742
-msgid "Server for client use"
-msgstr ""
-
-#: ../web/swat.c:743
-msgid "Client of another WINS server"
-msgstr ""
-
-#: ../web/swat.c:745
-msgid "Remote WINS Server"
-msgstr ""
-
-#: ../web/swat.c:756
-msgid "Error: WINS Server Mode and WINS Support both set in smb.conf"
-msgstr ""
-
-#: ../web/swat.c:757
-msgid "Please Select desired WINS mode above."
-msgstr ""
-
-#: ../web/swat.c:759
-msgid "Expose Home Directories"
-msgstr ""
-
-#: ../web/swat.c:774
-msgid "The above configuration options will set multiple parameters and will generally assist with rapid Samba deployment."
-msgstr ""
-
-#: ../web/swat.c:787
-msgid "Global Parameters"
+#: web/swat.c:561
+msgid "Global Variables"
msgstr "Variables Globales"
-#: ../web/swat.c:815 ../web/swat.c:916 ../web/swat.c:1265
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
msgid "Commit Changes"
msgstr "Sauver les modifications"
-#: ../web/swat.c:819 ../web/swat.c:919 ../web/swat.c:1267
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
msgid "Reset Values"
msgstr "R駟nitialiser Valeurs"
-#: ../web/swat.c:844
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "Vue D騁aill馥"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "Vue Basique"
+
+#: web/swat.c:613
msgid "Share Parameters"
msgstr "Param鑼res de partage"
-#: ../web/swat.c:887
+#: web/swat.c:642
msgid "Choose Share"
msgstr "Choisir un partage"
-#: ../web/swat.c:901
+#: web/swat.c:656
msgid "Delete Share"
msgstr "Supprimer un partage"
-#: ../web/swat.c:908
+#: web/swat.c:663
msgid "Create Share"
msgstr "Cr馥r un partage"
-#: ../web/swat.c:944
-msgid "password change in demo mode rejected"
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
msgstr "changement de mot de passe en mode d駑o rejet"
-#: ../web/swat.c:957
-msgid "Can't setup password database vectors."
-msgstr ""
-
-#: ../web/swat.c:983
-msgid " Must specify \"User Name\" "
-msgstr " Le champ \"Nom d'utilisateur\" doit 黎re sp馗ifi"
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr " Le champ \"Nom d'utilisateur\" doit 黎re sp馗ifi饅n"
-#: ../web/swat.c:999
-msgid " Must specify \"Old Password\" "
-msgstr " Le champ \"Ancien mot de passe\" dot 黎re sp馗ifi"
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr " Le champ \"Ancien mot de passe\" dot 黎re sp馗ifi饅n"
-#: ../web/swat.c:1005
-msgid " Must specify \"Remote Machine\" "
-msgstr " Le champ \"Machine Distante\" dot 黎re sp馗ifi"
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr " Le champ \"Machine Distante\" dot 黎re sp馗ifi饅n"
-#: ../web/swat.c:1012
-msgid " Must specify \"New, and Re-typed Passwords\" "
-msgstr "Les champs \"Nouveau mot de passe\" et \"Confirmation du nouveau mot de passe\" doivent 黎re sp馗ifi駸 \n"
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr " Les champs \"Nouveau mot de passe\" et \"Confirmation du nouveau mot de passe\" doivent 黎re sp馗ifi駸 \n"
-#: ../web/swat.c:1018
-msgid " Re-typed password didn't match new password "
-msgstr " Echec de la confirmation du nouveau mot de passe"
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr " Echec de la confirmation du nouveau mot de passe\n"
-#: ../web/swat.c:1048
+#: web/swat.c:812
#, c-format
-msgid " The passwd for '%s' has been changed."
-msgstr " Le mot de passe de '%s' a 騁 modifi. "
+msgid " The passwd for '%s' has been changed. \n"
+msgstr " Le mot de passe de '%s' a 騁 modifi. \n"
-#: ../web/swat.c:1051
+#: web/swat.c:814
#, c-format
-msgid " The passwd for '%s' has NOT been changed."
+msgid " The password for '%s' has NOT been changed. \n"
msgstr " Le mot de passe de '%s' n'a PAS 騁 modifi. \n"
-#: ../web/swat.c:1076
+#: web/swat.c:838
msgid "Server Password Management"
msgstr "Gestion des mots de passe serveur"
#.
#. * Create all the dialog boxes for data collection
#.
-#: ../web/swat.c:1085 ../web/swat.c:1132
-msgid "User Name"
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
msgstr " Nom d'utilisateur : "
-#: ../web/swat.c:1088 ../web/swat.c:1134
-msgid "Old Password"
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
msgstr " Ancien mot de passe : "
-#: ../web/swat.c:1091 ../web/swat.c:1136
-msgid "New Password"
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
msgstr " Nouveau mot de passe : "
-#: ../web/swat.c:1093 ../web/swat.c:1138
-msgid "Re-type New Password"
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
msgstr " Confirmation du nouveau mot de passe : "
-#: ../web/swat.c:1101 ../web/swat.c:1149
+#: web/swat.c:863 web/swat.c:911
msgid "Change Password"
msgstr "Modifier le mot de passe"
-#: ../web/swat.c:1104
+#: web/swat.c:866
msgid "Add New User"
msgstr "Nouvel Utilisateur"
-#: ../web/swat.c:1106
+#: web/swat.c:868
msgid "Delete User"
msgstr "Supprimer Utilisateur"
-#: ../web/swat.c:1108
+#: web/swat.c:870
msgid "Disable User"
msgstr "D駸activer Utilisateur"
-#: ../web/swat.c:1110
+#: web/swat.c:872
msgid "Enable User"
msgstr "Activer Utilisateur"
-#: ../web/swat.c:1123
+#: web/swat.c:885
msgid "Client/Server Password Management"
msgstr "Gestion des mots de passe Client/Serveur"
-#: ../web/swat.c:1140
-msgid "Remote Machine"
+#: web/swat.c:902
+msgid " Remote Machine : "
msgstr " Machine distante : "
-#: ../web/swat.c:1179
+#: web/swat.c:940
msgid "Printer Parameters"
msgstr "Param鑼res Imprimantes"
-#: ../web/swat.c:1181
+#: web/swat.c:942
msgid "Important Note:"
msgstr "Note Importante:"
-#: ../web/swat.c:1182
+#: web/swat.c:943
msgid "Printer names marked with [*] in the Choose Printer drop-down box "
msgstr "Les Noms d'imprimantes marqu駸 du signe [*] dans le menu d駻oulant Choisir Imprimante"
-#: ../web/swat.c:1183
+#: web/swat.c:944
msgid "are autoloaded printers from "
msgstr "d駸ignent des imprimantes automatiquement charg馥s depuis le "
-#: ../web/swat.c:1184
+#: web/swat.c:945
msgid "Printcap Name"
msgstr "Nom Printcap"
-#: ../web/swat.c:1185
-msgid "Attempting to delete these printers from SWAT will have no effect."
-msgstr "Essayer de supprimer ces imprimantes depuis SWAT n'aura aucun effet."
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
+msgstr "Essayer de supprimer ces imprimantes depuis SWAT n'aura aucun effet.\n"
-#: ../web/swat.c:1231
+#: web/swat.c:980
msgid "Choose Printer"
msgstr "Choisir Imprimante"
-#: ../web/swat.c:1250
+#: web/swat.c:999
msgid "Delete Printer"
msgstr "Supprimer Imprimante"
-#: ../web/swat.c:1257
+#: web/swat.c:1006
msgid "Create Printer"
msgstr "Cr馥r Imprimante"
-#: ../web/statuspage.c:123
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr ""
+
+#: web/statuspage.c:41
+msgid "DENY_ALL "
+msgstr ""
+
+#: web/statuspage.c:42
+msgid "DENY_DOS "
+msgstr ""
+
+#: web/statuspage.c:43
+msgid "DENY_READ "
+msgstr ""
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr ""
+
+#: web/statuspage.c:50
msgid "RDONLY "
msgstr ""
-#: ../web/statuspage.c:124
+#: web/statuspage.c:51
msgid "WRONLY "
msgstr ""
-#: ../web/statuspage.c:125
+#: web/statuspage.c:52
msgid "RDWR "
msgstr ""
-#: ../web/statuspage.c:309
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr ""
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE "
+msgstr ""
+
+#: web/statuspage.c:64
+msgid "BATCH "
+msgstr ""
+
+#: web/statuspage.c:66
+msgid "LEVEL_II "
+msgstr ""
+
+#: web/statuspage.c:68
+msgid "NONE "
+msgstr ""
+
+#: web/statuspage.c:195
msgid "Server Status"
msgstr "Statut du Serveur"
-#: ../web/statuspage.c:314
+#: web/statuspage.c:200
msgid "Auto Refresh"
msgstr "Rafrachissement Automatique"
-#: ../web/statuspage.c:315 ../web/statuspage.c:320
+#: web/statuspage.c:201 web/statuspage.c:206
msgid "Refresh Interval: "
msgstr "Intervalle de rafrachissement: "
-#: ../web/statuspage.c:319
+#: web/statuspage.c:205
msgid "Stop Refreshing"
msgstr "Stopper Rafrachissement"
-#: ../web/statuspage.c:334
+#: web/statuspage.c:220
msgid "version:"
msgstr "version:"
-#: ../web/statuspage.c:337
+#: web/statuspage.c:223
msgid "smbd:"
msgstr ""
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "running"
msgstr "actif"
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "not running"
msgstr "non actif"
-#: ../web/statuspage.c:341
+#: web/statuspage.c:226
msgid "Stop smbd"
msgstr "Stopper smbd"
-#: ../web/statuspage.c:343
+#: web/statuspage.c:228
msgid "Start smbd"
msgstr "Lancer smbd"
-#: ../web/statuspage.c:345
+#: web/statuspage.c:230
msgid "Restart smbd"
msgstr "Relancer smbd"
-#: ../web/statuspage.c:350
+#: web/statuspage.c:235
msgid "nmbd:"
msgstr ""
-#: ../web/statuspage.c:354
+#: web/statuspage.c:238
msgid "Stop nmbd"
msgstr "Stopper nmbd"
-#: ../web/statuspage.c:356
+#: web/statuspage.c:240
msgid "Start nmbd"
msgstr "Lancer nmbd"
-#: ../web/statuspage.c:358
+#: web/statuspage.c:242
msgid "Restart nmbd"
msgstr "Relancer nmbd"
-#: ../web/statuspage.c:364
-msgid "winbindd:"
-msgstr ""
-
-#: ../web/statuspage.c:368
-msgid "Stop winbindd"
-msgstr "Stopper nmbd"
-
-#: ../web/statuspage.c:370
-msgid "Start winbindd"
-msgstr "Lancer nmbd"
-
-#: ../web/statuspage.c:372
-msgid "Restart winbindd"
-msgstr "Relancer nmbd"
-
-#. stop, restart all
-#: ../web/statuspage.c:381
-msgid "Stop All"
-msgstr ""
-
-#: ../web/statuspage.c:382
-msgid "Restart All"
-msgstr "Relancer nmbd"
-
-#. start all
-#: ../web/statuspage.c:386
-msgid "Start All"
-msgstr "Lancer nmbd"
-
-#: ../web/statuspage.c:393
+#: web/statuspage.c:249
msgid "Active Connections"
msgstr "Connections Actives"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "PID"
msgstr ""
-#: ../web/statuspage.c:395 ../web/statuspage.c:408
+#: web/statuspage.c:251 web/statuspage.c:264
msgid "Client"
msgstr ""
-#: ../web/statuspage.c:395
+#: web/statuspage.c:251
msgid "IP address"
msgstr "adresse IP"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "Date"
msgstr "Date"
-#: ../web/statuspage.c:397
+#: web/statuspage.c:253
msgid "Kill"
msgstr "Terminer"
-#: ../web/statuspage.c:405
+#: web/statuspage.c:261
msgid "Active Shares"
msgstr "Partages Actifs"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Share"
msgstr "Partager"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "User"
msgstr "Utilisateur"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Group"
msgstr "Groupe"
-#: ../web/statuspage.c:414
+#: web/statuspage.c:270
msgid "Open Files"
msgstr "Fichiers Ouverts"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Sharing"
msgstr ""
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "R/W"
msgstr ""
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Oplock"
msgstr ""
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "File"
msgstr "Fichier"
-#: ../web/statuspage.c:425
-msgid "Show Client in col 1"
+#: param/loadparm.c:641
+msgid "Base Options"
+msgstr "Options de base"
+
+#: param/loadparm.c:643
+msgid "dos charset"
+msgstr "caract鑽es dos"
+
+#: param/loadparm.c:644
+msgid "unix charset"
+msgstr "caract鑽es unix"
+
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr "caract鑽es display"
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr "commentaire"
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr "chemin"
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr "r駱ertoire"
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr "groupe de travail"
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr "nom netbios"
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr "alias netbios"
+
+#: param/loadparm.c:652
+msgid "netbios scope"
msgstr ""
-#: ../web/statuspage.c:426
-msgid "Show PID in col 1"
+#: param/loadparm.c:653
+msgid "server string"
msgstr ""
-#: ../param/loadparm.c:755
-msgid "Base Options"
-msgstr "Options de base"
+#: param/loadparm.c:654
+msgid "interfaces"
+msgstr ""
-#: ../param/loadparm.c:775
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr "lier uniquement les interfaces"
+
+#: param/loadparm.c:657
msgid "Security Options"
msgstr "Options de S馗urit"
-#: ../param/loadparm.c:859
+#: param/loadparm.c:659
+msgid "security"
+msgstr "s馗urit"
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr "crypter les mots de passe"
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr "mise jour crypt駸"
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr "autoriser les domaines de confiance"
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr "permissions alternatives"
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr ""
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr "taille minimale des mots de passe"
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr "taille minimale des mots de passe"
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr "associer un invit"
+
+#: param/loadparm.c:668
+msgid "null passwords"
+msgstr "mots de passe null"
+
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
+msgstr "utiliser les restrictions pam"
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr "serveur de mots de passe"
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr "fichier passwd de smb"
+
+#: param/loadparm.c:672
+msgid "private dir"
+msgstr "r駱ertoire priv"
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr "chemin du module passdb"
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr "r駱ertoire root"
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr "r駱ertoire root"
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr ""
+
+#: param/loadparm.c:678
+msgid "pam password change"
+msgstr "modification de mot de passe pam"
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr "programme passwd"
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr ""
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr ""
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr ""
+
+#: param/loadparm.c:683
+msgid "password level"
+msgstr "niveau mot de passe"
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr "niveau nom d'utilisateur"
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr "synchroniser avec mots de passe unix"
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr "limiter anonyme"
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr ""
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr ""
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr "texte brut vers smbpasswd"
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr "utiliser rhosts"
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr "nom d'utilisateur"
+
+#: param/loadparm.c:693
+msgid "user"
+msgstr "utilisateur"
+
+#: param/loadparm.c:694
+msgid "users"
+msgstr "utilisateurs"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr "compte invit"
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr "utilisateurs non-valides"
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr "utilisateurs valides"
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr "utilisateurs administrateurs"
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr ""
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr ""
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr "administrateur d'imprimante"
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr "forcer utilisateur"
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr "forcer le groupe"
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr "groupe"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr "lecture seule"
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr "馗riture ok"
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr "馗riture possible"
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr "馗riture possible"
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr ""
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr "mode cr饌tion"
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr "forcer le mode cr饌tion"
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr ""
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr "forcer le mode s馗urit"
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr "masque de r駱ertoire"
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr "mode r駱ertoire"
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr "forcer le mode r駱ertoire"
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr "masque de s馗urit r駱ertoire"
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr "forcer le mode s馗urit r駱ertoire"
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr "h駻itage de permissions"
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr "invit seulement"
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr "invit seulement"
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr "invit ok"
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr "public"
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr "utilisateur seulement"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr "autoriser hosts"
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr "autoriser hosts"
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr "refuser hosts"
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr "refuser hosts"
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "Options Secure Socket Layer"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr ""
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr ""
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr ""
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr ""
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr ""
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr "certificat ssl serveur"
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr "cl ssl serveur"
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr "certificat ssl client"
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr "cl ssl client"
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr "ssl requiert un certificat client"
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr "ssl requiert un certificat serveur"
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr "chiffres ssl"
+
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr "ssl version"
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr "compatibilit ssl"
+
+#: param/loadparm.c:754
msgid "Logging Options"
msgstr "Options de Logging"
-#: ../param/loadparm.c:874
+#: param/loadparm.c:755
+msgid "log level"
+msgstr "niveau log"
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr "niveau debug"
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr ""
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr "syslog seulement"
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr "fichier log"
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr "taille maxi de la log"
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr ""
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr ""
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr ""
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr ""
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr ""
+
+#: param/loadparm.c:768
msgid "Protocol Options"
msgstr "Options de Protocole"
-#: ../param/loadparm.c:911
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr "protocole"
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
+
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr "protocole maxi"
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr "protocole mini"
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr ""
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr ""
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr ""
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr "support smb nt"
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr "support pipe nt"
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr "support acl nt"
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr "annoncer la version"
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr "annoncer comme"
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr "mux maxi"
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr "xmit maxi"
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr "ordre de r駸olution des noms"
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr "paquet maxi"
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr "taille de paquet"
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr "ttl maxi"
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr "wins ttl maxi"
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr "wins ttl mini"
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr ""
+
+#: param/loadparm.c:795
msgid "Tuning Options"
msgstr "Options de r馮lage"
-#: ../param/loadparm.c:940
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr ""
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr ""
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr ""
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr ""
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr "nombre maxi de processus smbd"
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr "connections maxi"
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr ""
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr "taille maxi de disque"
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr "nombre maxi de fichiers ouverts"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr "espace d'impression mini"
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr ""
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr "options de socket"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr "taille du cache stat"
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr "allocation stricte"
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr "synchronisation stricte"
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr "toujours synchroniser"
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr "utiliser mmap"
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr "taille du cache d'馗riture"
+
+#: param/loadparm.c:820
msgid "Printing Options"
msgstr "Options d'impression"
-#: ../param/loadparm.c:970
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr "total jobs d'impression"
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr "max jobs d'impression"
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr "charger imprimantes"
+
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr "nom printcap"
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr ""
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr "imprimable"
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr "imprimante ok"
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr ""
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr "impression"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr "commande d'impression"
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr "d駸activer spoolss"
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr "commande lpq"
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr "commande lprm"
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr "commande lppause"
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr "commande lpresume"
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr "commande queuepause"
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr "commande queueresume"
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr "commande enumports"
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr "commande addprinter"
+
+#: param/loadparm.c:842
+msgid "deleteprinter command"
+msgstr "commande deleteprinter"
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr "Voir l'assistant d'ajout d'imprimante"
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr ""
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr "nom d'imprimante"
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr "imprimante"
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr "utiliser le pilote client"
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr "pilote d'imprimante"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr "fichier de pilote d'imprimante"
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr "adresse du pilote d'imprimante"
+
+#: param/loadparm.c:853
msgid "Filename Handling"
msgstr "Gestion des noms de fichier"
-#: ../param/loadparm.c:996
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr ""
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr ""
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr "casse par d馭aut"
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr "sensible la casse"
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr ""
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr "garder la casse"
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr ""
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr ""
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr ""
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr ""
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr "supprimer les fichiers veto"
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr "fichiers veto"
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr "cacher les fichiers"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr ""
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr "map syst鑪e"
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr "map cach"
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr ""
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr ""
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr ""
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr "cache stat"
+
+#: param/loadparm.c:877
msgid "Domain Options"
msgstr "Options de Domaine"
-#: ../param/loadparm.c:1000
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr "groupe d'administration du domaine"
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr "groupe invit du domaine"
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr "map noms de groupe"
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr ""
+
+#: param/loadparm.c:888
msgid "Logon Options"
msgstr "Options de Logon"
-#: ../param/loadparm.c:1019
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr "ajouter script utilisateur"
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr "supprimer script utilisateur"
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr "ajouter script de groupe"
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr "supprimer script de groupe"
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr "ajouter un utilisateur un script de groupe"
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr "supprimer un utilisateur d'un script de groupe"
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr "ajouter un script machine"
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr "script shutdown"
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr "annuler script shutdown"
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr "script de logon"
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr ""
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr ""
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr ""
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr ""
+
+#: param/loadparm.c:906
msgid "Browse Options"
msgstr "Options de Navigation"
-#: ../param/loadparm.c:1033
+#: param/loadparm.c:908
+msgid "os level"
+msgstr "niveau os"
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr "annonce lm"
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr "intervalle lm"
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr "master pr馭駻"
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr "master pr馭駻"
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr "master local"
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr "master de domaine"
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr "parcourir la liste"
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr "navigable"
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr "navigable"
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr "navigation am駘ior馥"
+
+#: param/loadparm.c:920
msgid "WINS Options"
msgstr "Options WINS"
-#: ../param/loadparm.c:1043
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr ""
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr ""
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr ""
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr ""
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr ""
+
+#: param/loadparm.c:928
msgid "Locking Options"
msgstr "Options de Verrouillage"
-#: ../param/loadparm.c:1061
+#: param/loadparm.c:930
+msgid "blocking locks"
+msgstr "verrous bloquants"
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr ""
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr ""
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr "verrouillage"
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr ""
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr ""
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr ""
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr ""
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr "verrouillage posix"
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr "verrouillage strict"
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr "modes de partage"
+
+#: param/loadparm.c:944
msgid "Ldap Options"
msgstr "Options Ldap"
-#: ../param/loadparm.c:1078
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr "serveur ldap"
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr "port ldap"
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr "suffixe ldap"
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr "filtre ldap"
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr ""
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr ""
+
+#: param/loadparm.c:954
msgid "Miscellaneous Options"
msgstr "Options Diverses"
-#: ../param/loadparm.c:1138
-msgid "VFS module options"
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr "ajouter une commande de partage"
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr "modifier une commande de partage"
+
+#: param/loadparm.c:957
+msgid "delete share command"
+msgstr "supprimer une commande de partage"
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr "fichier de configuration"
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr "pr-chargement"
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr ""
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr ""
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr ""
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr ""
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr ""
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr ""
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr "service par d馭aut"
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr "par d馭aut"
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr "commande message"
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr "commande dfree"
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr "annonce distante"
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr "synchronisation de navigation distante"
+
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr "adresse de socket"
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr ""
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr ""
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr ""
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr ""
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr ""
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr ""
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr ""
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr ""
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr ""
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr ""
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr ""
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr ""
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr ""
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr "disponible"
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr ""
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr ""
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr ""
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr ""
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr ""
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr "ne pas descendre"
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr ""
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr ""
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr "supprimer lecture seule"
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr ""
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr ""
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr ""
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr ""
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr ""
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr "cacher les utilisateurs locaux"
+
+#: param/loadparm.c:1012
+msgid "VFS options"
msgstr "Options VFS"
-#: ../param/loadparm.c:1148
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+msgid "vfs options"
+msgstr ""
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr ""
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr ""
+
+#: param/loadparm.c:1021
msgid "Winbind options"
msgstr "Options Winbind"
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr ""
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr ""
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr ""
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr ""
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr ""
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
+
+
diff --git a/source/po/it.msg b/source/po/it.msg
index be447a84d47..708f2165ee3 100644
--- a/source/po/it.msg
+++ b/source/po/it.msg
@@ -1,593 +1,1707 @@
# Italian messages for international release of SWAT.
# Copyright (C) 2001 Simo Sorce <idra@samba.org>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
+
msgid ""
msgstr ""
"Project-Id-Version: i18n_swat \n"
-"POT-Creation-Date: 2003-10-06 05:30+0900\n"
+"POT-Creation-Date: 2001-09-20 14:05+0100\n"
"PO-Revision-Date: 2000-02-08 14:45+0100\n"
"Last-Translator: Simo Sorce <idra@samba.org>\n"
"Language-Team: (Samba Team) <samba-technical@samba.org>\n"
"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=iso-8859-1\n"
+"Content-Type: text/plain; charset=US-ASCII\n"
"Content-Transfer-Encoding: \n"
-#: ../web/swat.c:117
+#: web/swat.c:120
#, c-format
-msgid "ERROR: Can't open %s"
-msgstr ""
+msgid "ERROR: Can't open %s\n"
+msgstr "ERRORE: Impossibile aprire %s\n"
-#: ../web/swat.c:200
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
msgid "Help"
msgstr "Aiuto"
-#: ../web/swat.c:206 ../web/swat.c:220 ../web/swat.c:235 ../web/swat.c:243 ../web/swat.c:252 ../web/swat.c:261 ../web/swat.c:267 ../web/swat.c:273 ../web/swat.c:286
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
msgid "Set Default"
msgstr "Imposta Default"
-#: ../web/swat.c:408
-#, c-format
-msgid "failed to open %s for writing"
-msgstr ""
-
-#: ../web/swat.c:431
-#, c-format
-msgid "Can't reload %s"
-msgstr ""
-
-#: ../web/swat.c:501
+#: web/swat.c:502
#, c-format
-msgid "Logged in as <b>%s</b>"
+msgid "Logged in as <b>%s</b><p>\n"
msgstr "Connesso come <b>%s</b><p>\n"
-#: ../web/swat.c:505
+#: web/swat.c:505
msgid "Home"
msgstr "Home"
-#: ../web/swat.c:507
+#: web/swat.c:507
msgid "Globals"
msgstr "Globali"
-#: ../web/swat.c:508
+#: web/swat.c:508
msgid "Shares"
msgstr "Condivisioni"
-#: ../web/swat.c:509
+#: web/swat.c:509
msgid "Printers"
msgstr "Stampanti"
-#: ../web/swat.c:510
-msgid "Wizard"
-msgstr ""
-
-#: ../web/swat.c:513
+#: web/swat.c:512
msgid "Status"
msgstr "Stato"
-#: ../web/swat.c:514
+#: web/swat.c:513
msgid "View Config"
msgstr "Visualizza Configurazione"
-#: ../web/swat.c:516
+#: web/swat.c:515
msgid "Password Management"
msgstr "Gestione Password"
-#: ../web/swat.c:526
-msgid "Current View Is"
-msgstr "Configurazione Attuale"
-
-#: ../web/swat.c:527 ../web/swat.c:530
-msgid "Basic"
-msgstr "Vista Semplice"
-
-#: ../web/swat.c:528 ../web/swat.c:531
-msgid "Advanced"
-msgstr "Vista Avanzata"
-
-#: ../web/swat.c:529
-msgid "Change View To"
-msgstr "Cambia Password"
-
-#: ../web/swat.c:554
+#: web/swat.c:539
msgid "Current Config"
msgstr "Configurazione Attuale"
-#: ../web/swat.c:558
+#: web/swat.c:543
msgid "Normal View"
msgstr "Vista Normale"
-#: ../web/swat.c:560
+#: web/swat.c:545
msgid "Full View"
msgstr "Vista Completa"
-#. Here we first set and commit all the parameters that were selected
-#. in the previous screen.
-#: ../web/swat.c:579
-msgid "Wizard Parameter Edit Page"
-msgstr ""
-
-#: ../web/swat.c:608
-msgid "Note: smb.conf file has been read and rewritten"
-msgstr ""
-
-#. Here we go ...
-#: ../web/swat.c:716
-msgid "Samba Configuration Wizard"
-msgstr ""
-
-#: ../web/swat.c:720
-msgid "The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."
-msgstr ""
-
-#: ../web/swat.c:721
-msgid "The same will happen if you press the commit button."
-msgstr ""
-
-#: ../web/swat.c:724
-msgid "Rewrite smb.conf file"
-msgstr ""
-
-#: ../web/swat.c:725
-msgid "Commit"
-msgstr "commento"
-
-#: ../web/swat.c:726
-msgid "Edit Parameter Values"
-msgstr "Parametri Stampante"
-
-#: ../web/swat.c:732
-msgid "Server Type"
-msgstr ""
-
-#: ../web/swat.c:733
-msgid "Stand Alone"
-msgstr ""
-
-#: ../web/swat.c:734
-msgid "Domain Member"
-msgstr "master dominio"
-
-#: ../web/swat.c:735
-msgid "Domain Controller"
-msgstr "master dominio"
-
-#: ../web/swat.c:738
-msgid "Unusual Type in smb.conf - Please Select New Mode"
-msgstr ""
-
-#: ../web/swat.c:740
-msgid "Configure WINS As"
-msgstr ""
-
-#: ../web/swat.c:741
-msgid "Not Used"
-msgstr "non discendere"
-
-#: ../web/swat.c:742
-msgid "Server for client use"
-msgstr ""
-
-#: ../web/swat.c:743
-msgid "Client of another WINS server"
-msgstr ""
-
-#: ../web/swat.c:745
-msgid "Remote WINS Server"
-msgstr ""
-
-#: ../web/swat.c:756
-msgid "Error: WINS Server Mode and WINS Support both set in smb.conf"
-msgstr ""
-
-#: ../web/swat.c:757
-msgid "Please Select desired WINS mode above."
-msgstr ""
-
-#: ../web/swat.c:759
-msgid "Expose Home Directories"
-msgstr ""
-
-#: ../web/swat.c:774
-msgid "The above configuration options will set multiple parameters and will generally assist with rapid Samba deployment."
-msgstr ""
-
-#: ../web/swat.c:787
-msgid "Global Parameters"
+#: web/swat.c:561
+msgid "Global Variables"
msgstr "Variabili Globali"
-#: ../web/swat.c:815 ../web/swat.c:916 ../web/swat.c:1265
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
msgid "Commit Changes"
msgstr "Salva Modifiche"
-#: ../web/swat.c:819 ../web/swat.c:919 ../web/swat.c:1267
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
msgid "Reset Values"
msgstr "Resetta Valori"
-#: ../web/swat.c:844
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "Vista Avanzata"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "Vista Semplice"
+
+#: web/swat.c:613
msgid "Share Parameters"
msgstr "Parametri Condivisioni"
-#: ../web/swat.c:887
+#: web/swat.c:642
msgid "Choose Share"
msgstr "Scegli Condivisione"
-#: ../web/swat.c:901
+#: web/swat.c:656
msgid "Delete Share"
msgstr "Cancella Condivisione"
-#: ../web/swat.c:908
+#: web/swat.c:663
msgid "Create Share"
msgstr "Crea Condivisione"
-#: ../web/swat.c:944
-msgid "password change in demo mode rejected"
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
msgstr "cambio password in modalita' demo rigettata"
-#: ../web/swat.c:957
-msgid "Can't setup password database vectors."
-msgstr ""
-
-#: ../web/swat.c:983
-msgid " Must specify \"User Name\" "
-msgstr " \"Nome Utente\" deve essere specificato "
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr " \"Nome Utente\" deve essere specificato \n"
-#: ../web/swat.c:999
-msgid " Must specify \"Old Password\" "
-msgstr " \"Vecchia Password\" deve essere specificato "
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr " \"Vecchia Password\" deve essere specificato \n"
-#: ../web/swat.c:1005
-msgid " Must specify \"Remote Machine\" "
-msgstr " \"Macchina Remota\" deve essere specificato "
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr " \"Macchina Remota\" deve essere specificato \n"
-#: ../web/swat.c:1012
-msgid " Must specify \"New, and Re-typed Passwords\" "
-msgstr " \"Nuova/Conferma Password\" devono essere specificati "
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr " "Nuova/Conferma Password" devono essere specificati \n"
-#: ../web/swat.c:1018
-msgid " Re-typed password didn't match new password "
-msgstr " la password di conferma non e' uguale alla nuova password "
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr " la password di conferma non e' uguale alla nuova password\n"
-#: ../web/swat.c:1048
+#: web/swat.c:812
#, c-format
-msgid " The passwd for '%s' has been changed."
-msgstr " La password per '%s' e' stata cambiata."
+msgid " The passwd for '%s' has been changed. \n"
+msgstr " La password per '%s' e' stata cambiata. \n"
-#: ../web/swat.c:1051
+#: web/swat.c:814
#, c-format
-msgid " The passwd for '%s' has NOT been changed."
-msgstr " La password per '%s' non e' stata cambianta."
+msgid " The passwd for '%s' has NOT been changed. \n"
+msgstr " La password per '%s' non e' stata cambianta. \n"
-#: ../web/swat.c:1076
+#: web/swat.c:838
msgid "Server Password Management"
msgstr "Gestione Password del Server"
#.
#. * Create all the dialog boxes for data collection
#.
-#: ../web/swat.c:1085 ../web/swat.c:1132
-msgid "User Name"
-msgstr " Nome Utente"
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr " Nome Utente : "
-#: ../web/swat.c:1088 ../web/swat.c:1134
-msgid "Old Password"
-msgstr " Vecchia Password"
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr " Vecchia Password : "
-#: ../web/swat.c:1091 ../web/swat.c:1136
-msgid "New Password"
-msgstr " Nuova Password"
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr " Nuova Password : "
-#: ../web/swat.c:1093 ../web/swat.c:1138
-msgid "Re-type New Password"
-msgstr " Conferma nuova Password"
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr " Conferma nuova Password : "
-#: ../web/swat.c:1101 ../web/swat.c:1149
+#: web/swat.c:863 web/swat.c:911
msgid "Change Password"
msgstr "Cambia Password"
-#: ../web/swat.c:1104
+#: web/swat.c:866
msgid "Add New User"
msgstr "Aggiungi Nuovo Utente"
-#: ../web/swat.c:1106
+#: web/swat.c:868
msgid "Delete User"
msgstr "Cancella Utente"
-#: ../web/swat.c:1108
+#: web/swat.c:870
msgid "Disable User"
msgstr "Disabilita Utente"
-#: ../web/swat.c:1110
+#: web/swat.c:872
msgid "Enable User"
msgstr "Abilita Utente"
-#: ../web/swat.c:1123
+#: web/swat.c:885
msgid "Client/Server Password Management"
msgstr "Gestione Password Client/Server"
-#: ../web/swat.c:1140
-msgid "Remote Machine"
-msgstr " Macchina Remota"
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr " Macchina Remota : "
-#: ../web/swat.c:1179
+#: web/swat.c:940
msgid "Printer Parameters"
msgstr "Parametri Stampante"
-#: ../web/swat.c:1181
+#: web/swat.c:942
msgid "Important Note:"
msgstr "Nota Importante:"
-#: ../web/swat.c:1182
+#: web/swat.c:943
msgid "Printer names marked with [*] in the Choose Printer drop-down box "
msgstr "nomi di stampante marcati con [*] nel riquadro a scomparsa Scegli Stampante"
-#: ../web/swat.c:1183
+#: web/swat.c:944
msgid "are autoloaded printers from "
msgstr "sono stampanti caricate automaticamente da "
-#: ../web/swat.c:1184
+#: web/swat.c:945
msgid "Printcap Name"
msgstr "Nome Printcap"
-#: ../web/swat.c:1185
-msgid "Attempting to delete these printers from SWAT will have no effect."
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
msgstr "Il tentativo di cancellare queste stampanti da sWAT non avara' effetto.\n"
-#: ../web/swat.c:1231
+#: web/swat.c:980
msgid "Choose Printer"
msgstr "Scegli Stampante"
-#: ../web/swat.c:1250
+#: web/swat.c:999
msgid "Delete Printer"
msgstr "Cancella Stampante"
-#: ../web/swat.c:1257
+#: web/swat.c:1006
msgid "Create Printer"
msgstr "Crea Stampante"
-#: ../web/statuspage.c:123
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr ""
+
+#: web/statuspage.c:41
+msgid "DENY_ALL "
+msgstr ""
+
+#: web/statuspage.c:42
+msgid "DENY_DOS "
+msgstr ""
+
+#: web/statuspage.c:43
+msgid "DENY_READ "
+msgstr ""
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr ""
+
+#: web/statuspage.c:50
msgid "RDONLY "
msgstr ""
-#: ../web/statuspage.c:124
+#: web/statuspage.c:51
msgid "WRONLY "
msgstr ""
-#: ../web/statuspage.c:125
+#: web/statuspage.c:52
msgid "RDWR "
msgstr ""
-#: ../web/statuspage.c:309
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr ""
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE "
+msgstr ""
+
+#: web/statuspage.c:64
+msgid "BATCH "
+msgstr ""
+
+#: web/statuspage.c:66
+msgid "LEVEL_II "
+msgstr ""
+
+#: web/statuspage.c:68
+msgid "NONE "
+msgstr ""
+
+#: web/statuspage.c:195
msgid "Server Status"
msgstr "Stato del Server"
-#: ../web/statuspage.c:314
+#: web/statuspage.c:200
msgid "Auto Refresh"
msgstr "Rinfresco Automatico"
-#: ../web/statuspage.c:315 ../web/statuspage.c:320
+#: web/statuspage.c:201 web/statuspage.c:206
msgid "Refresh Interval: "
msgstr "Intervallo Rinfresco: "
-#: ../web/statuspage.c:319
+#: web/statuspage.c:205
msgid "Stop Refreshing"
msgstr "Ferma Rinfresco"
-#: ../web/statuspage.c:334
+#: web/statuspage.c:220
msgid "version:"
msgstr "versione:"
-#: ../web/statuspage.c:337
+#: web/statuspage.c:223
msgid "smbd:"
msgstr ""
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "running"
msgstr "attivo"
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "not running"
msgstr "non attivo"
-#: ../web/statuspage.c:341
+#: web/statuspage.c:226
msgid "Stop smbd"
msgstr "Ferma smbd"
-#: ../web/statuspage.c:343
+#: web/statuspage.c:228
msgid "Start smbd"
msgstr "Lancia smbd"
-#: ../web/statuspage.c:345
+#: web/statuspage.c:230
msgid "Restart smbd"
msgstr "Rilancia smbd"
-#: ../web/statuspage.c:350
+#: web/statuspage.c:235
msgid "nmbd:"
msgstr ""
-#: ../web/statuspage.c:354
+#: web/statuspage.c:238
msgid "Stop nmbd"
msgstr "Ferma nmbd"
-#: ../web/statuspage.c:356
+#: web/statuspage.c:240
msgid "Start nmbd"
msgstr "Lancia nmbd"
-#: ../web/statuspage.c:358
+#: web/statuspage.c:242
msgid "Restart nmbd"
msgstr "Rilancia nmbd"
-#: ../web/statuspage.c:364
-msgid "winbindd:"
-msgstr ""
-
-#: ../web/statuspage.c:368
-msgid "Stop winbindd"
-msgstr "Ferma nmbd"
-
-#: ../web/statuspage.c:370
-msgid "Start winbindd"
-msgstr "Lancia nmbd"
-
-#: ../web/statuspage.c:372
-msgid "Restart winbindd"
-msgstr "Rilancia nmbd"
-
-#. stop, restart all
-#: ../web/statuspage.c:381
-msgid "Stop All"
-msgstr ""
-
-#: ../web/statuspage.c:382
-msgid "Restart All"
-msgstr "Rilancia nmbd"
-
-#. start all
-#: ../web/statuspage.c:386
-msgid "Start All"
-msgstr "Lancia nmbd"
-
-#: ../web/statuspage.c:393
+#: web/statuspage.c:249
msgid "Active Connections"
msgstr "Connessioni Attive"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "PID"
msgstr ""
-#: ../web/statuspage.c:395 ../web/statuspage.c:408
+#: web/statuspage.c:251 web/statuspage.c:264
msgid "Client"
msgstr ""
-#: ../web/statuspage.c:395
+#: web/statuspage.c:251
msgid "IP address"
msgstr "indirizzo IP"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "Date"
msgstr "Data"
-#: ../web/statuspage.c:397
+#: web/statuspage.c:253
msgid "Kill"
msgstr "Termina"
-#: ../web/statuspage.c:405
+#: web/statuspage.c:261
msgid "Active Shares"
msgstr "Condivisioni Attive"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Share"
msgstr "Condivisione"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "User"
msgstr "Utente"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Group"
msgstr "Gruppo"
-#: ../web/statuspage.c:414
+#: web/statuspage.c:270
msgid "Open Files"
msgstr "File Aperti"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Sharing"
msgstr ""
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "R/W"
msgstr ""
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Oplock"
msgstr ""
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "File"
msgstr ""
-#: ../web/statuspage.c:425
-msgid "Show Client in col 1"
+#: param/loadparm.c:641
+msgid "Base Options"
+msgstr "Opzioni Basilari"
+
+#: param/loadparm.c:643
+msgid "dos charset"
+msgstr "set caratteri dos"
+
+#: param/loadparm.c:644
+msgid "unix charset"
+msgstr "set caratteri unix"
+
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr "set caratteri display"
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr "commento"
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr "percorso"
+
+#: param/loadparm.c:648
+msgid "directory"
msgstr ""
-#: ../web/statuspage.c:426
-msgid "Show PID in col 1"
+#: param/loadparm.c:649
+msgid "workgroup"
msgstr ""
-#: ../param/loadparm.c:755
-msgid "Base Options"
-msgstr "Opzioni Basilari"
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr "nome netbios"
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr "alias netbios"
-#: ../param/loadparm.c:775
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr "scope netbios"
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr "stringa server"
+
+#: param/loadparm.c:654
+msgid "interfaces"
+msgstr "interfacce"
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr "usa solo interfacce definite"
+
+#: param/loadparm.c:657
msgid "Security Options"
msgstr "Opzioni di Sicurezza"
-#: ../param/loadparm.c:859
+#: param/loadparm.c:659
+msgid "security"
+msgstr "sicurezza"
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr "password cryptate"
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr "aggiorna criptate"
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr "permetti domini trusted"
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr "permessi alternativi"
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr ""
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr "minima lunghezza passwd"
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr "minima lunghezza password"
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr "mappa su ospite"
+
+#: param/loadparm.c:668
+msgid "null passwords"
+msgstr "password nulle"
+
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
+msgstr "usa restrizioni pam"
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr ""
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr ""
+
+#: param/loadparm.c:672
+msgid "private dir"
+msgstr "directory privata"
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr "percorso modulo passdb"
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr ""
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr ""
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr ""
+
+#: param/loadparm.c:678
+msgid "pam password change"
+msgstr ""
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr ""
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr ""
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr ""
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr "mappa nomi utenti"
+
+#: param/loadparm.c:683
+msgid "password level"
+msgstr "livello password"
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr "livello nome utente"
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr "sincronizza password unix"
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr "limita anonimo"
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr ""
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr ""
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr "da plaintext a smbpasswd"
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr "usa rhosts"
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr "nome utente"
+
+#: param/loadparm.c:693
+msgid "user"
+msgstr "utente"
+
+#: param/loadparm.c:694
+msgid "users"
+msgstr "utenti"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr "account ospite"
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr "utenti non validi"
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr "utenti validi"
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr "utenti amministratori"
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr ""
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr ""
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr "amministratore stmapnati"
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr "forza utente"
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr "forza gruppo"
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr "gruppo"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr "sola lettura"
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr "ok scrittura"
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr "scrivibile"
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr "scrivibile"
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr ""
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr ""
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr "forza create mode"
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr ""
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr "forza security mode"
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr ""
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr ""
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr "forza directory mode"
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr ""
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr "forza directory security mode"
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr "eredita permessi"
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr "solo ospite"
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr "solo ospite"
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr "ok ospite"
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr "pubblico"
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr "solo utente"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr "permetti hosts"
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr "permetti hosts"
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr "vieta hosts"
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr "vieta hosts"
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "Opzioni Secure Socket Layer"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr ""
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr ""
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr ""
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr ""
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr ""
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr ""
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr ""
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr ""
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr ""
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr "ssl richiede certificato client"
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr "ssl richiede certificato server"
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr ""
+
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr "ssl versione"
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr ""
+
+#: param/loadparm.c:754
msgid "Logging Options"
msgstr "Opzioni di Log"
-#: ../param/loadparm.c:874
+#: param/loadparm.c:755
+msgid "log level"
+msgstr "livello log"
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr "livello debug"
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr ""
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr "solo syslog"
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr "file di log"
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr "massima dimensione log"
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr ""
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr ""
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr ""
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr ""
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr ""
+
+#: param/loadparm.c:768
msgid "Protocol Options"
msgstr "Opzioni Protocollo"
-#: ../param/loadparm.c:911
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr "protocollo"
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
+
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr "protocollo massimo"
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr "protocollo minimo"
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr ""
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr ""
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr ""
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr "supporto smb nt"
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr "supporto pipe nt"
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr "supporto acl nt"
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr "annuncia versione"
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr "annuncia come"
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr "mux massimo"
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr "xmit massimo"
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr "ordine risoluzione nomi"
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr "pacchetto massimo"
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr "dimensione pacchetto"
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr "ttl massimo"
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr "wins ttl massimo"
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr "wins ttl minimo"
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr ""
+
+#: param/loadparm.c:795
msgid "Tuning Options"
msgstr "Opzioni Tuning"
-#: ../param/loadparm.c:940
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr ""
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr ""
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr ""
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr ""
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr "massimo n. processi smbd"
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr "massimo n. connessioni"
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr ""
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr "massima dimensione disco"
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr "massimo n. file aperti"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr "spazio stampa minimo"
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr ""
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr "opzioni socket"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr "dimensione stat cache"
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr "allocazione stretta"
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr "sincronizzazione stretta"
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr "sincronizza sempre"
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr "usa mmap"
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr "dimensione write cache"
+
+#: param/loadparm.c:820
msgid "Printing Options"
msgstr "Opzioni di Stampa"
-#: ../param/loadparm.c:970
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr "job stampa totali"
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr "massimo n. job stampa"
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr "carica stampanti"
+
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr "nome printcap"
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr ""
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr "stmpabile"
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr "ok stampa"
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr ""
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr "stampa"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr "comando stampa"
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr "disabilita spoolss"
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr "comando lpq"
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr "comando lprm"
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr "comando lppause"
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr "comando lpresume"
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr "comando queuepause"
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr "comando queueresume"
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr "cmando enumports"
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr "comando addprinter"
+
+#: param/loadparm.c:842
+msgid "deleteprinter command"
+msgstr "comando deleteprinter"
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr "mostra wizard aggiungi stampanti"
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr "mappa driver os2"
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr "nome stampante"
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr "stampante"
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr "usa client driver"
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr "driver stampante"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr "file driver stampante"
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr "posizione driver stampante"
+
+#: param/loadparm.c:853
msgid "Filename Handling"
msgstr "Gestione Nomi File"
-#: ../param/loadparm.c:996
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr "togli il punto"
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr ""
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr ""
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr ""
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr ""
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr ""
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr ""
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr ""
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr ""
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr ""
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr ""
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr ""
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr "nascondi file"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr ""
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr "mappa system"
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr "mappa hidden"
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr "mappa archive"
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr ""
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr ""
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr ""
+
+#: param/loadparm.c:877
msgid "Domain Options"
msgstr "Opzioni Dominio"
-#: ../param/loadparm.c:1000
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr "gruppo amministratori dominio"
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr "gruppo ospiti dominio"
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr "mappa nome gruppo"
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr ""
+
+#: param/loadparm.c:888
msgid "Logon Options"
msgstr "Opzioni di Logon"
-#: ../param/loadparm.c:1019
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr ""
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr ""
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr ""
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr ""
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr ""
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr ""
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr ""
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr ""
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr ""
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr ""
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr ""
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr ""
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr ""
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr ""
+
+#: param/loadparm.c:906
msgid "Browse Options"
msgstr "Opzioni Browsing"
-#: ../param/loadparm.c:1033
+#: param/loadparm.c:908
+msgid "os level"
+msgstr "livello os"
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr "annuncio lm"
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr "intervallo lm"
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr "master preferito"
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr "master preferito"
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr "master locale"
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr "master dominio"
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr "lista browsing"
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr ""
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr ""
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr ""
+
+#: param/loadparm.c:920
msgid "WINS Options"
msgstr "opzioni WINS"
-#: ../param/loadparm.c:1043
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr ""
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr ""
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr ""
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr ""
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr ""
+
+#: param/loadparm.c:928
msgid "Locking Options"
msgstr "Opzioni Locking"
-#: ../param/loadparm.c:1061
+#: param/loadparm.c:930
+msgid "blocking locks"
+msgstr ""
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr ""
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr ""
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr ""
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr ""
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr ""
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr ""
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr ""
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr ""
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr ""
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr ""
+
+#: param/loadparm.c:944
msgid "Ldap Options"
msgstr "Opzioni Ldap"
-#: ../param/loadparm.c:1078
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr ""
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr ""
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr ""
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr ""
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr ""
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr ""
+
+#: param/loadparm.c:954
msgid "Miscellaneous Options"
msgstr "Opzioni Generiche"
-#: ../param/loadparm.c:1138
-msgid "VFS module options"
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr ""
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr ""
+
+#: param/loadparm.c:957
+msgid "delete share command"
+msgstr ""
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr "file configurazione"
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr "precarica"
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr ""
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr ""
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr ""
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr ""
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr ""
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr ""
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr ""
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr ""
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr "comando message"
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr "comando dfree"
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr "annuncio remoto"
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr ""
+
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr ""
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr ""
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr ""
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr ""
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr ""
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr "copia"
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr "includi"
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr "esegui"
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr "pre-esegui"
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr "pre-esegui e chiudi"
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr "post-esegui"
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr "root pre-esegui"
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr "root pre-esegui e chiudi"
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr "root post-esegui"
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr "disponibile"
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr ""
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr "tipo file system"
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr ""
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr ""
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr ""
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr "non discendere"
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr ""
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr ""
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr "cancella sola-lettura"
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr ""
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr ""
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr ""
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr ""
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr ""
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr "nascondi utenti locali"
+
+#: param/loadparm.c:1012
+msgid "VFS options"
msgstr "Opzioni VFS"
-#: ../param/loadparm.c:1148
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+msgid "vfs options"
+msgstr ""
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr ""
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr ""
+
+#: param/loadparm.c:1021
msgid "Winbind options"
msgstr "Opzioni Winbind"
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr ""
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr ""
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr ""
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr ""
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr ""
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
diff --git a/source/po/ja.msg b/source/po/ja.msg
index affb2764141..e77f34e3c44 100644
--- a/source/po/ja.msg
+++ b/source/po/ja.msg
@@ -1,6 +1,5 @@
# Japanese messages for international release of SWAT.
-# Copyright (C) 2003 TAKAHASHI Motonobu <monyo@samba.org>
-# Copyright (C) 2000 Ryo Kawahara <rkawa@lbe.co.jp>
+# Copyright (C) 2001 Ryo Kawahara <rkawa@lbe.co.jp>, 2000.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -18,578 +17,1805 @@
#
msgid ""
msgstr ""
-"Project-Id-Version: i18n-swat\n"
-"POT-Creation-Date: 2003-10-06 05:30+0900\n"
-"PO-Revision-Date: 2003-09-23 04:38+900\n"
-"Last-Translator: TAKAHASHI Motonobu <monyo@samba.org>\n"
-"Language-Team: Samba Users Group Japan <sugj-tech@samba.gr.jp>\n"
+"Project-Id-Version: i18n-swatE VERSION\n"
+"POT-Creation-Date: 2001-09-20 20:29+0900\n"
+"PO-Revision-Date: 2000-04-03 17:55+09:00\n"
+"Last-Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp>\n"
+"Language-Team: Samba Team <samba-technical@samba.org>\n"
"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=CP932\n"
-"Content-Transfer-Encoding: 8bit\n"
+"Content-Type: text/plain; charset=Shift_JIS\n"
+"Content-Transfer-Encoding: \n"
-#: ../web/swat.c:117
+#: web/swat.c:120
#, c-format
-msgid "ERROR: Can't open %s"
-msgstr "%s をオープンできません"
+msgid "ERROR: Can't open %s\n"
+msgstr "%s をオープンできません\n"
-#: ../web/swat.c:200
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
msgid "Help"
-msgstr "ヘルプ"
+msgstr "説明"
-#: ../web/swat.c:206 ../web/swat.c:220 ../web/swat.c:235 ../web/swat.c:243 ../web/swat.c:252 ../web/swat.c:261 ../web/swat.c:267 ../web/swat.c:273 ../web/swat.c:286
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
msgid "Set Default"
-msgstr "デフォルト値"
-
-#: ../web/swat.c:408
-#, c-format
-msgid "failed to open %s for writing"
-msgstr "%s を書き込み用にオープンできません"
-
-#: ../web/swat.c:431
-#, c-format
-msgid "Can't reload %s"
-msgstr "%s を再読み込みできません\n"
+msgstr "既定値に戻す"
-# msgid "Logged in as <b>%s</b><p>\n"
-#: ../web/swat.c:501
+#: web/swat.c:502
#, c-format
-msgid "Logged in as <b>%s</b>"
-msgstr "<b>%s</b>としてログイン"
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr "<b>%s</b>としてログイン<p>\n"
-#: ../web/swat.c:505
+#: web/swat.c:505
msgid "Home"
msgstr "ホーム"
-#: ../web/swat.c:507
+#: web/swat.c:507
msgid "Globals"
-msgstr "グローバル"
+msgstr "全体設定"
-#: ../web/swat.c:508
+#: web/swat.c:508
msgid "Shares"
-msgstr "ファイル共有"
+msgstr "共有設定"
-#: ../web/swat.c:509
+#: web/swat.c:509
msgid "Printers"
-msgstr "印刷共有"
+msgstr "プリンタ設定"
-#: ../web/swat.c:510
-msgid "Wizard"
-msgstr "ウィザード"
-
-#: ../web/swat.c:513
+#: web/swat.c:512
msgid "Status"
-msgstr "サーバの状態"
+msgstr "動作状況"
-#: ../web/swat.c:514
+#: web/swat.c:513
msgid "View Config"
-msgstr "現在の設定"
+msgstr "設定表\示"
-#: ../web/swat.c:516
+#: web/swat.c:515
msgid "Password Management"
-msgstr "パスワード管理"
-
-#: ../web/swat.c:526
-msgid "Current View Is"
-msgstr "現在の表示モード"
-
-#: ../web/swat.c:527 ../web/swat.c:530
-msgid "Basic"
-msgstr "標準表示"
+msgstr "パスワード管理・ユーザ管理"
-#: ../web/swat.c:528 ../web/swat.c:531
-msgid "Advanced"
-msgstr "詳細表示"
-
-#: ../web/swat.c:529
-msgid "Change View To"
-msgstr "表示モードの変更"
-
-#: ../web/swat.c:554
+#: web/swat.c:539
msgid "Current Config"
msgstr "現在の設定"
-#: ../web/swat.c:558
+#: web/swat.c:543
msgid "Normal View"
msgstr "標準表示"
-#: ../web/swat.c:560
+#: web/swat.c:545
msgid "Full View"
msgstr "完全表示"
-#. Here we first set and commit all the parameters that were selected
-#. in the previous screen.
-#: ../web/swat.c:579
-msgid "Wizard Parameter Edit Page"
-msgstr "ウィザードによるパラメータ編集ページ"
-
-#: ../web/swat.c:608
-msgid "Note: smb.conf file has been read and rewritten"
-msgstr "smb.conf ファイルが書き換えられました。"
-
-#. Here we go ...
-#: ../web/swat.c:716
-msgid "Samba Configuration Wizard"
-msgstr "Samba 設定ウィザード"
-
-#: ../web/swat.c:720
-msgid "The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."
-msgstr "「smb.conf の書換」ボタンを押すと smb.conf ファイル中のすべてのデフォルト値やコメントは削除されます。"
-
-#: ../web/swat.c:721
-msgid "The same will happen if you press the commit button."
-msgstr "「commit」ボタンを押した場合にも同様の変更が行なわれます。"
-
-#: ../web/swat.c:724
-msgid "Rewrite smb.conf file"
-msgstr "smb.conf の書換"
-
-#: ../web/swat.c:725
-msgid "Commit"
-msgstr "設定を反映"
-
-#: ../web/swat.c:726
-msgid "Edit Parameter Values"
-msgstr "各パラメータの編集"
-
-#: ../web/swat.c:732
-msgid "Server Type"
-msgstr "サーバタイプ"
+#: web/swat.c:561
+msgid "Global Variables"
+msgstr "全体設定"
-#: ../web/swat.c:733
-msgid "Stand Alone"
-msgstr "スタンドアロン"
-
-#: ../web/swat.c:734
-msgid "Domain Member"
-msgstr "ドメインメンバ"
-
-#: ../web/swat.c:735
-msgid "Domain Controller"
-msgstr "ドメインコントローラ"
-
-#: ../web/swat.c:738
-msgid "Unusual Type in smb.conf - Please Select New Mode"
-msgstr "通常の形式ではない - 新しいモードを選択のこと"
-
-#: ../web/swat.c:740
-msgid "Configure WINS As"
-msgstr "WINS"
-
-#: ../web/swat.c:741
-msgid "Not Used"
-msgstr "使わない"
-
-#: ../web/swat.c:742
-msgid "Server for client use"
-msgstr "サーバとして構成"
-
-#: ../web/swat.c:743
-msgid "Client of another WINS server"
-msgstr "別の WINS サーバのクライアントとして構成"
-
-#: ../web/swat.c:745
-msgid "Remote WINS Server"
-msgstr "別の WINS サーバ"
-
-#: ../web/swat.c:756
-msgid "Error: WINS Server Mode and WINS Support both set in smb.conf"
-msgstr "エラー: wins server と wins support の両パラメータが smb.conf で指定されています"
-
-#: ../web/swat.c:757
-msgid "Please Select desired WINS mode above."
-msgstr "いずれかの WINS モードを選択してください。"
-
-#: ../web/swat.c:759
-msgid "Expose Home Directories"
-msgstr "ホームディレクトリの公開"
-
-#: ../web/swat.c:774
-msgid "The above configuration options will set multiple parameters and will generally assist with rapid Samba deployment."
-msgstr "上記の設定オプションにより、複数のパラメータが同期して設定されるため、 Samba の運用を迅速に開始する上での助けとなるでしょう。"
-
-#: ../web/swat.c:787
-msgid "Global Parameters"
-msgstr "Global パラメータ"
-
-#: ../web/swat.c:815 ../web/swat.c:916 ../web/swat.c:1265
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
msgid "Commit Changes"
-msgstr "変更を反映"
+msgstr "設定変更"
-#: ../web/swat.c:819 ../web/swat.c:919 ../web/swat.c:1267
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
msgid "Reset Values"
-msgstr "変更を取消"
+msgstr "リセット"
-#: ../web/swat.c:844
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "詳細表示"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "標準表示"
+
+#: web/swat.c:613
msgid "Share Parameters"
-msgstr "ファイル共有 パラメータ"
+msgstr "共有設定"
-#: ../web/swat.c:887
+#: web/swat.c:642
msgid "Choose Share"
-msgstr "ファイル共有の選択"
+msgstr "共有選択"
-#: ../web/swat.c:901
+#: web/swat.c:656
msgid "Delete Share"
-msgstr "ファイル共有の削除"
+msgstr "共有削除"
-#: ../web/swat.c:908
+#: web/swat.c:663
msgid "Create Share"
-msgstr "ファイル共有の作成"
-
-#: ../web/swat.c:944
-msgid "password change in demo mode rejected"
-msgstr "デモ・モードでのパスワード変更はできません"
+msgstr "新規共有作成"
-#: ../web/swat.c:957
-msgid "Can't setup password database vectors."
-msgstr "パスワード・データベースが見つけられません"
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
+msgstr "デモ・モードでのパスワード変更はできません\n"
-#: ../web/swat.c:983
-msgid " Must specify \"User Name\" "
-msgstr "「ユーザ名」欄に入力してください"
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr "「ユーザ名」を入力ください\n"
-#: ../web/swat.c:999
-msgid " Must specify \"Old Password\" "
-msgstr "「旧パスワード」欄に入力してください"
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr "「旧パスワード」を入力してください\n"
-#: ../web/swat.c:1005
-msgid " Must specify \"Remote Machine\" "
-msgstr "「リモートマシン」欄に入力してください"
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr "「リモート マシン」を入力してください\n"
-#: ../web/swat.c:1012
-msgid " Must specify \"New, and Re-typed Passwords\" "
-msgstr "「新パスワード」欄と「新パスワードの再入力」欄に入力してください"
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr "「新パスワード」を入力し、再入力もしてください\n"
-#: ../web/swat.c:1018
-msgid " Re-typed password didn't match new password "
-msgstr "「新パスワードの再入力」欄の入力内容が「新パスワード」欄の入力と一致していません。"
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr "新パスワードの再入力が間違っています\n"
-#: ../web/swat.c:1048
+#: web/swat.c:812
#, c-format
-msgid " The passwd for '%s' has been changed."
-msgstr " %s のパスワードは変更されました。"
+msgid " The passwd for '%s' has been changed. \n"
+msgstr " '%s' のパスワードは変更されました \n"
-#: ../web/swat.c:1051
+#: web/swat.c:814
#, c-format
-msgid " The passwd for '%s' has NOT been changed."
-msgstr " '%s' のパスワードは変更されませんでした。"
+msgid " The passwd for '%s' has NOT been changed. \n"
+msgstr " '%s' のパスワードは変更されませんでした \n"
-#: ../web/swat.c:1076
+#: web/swat.c:838
msgid "Server Password Management"
-msgstr "ローカルマシンのパスワード管理"
+msgstr "ローカル マシンのパスワード管理"
#.
#. * Create all the dialog boxes for data collection
#.
-#: ../web/swat.c:1085 ../web/swat.c:1132
-msgid "User Name"
-msgstr "ユーザ名"
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr "ユーザ名 : "
-#: ../web/swat.c:1088 ../web/swat.c:1134
-msgid "Old Password"
-msgstr "旧パスワード"
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr "旧パスワード : "
-#: ../web/swat.c:1091 ../web/swat.c:1136
-msgid "New Password"
-msgstr "新パスワード"
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr "新パスワード : "
-#: ../web/swat.c:1093 ../web/swat.c:1138
-msgid "Re-type New Password"
-msgstr "新パスワードの再入力"
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr "新パスワード再入力 : "
-#: ../web/swat.c:1101 ../web/swat.c:1149
+#: web/swat.c:863 web/swat.c:911
msgid "Change Password"
msgstr "パスワード変更"
-#: ../web/swat.c:1104
+#: web/swat.c:866
msgid "Add New User"
msgstr "新規ユーザ追加"
-#: ../web/swat.c:1106
+#: web/swat.c:868
msgid "Delete User"
-msgstr "ユーザの削除"
+msgstr "ユーザを削除する"
-#: ../web/swat.c:1108
+#: web/swat.c:870
msgid "Disable User"
-msgstr "ユーザの無効化"
+msgstr "使用不可にする"
-#: ../web/swat.c:1110
+#: web/swat.c:872
msgid "Enable User"
-msgstr "ユーザの有効化"
+msgstr "使用可能にする"
-#: ../web/swat.c:1123
+#: web/swat.c:885
msgid "Client/Server Password Management"
-msgstr "リモートマシンのパスワード管理"
+msgstr "リモート マシンのパスワード管理"
-#: ../web/swat.c:1140
-msgid "Remote Machine"
-msgstr "リモートマシン"
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr " リモート マシン : "
-#: ../web/swat.c:1179
+#: web/swat.c:940
msgid "Printer Parameters"
-msgstr "印刷共有 パラメータ"
+msgstr "プリンタ設定 [Printer]"
-#: ../web/swat.c:1181
+#: web/swat.c:942
msgid "Important Note:"
-msgstr "*注"
+msgstr "*注:"
-#: ../web/swat.c:1182
+#: web/swat.c:943
msgid "Printer names marked with [*] in the Choose Printer drop-down box "
msgstr "名前の先頭に [*] がついたプリンタ"
-#: ../web/swat.c:1183
+#: web/swat.c:944
msgid "are autoloaded printers from "
-msgstr "は"
+msgstr "は、"
-#: ../web/swat.c:1184
+#: web/swat.c:945
msgid "Printcap Name"
msgstr "printcap name パラメータ"
-#: ../web/swat.c:1185
-msgid "Attempting to delete these printers from SWAT will have no effect."
-msgstr "から自動設定されたものですから、削除することはできません。"
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
+msgstr "から自動設定されたものですから、削除することはできません。\n"
-#: ../web/swat.c:1231
+#: web/swat.c:980
msgid "Choose Printer"
-msgstr "印刷共有の選択"
+msgstr "プリンタ選択"
-#: ../web/swat.c:1250
+#: web/swat.c:999
msgid "Delete Printer"
-msgstr "印刷共有の削除"
+msgstr "プリンタ削除"
-#: ../web/swat.c:1257
+#: web/swat.c:1006
msgid "Create Printer"
-msgstr "印刷共有の作成"
+msgstr "プリンタ新規作成"
+
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr "拒否なし"
+
+#: web/statuspage.c:41
+msgid "DENY_ALL "
+msgstr "すべて拒否"
-#: ../web/statuspage.c:123
+#: web/statuspage.c:42
+msgid "DENY_DOS "
+msgstr "DOSを拒否"
+
+#: web/statuspage.c:43
+msgid "DENY_READ "
+msgstr "参照を拒否"
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr "更新を拒否"
+
+#: web/statuspage.c:50
msgid "RDONLY "
-msgstr "参照のみ "
+msgstr "参照のみ"
-#: ../web/statuspage.c:124
+#: web/statuspage.c:51
msgid "WRONLY "
-msgstr "更新のみ "
+msgstr "挿入のみ"
-#: ../web/statuspage.c:125
+#: web/statuspage.c:52
msgid "RDWR "
-msgstr "参照/更新 "
+msgstr "更新 "
+
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr "専有+バッチ "
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE "
+msgstr "専有 "
+
+#: web/statuspage.c:64
+msgid "BATCH "
+msgstr "バッチ "
-#: ../web/statuspage.c:309
+#: web/statuspage.c:66
+msgid "LEVEL_II "
+msgstr "レベル_II "
+
+#: web/statuspage.c:68
+msgid "NONE "
+msgstr "なし "
+
+#: web/statuspage.c:195
msgid "Server Status"
-msgstr "サーバの状態"
+msgstr "サーバー動作状況"
-#: ../web/statuspage.c:314
+#: web/statuspage.c:200
msgid "Auto Refresh"
-msgstr "自動更新の開始"
+msgstr "自動再表示"
-#: ../web/statuspage.c:315 ../web/statuspage.c:320
+#: web/statuspage.c:201 web/statuspage.c:206
msgid "Refresh Interval: "
-msgstr "更新間隔: "
+msgstr "再表示間隔(秒): "
-#: ../web/statuspage.c:319
+#: web/statuspage.c:205
msgid "Stop Refreshing"
-msgstr "自動更新の停止"
+msgstr "自動表示停止"
-#: ../web/statuspage.c:334
+#: web/statuspage.c:220
msgid "version:"
-msgstr "バージョン"
+msgstr "バージョン:"
-#: ../web/statuspage.c:337
+#: web/statuspage.c:223
msgid "smbd:"
-msgstr ""
+msgstr "ファイル共有デーモン(smbd):"
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "running"
-msgstr "実行中"
+msgstr "動作中"
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "not running"
msgstr "停止中"
-#: ../web/statuspage.c:341
+#: web/statuspage.c:226
msgid "Stop smbd"
-msgstr "smbd の停止"
+msgstr "smbd停止"
-#: ../web/statuspage.c:343
+#: web/statuspage.c:228
msgid "Start smbd"
-msgstr "smbd の起動"
+msgstr "smbd起動"
-#: ../web/statuspage.c:345
+#: web/statuspage.c:230
msgid "Restart smbd"
-msgstr "smbd の再起動"
+msgstr "smbd再起動"
-#: ../web/statuspage.c:350
+#: web/statuspage.c:235
msgid "nmbd:"
-msgstr ""
+msgstr "ネーム サービス デーモン(nmbd)"
-#: ../web/statuspage.c:354
+#: web/statuspage.c:238
msgid "Stop nmbd"
-msgstr "nmbd の停止"
+msgstr "nmbd停止"
-#: ../web/statuspage.c:356
+#: web/statuspage.c:240
msgid "Start nmbd"
-msgstr "nmbd の起動"
+msgstr "nmbd起動"
-#: ../web/statuspage.c:358
+#: web/statuspage.c:242
msgid "Restart nmbd"
-msgstr "nmbd の再起動"
-
-#: ../web/statuspage.c:364
-msgid "winbindd:"
-msgstr ""
-
-#: ../web/statuspage.c:368
-msgid "Stop winbindd"
-msgstr "winbindd の停止"
-
-#: ../web/statuspage.c:370
-msgid "Start winbindd"
-msgstr "winbindd の起動"
-
-#: ../web/statuspage.c:372
-msgid "Restart winbindd"
-msgstr "winbindd の再起動"
-
-#. stop, restart all
-#: ../web/statuspage.c:381
-msgid "Stop All"
-msgstr "すべて停止"
-
-#: ../web/statuspage.c:382
-msgid "Restart All"
-msgstr "すべて再起動"
+msgstr "nmbd再起動"
-#. start all
-#: ../web/statuspage.c:386
-msgid "Start All"
-msgstr "すべて起動"
-
-#: ../web/statuspage.c:393
+#: web/statuspage.c:249
msgid "Active Connections"
-msgstr "接続中のクライアント"
+msgstr "接続中クライアント"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "PID"
-msgstr ""
+msgstr "プロセスID"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408
+#: web/statuspage.c:251 web/statuspage.c:264
msgid "Client"
msgstr "クライアント"
-#: ../web/statuspage.c:395
+#: web/statuspage.c:251
msgid "IP address"
msgstr "IPアドレス"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "Date"
msgstr "日付"
-#: ../web/statuspage.c:397
+#: web/statuspage.c:253
msgid "Kill"
msgstr "切断"
-#: ../web/statuspage.c:405
+#: web/statuspage.c:261
msgid "Active Shares"
-msgstr "接続中の共有"
+msgstr "接続中共有"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Share"
msgstr "共有名"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "User"
msgstr "ユーザ"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Group"
msgstr "グループ"
-#: ../web/statuspage.c:414
+#: web/statuspage.c:270
msgid "Open Files"
-msgstr "使用中のファイル"
+msgstr "使用中ファイル"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Sharing"
msgstr "排他モード"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "R/W"
msgstr "参照/更新"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Oplock"
-msgstr ""
+msgstr "便宜ロック(Oplock)"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "File"
msgstr "ファイル名"
-#: ../web/statuspage.c:425
-msgid "Show Client in col 1"
-msgstr "クライアント名を先頭に表示"
+#: param/loadparm.c:641
+msgid "Base Options"
+msgstr "基本オプション"
-#: ../web/statuspage.c:426
-msgid "Show PID in col 1"
-msgstr "PIDを先頭に表示"
+#: param/loadparm.c:643
+#, fuzzy
+msgid "dos charset"
+msgstr "有効な文字"
-#: ../param/loadparm.c:755
-msgid "Base Options"
-msgstr "基本 オプション"
+#: param/loadparm.c:644
+#, fuzzy
+msgid "unix charset"
+msgstr "有効な文字"
-#: ../param/loadparm.c:775
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr ""
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr "コメント"
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr "パス"
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr "ディレクトリ"
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr "ワークグループ"
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr "netbios 名"
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr "netbios エイリアス"
+
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr "netbios スコープ"
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr "サーバ文字列"
+
+#: param/loadparm.c:654
+msgid "interfaces"
+msgstr "インターフェース"
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr "このインターフェースのみ使用"
+
+#: param/loadparm.c:657
msgid "Security Options"
msgstr "セキュリティ オプション"
-#: ../param/loadparm.c:859
+#: param/loadparm.c:659
+msgid "security"
+msgstr "セキュリティ"
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr "パスワードを暗号化"
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr "暗号化パスワードに更新"
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr "信頼できるドメインを許可"
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr "代行パーミッション"
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr "同等のホスト"
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr "最小パスワード長"
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr "最小パスワード長"
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr "ゲストにマップ"
+
+#: param/loadparm.c:668
+msgid "null passwords"
+msgstr "空パスワード"
+
+#: param/loadparm.c:669
+#, fuzzy
+msgid "obey pam restrictions"
+msgstr "先読み"
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr "パスワード サーバ"
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr "smb passwd ファイル"
+
+#: param/loadparm.c:672
+#, fuzzy
+msgid "private dir"
+msgstr "プリンタ ドライバ"
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr ""
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr "ルート ディレクトリ"
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr "ルート ディレクトリ"
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr "ルート"
+
+#: param/loadparm.c:678
+#, fuzzy
+msgid "pam password change"
+msgstr "最小パスワード長"
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr "パスワード プログラム"
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr "パスワード チャット"
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr "パスワード チャット デバッグ"
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr "ユーザ名マップ"
+
+#: param/loadparm.c:683
+msgid "password level"
+msgstr "パスワード レベル"
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr "ユーザ名レベル"
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr "unix パスワードを同期させる"
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr "匿名アクセスの制限"
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr ""
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr ""
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr ""
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr "rhosts を使う"
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr "ユーザ名"
+
+#: param/loadparm.c:693
+msgid "user"
+msgstr "ユーザ"
+
+#: param/loadparm.c:694
+msgid "users"
+msgstr "ユーザ"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr "ゲスト アカウント"
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr "無効なユーザ"
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr "有効なユーザ"
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr "管理ユーザ"
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr "読み取りリスト"
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr "書き込みリスト"
+
+#: param/loadparm.c:702
+#, fuzzy
+msgid "printer admin"
+msgstr "プリンタ名"
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr "強制するユーザ"
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr "強制するグループ"
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr "グループ"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr "読み取りのみ"
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr "書き込み可"
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr "書き込み可"
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr "書き込み可"
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr "作成時にマスク"
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr "作成時のモード"
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr "強制する作成時のモード"
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr "セキュリティ マスク"
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr "強制するセキュリティ モード"
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr "ディレクトリ マスク"
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr "ディレクトリ モード"
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr "強制するディレクトリ モード"
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr "ディレクトリのセキュリティ マスク"
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr "強制するディレクトリのセキュリティ モード"
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr "パーミッションを継承"
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr "ゲストのみ"
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr "ゲストのみ"
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr "ゲスト可"
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr "パブリック"
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr "ユーザのみ"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr "許可するホスト"
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr "許可するホスト"
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr "拒否するホスト"
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr "拒否するホスト"
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "セキュア ソケット レイアー オプション"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr "ssl"
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr "ssl ホスト"
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr "ssl 未使用ホスト"
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr "ssl CA 認証ディレクトリ"
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr "ssl CA 認証ファイル"
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr "ssl サーバ認証"
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr "ssl サーバ鍵"
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr "ssl クライアント認証"
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr "ssl クライアント鍵"
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr "ssl クライアント認証を要求"
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr "ssl サーバ認証を要求"
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr "ssl 暗号"
+
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr "ssl バージョン"
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr "ssl 互換性"
+
+#: param/loadparm.c:754
msgid "Logging Options"
msgstr "ロギング オプション"
-#: ../param/loadparm.c:874
+#: param/loadparm.c:755
+msgid "log level"
+msgstr "ログ レベル"
+
+#: param/loadparm.c:756
+#, fuzzy
+msgid "debuglevel"
+msgstr "デバッグレベル"
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr "syslog"
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr "syslog のみ"
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr "ログ ファイル"
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr "最大ログ サイズ"
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr "タイムスタンプ ログ"
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr "デバッグ タイムスタンプ"
+
+#: param/loadparm.c:764
+#, fuzzy
+msgid "debug hires timestamp"
+msgstr "デバッグ タイムスタンプ"
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr "デバッグ pid"
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr "デバッグ uid"
+
+#: param/loadparm.c:768
msgid "Protocol Options"
msgstr "プロトコル オプション"
-#: ../param/loadparm.c:911
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr "プロトコル"
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
+
+#: param/loadparm.c:772
+#, fuzzy
+msgid "max protocol"
+msgstr "プロトコル"
+
+#: param/loadparm.c:773
+#, fuzzy
+msgid "min protocol"
+msgstr "プロトコル"
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr "bmpx 読み出し"
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr "raw 読み出し"
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr "raw 書き込み"
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr "nt smb サポート"
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr "nt pipe サポート"
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr "nt acl サポート"
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr "アナウンス バージョン"
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr "アナウンスする種類"
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr "最大 mux"
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr "最大 xmit"
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr "名前解決の順番"
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr "最大パケット"
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr "パケット サイズ"
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr "最大 ttl"
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr "最大 wins ttl"
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr "最小 wins ttl"
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr "タイム サーバ"
+
+#: param/loadparm.c:795
msgid "Tuning Options"
msgstr "チューニング オプション"
-#: ../param/loadparm.c:940
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr "更新通知の間隔"
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr "切断までの時間"
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr "getwd キャッシュ"
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr "lpq キャッシュ時間"
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr ""
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr "最大接続数"
+
+#: param/loadparm.c:805
+#, fuzzy
+msgid "paranoid server security"
+msgstr "ユーザ追加スクリプト"
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr "最大ディスク サイズ"
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr "最大ファイル オープン数"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr "最小印刷スペース"
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr "読み取りサイズ"
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr "ソ\ケット オプション"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr "stat キャッシュ サイズ"
+
+#: param/loadparm.c:813
+#, fuzzy
+msgid "strict allocate"
+msgstr "厳密なロック"
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr "厳密な sync"
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr "常に sync"
+
+#: param/loadparm.c:816
+#, fuzzy
+msgid "use mmap"
+msgstr "ユーザ名マップ"
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr "書き込みキャッシュ サイズ"
+
+#: param/loadparm.c:820
msgid "Printing Options"
-msgstr "印刷 オプション"
+msgstr "印刷オプション"
+
+#: param/loadparm.c:822
+#, fuzzy
+msgid "total print jobs"
+msgstr "プリンタをロード"
+
+#: param/loadparm.c:823
+#, fuzzy
+msgid "max print jobs"
+msgstr "印刷可"
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr "プリンタをロード"
-#: ../param/loadparm.c:970
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr "printcap 名"
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr "printcap"
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr "印刷可"
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr "印刷可"
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr "ポストスクリプト"
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr "印刷方法"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr "印刷コマンド"
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr ""
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr "lpq コマンド"
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr "lprm コマンド"
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr "lppause コマンド"
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr "lpresume コマンド"
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr "キュー停止コマンド"
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr "キュー再開コマンド"
+
+#: param/loadparm.c:840
+#, fuzzy
+msgid "enumports command"
+msgstr "印刷コマンド"
+
+#: param/loadparm.c:841
+#, fuzzy
+msgid "addprinter command"
+msgstr "印刷コマンド"
+
+#: param/loadparm.c:842
+#, fuzzy
+msgid "deleteprinter command"
+msgstr "印刷コマンド"
+
+#: param/loadparm.c:843
+#, fuzzy
+msgid "show add printer wizard"
+msgstr "プリンタをロード"
+
+#: param/loadparm.c:844
+#, fuzzy
+msgid "os2 driver map"
+msgstr "ホームディレクトリ マップ"
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr "プリンタ名"
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr "プリンタ"
+
+#: param/loadparm.c:848
+#, fuzzy
+msgid "use client driver"
+msgstr "ssl クライアント認証"
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr "プリンタ ドライバ"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr "プリンタ ドライバ ファイル"
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr "プリンタ ドライバの場所"
+
+#: param/loadparm.c:853
msgid "Filename Handling"
msgstr "ファイル名の取扱"
-#: ../param/loadparm.c:996
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr "ドットを削る"
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr "名前変換用スタック"
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr "既定の文字の大小"
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr "大/小文字の区別"
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr "大/小文字の区別"
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr "文字の大小を保存"
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr "短形式で文字の大小を保存"
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr "大/小文字の変換"
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr "変換用文字"
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr "ドットファイルを隠す"
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr "拒否ファイルを削除"
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr "拒否ファイル"
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr "隠しファイル"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr "oplock を禁止するファイル"
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr "システム属性にマップ"
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr "隠し属性にマップ"
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr "アーカイブ属性にマップ"
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr "変換した名前で表示"
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr "変換マップ"
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr "stat キャッシュ"
+
+#: param/loadparm.c:877
msgid "Domain Options"
msgstr "ドメイン オプション"
-#: ../param/loadparm.c:1000
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr "ドメイン管理グループ"
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr "ドメイン ゲスト グループ"
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr "グループ名マップ"
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr "マシン パスワード タイムアウト"
+
+#: param/loadparm.c:888
msgid "Logon Options"
msgstr "ログオン オプション"
-#: ../param/loadparm.c:1019
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr "ユーザ追加スクリプト"
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr "ユーザ削除スクリプト"
+
+#: param/loadparm.c:892
+#, fuzzy
+msgid "add group script"
+msgstr "ユーザ追加スクリプト"
+
+#: param/loadparm.c:893
+#, fuzzy
+msgid "delete group script"
+msgstr "ユーザ削除スクリプト"
+
+#: param/loadparm.c:894
+#, fuzzy
+msgid "add user to group script"
+msgstr "ユーザ追加スクリプト"
+
+#: param/loadparm.c:895
+#, fuzzy
+msgid "delete user from group script"
+msgstr "ユーザ削除スクリプト"
+
+#: param/loadparm.c:896
+#, fuzzy
+msgid "add machine script"
+msgstr "ユーザ追加スクリプト"
+
+#: param/loadparm.c:897
+#, fuzzy
+msgid "shutdown script"
+msgstr "ログオン スクリプト"
+
+#: param/loadparm.c:898
+#, fuzzy
+msgid "abort shutdown script"
+msgstr "ログオン スクリプト"
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr "ログオン スクリプト"
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr "ログオン パス"
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr "ログオン ドライブ"
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr "ログオン ホーム"
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr "ドメイン ログオン"
+
+#: param/loadparm.c:906
msgid "Browse Options"
-msgstr "ブラウジング オプション"
+msgstr "コンピュータ一覧表示オプション"
+
+#: param/loadparm.c:908
+msgid "os level"
+msgstr "os レベル"
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr "lm アナウンス"
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr "lm 間隔"
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr "優先するマスタ"
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr "優先するマスタ"
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr "ローカル マスタ"
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr "ドメイン マスタ"
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr "ブラウズ リスト"
-#: ../param/loadparm.c:1033
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr "ブラウズ可"
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr "ブラウズ可"
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr ""
+
+#: param/loadparm.c:920
msgid "WINS Options"
-msgstr "WINS オプション"
+msgstr "WINSオプション"
+
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr "dns プロキシ"
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr "wins プロキシ"
-#: ../param/loadparm.c:1043
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr "wins サーバ"
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr "wins サポート"
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr "wins フック"
+
+#: param/loadparm.c:928
msgid "Locking Options"
msgstr "ロッキング オプション"
-#: ../param/loadparm.c:1061
+#: param/loadparm.c:930
+#, fuzzy
+msgid "blocking locks"
+msgstr "ロック"
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr "偽装 oplock"
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr "カーネル oplock"
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr "ロック"
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr "便宜的ロック"
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr "level2 oplocks"
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr "oplock 中断の待ち時間"
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr "oplock 競合の限度"
+
+#: param/loadparm.c:939
+#, fuzzy
+msgid "posix locking"
+msgstr "厳密なロック"
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr "厳密なロック"
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr "共有モード"
+
+#: param/loadparm.c:944
msgid "Ldap Options"
-msgstr "LDAP オプション"
+msgstr "Ldap オプション"
+
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr "ldap サーバ"
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr "ldap ポート"
-#: ../param/loadparm.c:1078
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr "lpad サフィックス"
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr "ldap フィルター"
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr "ldap ルート"
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr "ldap ルート パスワード"
+
+#: param/loadparm.c:954
msgid "Miscellaneous Options"
msgstr "その他のオプション"
-#: ../param/loadparm.c:1138
-msgid "VFS module options"
-msgstr "VFS オプション"
+#: param/loadparm.c:955
+#, fuzzy
+msgid "add share command"
+msgstr "dfree コマンド"
+
+#: param/loadparm.c:956
+#, fuzzy
+msgid "change share command"
+msgstr "メッセージ コマンド"
+
+#: param/loadparm.c:957
+#, fuzzy
+msgid "delete share command"
+msgstr "メッセージ コマンド"
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr "設定ファイル"
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr "プリロード"
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr "自動サービス"
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr "ロック ディレクトリ"
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr "ロック ディレクトリ"
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr "utmp ディレクトリ"
+
+#: param/loadparm.c:966
+#, fuzzy
+msgid "wtmp directory"
+msgstr "utmp ディレクトリ"
+
+#: param/loadparm.c:967
+#, fuzzy
+msgid "utmp"
+msgstr "utmp ディレクトリ"
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr "既定サービス"
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr "既定"
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr "メッセージ コマンド"
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr "dfree コマンド"
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr "リモート アナウンス"
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr "リモートのブラウズリストを同期"
+
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr "ソ\ケット アドレス"
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr "ホームディレクトリ マップ"
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr "時間オフセット"
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr "NIS ホームディレクトリ"
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr "-valid"
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr "コピー"
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr "インクルード"
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr "実行"
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr "接続時に実行"
+
+#: param/loadparm.c:987
+#, fuzzy
+msgid "preexec close"
+msgstr "接続時に実行"
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr "切断時に実行"
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr "ルートで接続時実行"
+
+#: param/loadparm.c:990
+#, fuzzy
+msgid "root preexec close"
+msgstr "ルートで接続時実行"
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr "ルートで切断時実行"
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr "利用可能"
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr "ボリューム"
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr "ファイル システム タイプ"
+
+#: param/loadparm.c:995
+#, fuzzy
+msgid "set directory"
+msgstr "ディレクトリ"
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr "広くリンク"
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr "symlink 先を参照"
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr "下に降りないディレクトリ"
-#: ../param/loadparm.c:1148
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr "マジック スクリプト"
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr "マジック 出力"
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr "読み取りのみのファイルを削除"
+
+#: param/loadparm.c:1003
+#, fuzzy
+msgid "dos filemode"
+msgstr "dos のファイル時刻"
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr "dos のファイル時刻"
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr "dos のファイル時刻の分解能"
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr "偽のディレクトリ作成時刻"
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr "パニック アクション"
+
+#: param/loadparm.c:1009
+#, fuzzy
+msgid "hide local users"
+msgstr "ローカル マスタ"
+
+#: param/loadparm.c:1012
+msgid "VFS options"
+msgstr "VFSオプション"
+
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+#, fuzzy
+msgid "vfs options"
+msgstr "VFSオプション"
+
+#: param/loadparm.c:1018
+#, fuzzy
+msgid "msdfs root"
+msgstr "ldap ルート"
+
+#: param/loadparm.c:1019
+#, fuzzy
+msgid "host msdfs"
+msgstr "拒否するホスト"
+
+#: param/loadparm.c:1021
msgid "Winbind options"
-msgstr "Winbind オプション"
+msgstr "Winbindオプション"
+
+#: param/loadparm.c:1023
+#, fuzzy
+msgid "winbind uid"
+msgstr "Winbindオプション"
+
+#: param/loadparm.c:1024
+#, fuzzy
+msgid "winbind gid"
+msgstr "Winbindオプション"
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+#, fuzzy
+msgid "winbind separator"
+msgstr "Winbindオプション"
+
+#: param/loadparm.c:1028
+#, fuzzy
+msgid "winbind cache time"
+msgstr "lpq キャッシュ時間"
+
+#: param/loadparm.c:1029
+#, fuzzy
+msgid "winbind enum users"
+msgstr "無効なユーザ"
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
+
+#~ msgid "failed to open %s for writing\n"
+#~ msgstr "%s を書き込み用にオープンできません\n"
+
+#~ msgid "Can't reload %s\n"
+#~ msgstr "%s を再読み込みできません\n"
+
+#~ msgid "Can't setup password database vectors.\n"
+#~ msgstr "パスワード・データベースが見つけられません\n"
+
+#~ msgid "You need to have status=yes in your smb config file\n"
+#~ msgstr "smb.conf で status=yes を設定してください\n"
+
+#~ msgid "coding system"
+#~ msgstr "コーディング システム"
+
+#~ msgid "client code page"
+#~ msgstr "クライアント コードページ"
+
+#~ msgid "revalidate"
+#~ msgstr "再認証"
+
+#~ msgid "status"
+#~ msgstr "ステータス"
+
+#~ msgid "shared mem size"
+#~ msgstr "共有メモリ サイズ"
+
+#~ msgid "character set"
+#~ msgstr "文字セット"
+
+#~ msgid "domain groups"
+#~ msgstr "ドメイン グループ"
+
+#~ msgid "domain admin users"
+#~ msgstr "ドメイン管理ユーザ"
+
+#~ msgid "domain guest users"
+#~ msgstr "ドメイン ゲスト ユーザ"
+
+#~ msgid "ole locking compatibility"
+#~ msgstr "ole ロックの互換性"
+
+#~ msgid "smbrun"
+#~ msgstr "smbrun"
+
+#, fuzzy
+#~ msgid "wtmp dir"
+#~ msgstr "utmp ディレクトリ"
+
+#~ msgid "unix realname"
+#~ msgstr "unix の本名"
diff --git a/source/po/pl.msg b/source/po/pl.msg
index a7e56453bfc..c547a94c936 100644
--- a/source/po/pl.msg
+++ b/source/po/pl.msg
@@ -18,7 +18,7 @@
msgid ""
msgstr ""
"Project-Id-Version: i18n_swat \n"
-"POT-Creation-Date: 2003-10-06 05:30+0900\n"
+"POT-Creation-Date: 2001-09-20 20:29+0900\n"
"PO-Revision-Date: 2001-08-15 22:45+02:00\n"
"Last-Translator: Rafal Szczesniak <mimir@spin.ict.pwr.wroc.pl>\n"
"Language-Team: pl\n"
@@ -26,568 +26,1748 @@ msgstr ""
"Content-Type: text/plain; charset=iso-8859-2\n"
"Content-Transfer-Encoding: \n"
-#: ../web/swat.c:117
+#: web/swat.c:120
#, c-format
-msgid "ERROR: Can't open %s"
-msgstr ""
+msgid "ERROR: Can't open %s\n"
+msgstr "B」。D: Nie moソna otworzy %s\n"
-#: ../web/swat.c:200
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
msgid "Help"
msgstr "Pomoc"
-#: ../web/swat.c:206 ../web/swat.c:220 ../web/swat.c:235 ../web/swat.c:243 ../web/swat.c:252 ../web/swat.c:261 ../web/swat.c:267 ../web/swat.c:273 ../web/swat.c:286
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
msgid "Set Default"
msgstr "Ustaw domyカlnie"
-#: ../web/swat.c:408
-#, c-format
-msgid "failed to open %s for writing"
-msgstr ""
-
-#: ../web/swat.c:431
+#: web/swat.c:502
#, c-format
-msgid "Can't reload %s"
-msgstr ""
-
-#: ../web/swat.c:501
-#, c-format
-msgid "Logged in as <b>%s</b>"
+msgid "Logged in as <b>%s</b><p>\n"
msgstr "Zalogowany jako <b>%s</b><p>\n"
-#: ../web/swat.c:505
+#: web/swat.c:505
msgid "Home"
msgstr "Strona domowa"
-#: ../web/swat.c:507
+#: web/swat.c:507
msgid "Globals"
msgstr "Ustawienia globalne"
-#: ../web/swat.c:508
+#: web/swat.c:508
msgid "Shares"
msgstr "Wspウudziaウy"
-#: ../web/swat.c:509
+#: web/swat.c:509
msgid "Printers"
msgstr "Drukarki"
-#: ../web/swat.c:510
-msgid "Wizard"
-msgstr ""
-
-#: ../web/swat.c:513
+#: web/swat.c:512
msgid "Status"
msgstr "Status"
-#: ../web/swat.c:514
+#: web/swat.c:513
msgid "View Config"
msgstr "Przejrzyj Konfiguracj"
-#: ../web/swat.c:516
+#: web/swat.c:515
msgid "Password Management"
msgstr "Zarzアdzanie Hasウami"
-#: ../web/swat.c:526
-msgid "Current View Is"
-msgstr "Bieソアca Konfiguracja"
-
-#: ../web/swat.c:527 ../web/swat.c:530
-msgid "Basic"
-msgstr "Widok Podstawowy"
-
-#: ../web/swat.c:528 ../web/swat.c:531
-msgid "Advanced"
-msgstr "Widok Zaawansowany"
-
-#: ../web/swat.c:529
-msgid "Change View To"
-msgstr "Zmie Hasウo"
-
-#: ../web/swat.c:554
+#: web/swat.c:539
msgid "Current Config"
msgstr "Bieソアca Konfiguracja"
-#: ../web/swat.c:558
+#: web/swat.c:543
msgid "Normal View"
msgstr "Normalny Widok"
-#: ../web/swat.c:560
+#: web/swat.c:545
msgid "Full View"
msgstr "Peウny Widok"
-#. Here we first set and commit all the parameters that were selected
-#. in the previous screen.
-#: ../web/swat.c:579
-msgid "Wizard Parameter Edit Page"
-msgstr ""
-
-#: ../web/swat.c:608
-msgid "Note: smb.conf file has been read and rewritten"
-msgstr ""
-
-#. Here we go ...
-#: ../web/swat.c:716
-msgid "Samba Configuration Wizard"
-msgstr ""
-
-#: ../web/swat.c:720
-msgid "The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."
-msgstr ""
-
-#: ../web/swat.c:721
-msgid "The same will happen if you press the commit button."
-msgstr ""
-
-#: ../web/swat.c:724
-msgid "Rewrite smb.conf file"
-msgstr ""
-
-#: ../web/swat.c:725
-msgid "Commit"
-msgstr "Potwierdシ Zmiany"
-
-#: ../web/swat.c:726
-msgid "Edit Parameter Values"
-msgstr "Parametry Drukarki"
-
-#: ../web/swat.c:732
-msgid "Server Type"
-msgstr ""
-
-#: ../web/swat.c:733
-msgid "Stand Alone"
-msgstr "Uruchom nmbd"
-
-#: ../web/swat.c:734
-msgid "Domain Member"
-msgstr ""
-
-#: ../web/swat.c:735
-msgid "Domain Controller"
-msgstr ""
-
-#: ../web/swat.c:738
-msgid "Unusual Type in smb.conf - Please Select New Mode"
-msgstr ""
-
-#: ../web/swat.c:740
-msgid "Configure WINS As"
-msgstr ""
-
-#: ../web/swat.c:741
-msgid "Not Used"
-msgstr ""
-
-#: ../web/swat.c:742
-msgid "Server for client use"
-msgstr ""
-
-#: ../web/swat.c:743
-msgid "Client of another WINS server"
-msgstr ""
-
-#: ../web/swat.c:745
-msgid "Remote WINS Server"
-msgstr ""
-
-#: ../web/swat.c:756
-msgid "Error: WINS Server Mode and WINS Support both set in smb.conf"
-msgstr ""
-
-#: ../web/swat.c:757
-msgid "Please Select desired WINS mode above."
-msgstr ""
-
-#: ../web/swat.c:759
-msgid "Expose Home Directories"
-msgstr ""
-
-#: ../web/swat.c:774
-msgid "The above configuration options will set multiple parameters and will generally assist with rapid Samba deployment."
-msgstr ""
-
-#: ../web/swat.c:787
-msgid "Global Parameters"
+#: web/swat.c:561
+msgid "Global Variables"
msgstr "Zmienne Globalne"
-#: ../web/swat.c:815 ../web/swat.c:916 ../web/swat.c:1265
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
msgid "Commit Changes"
msgstr "Potwierdシ Zmiany"
-#: ../web/swat.c:819 ../web/swat.c:919 ../web/swat.c:1267
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
msgid "Reset Values"
msgstr "Zresetuj Wartoカci"
-#: ../web/swat.c:844
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "Widok Zaawansowany"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "Widok Podstawowy"
+
+#: web/swat.c:613
msgid "Share Parameters"
msgstr "Parametry Wspウudziaウu"
-#: ../web/swat.c:887
+#: web/swat.c:642
msgid "Choose Share"
msgstr "Wybierz Wspウudziaウ"
-#: ../web/swat.c:901
+#: web/swat.c:656
msgid "Delete Share"
msgstr "Usu Wspウudziaウ"
-#: ../web/swat.c:908
+#: web/swat.c:663
msgid "Create Share"
msgstr "Utwrz Wspウudziaウ"
-#: ../web/swat.c:944
-msgid "password change in demo mode rejected"
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
msgstr "zmiana hasウa w trybie demo odrzucona\n"
-#: ../web/swat.c:957
-msgid "Can't setup password database vectors."
-msgstr ""
-
-#: ../web/swat.c:983
-msgid " Must specify \"User Name\" "
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
msgstr " Musisz poda \"Nazw Uソytkownika\" \n"
-#: ../web/swat.c:999
-msgid " Must specify \"Old Password\" "
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
msgstr " Musisz poda \"Stare Hasウo\" \n"
-#: ../web/swat.c:1005
-msgid " Must specify \"Remote Machine\" "
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
msgstr " Musisz poda \"Zdalnア Maszyn鷭" \n"
-#: ../web/swat.c:1012
-msgid " Must specify \"New, and Re-typed Passwords\" "
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
msgstr " Musisz poda \"Nowe Hasウo, i ponownie wpisane Nowe Hasウo\" \n"
-#: ../web/swat.c:1018
-msgid " Re-typed password didn't match new password "
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
msgstr " Ponownie wpisane hasウo nie pasuje do nowego hasウa\n"
-#: ../web/swat.c:1048
+#: web/swat.c:812
#, c-format
-msgid " The passwd for '%s' has been changed."
+msgid " The passwd for '%s' has been changed. \n"
msgstr " Hasウo dla '%s' zostaウo zmienione. \n"
-#: ../web/swat.c:1051
+#: web/swat.c:814
#, c-format
-msgid " The passwd for '%s' has NOT been changed."
+msgid " The passwd for '%s' has NOT been changed. \n"
msgstr " Hasウo dla '%s' NIE zostaウo zmienione. \n"
-#: ../web/swat.c:1076
+#: web/swat.c:838
msgid "Server Password Management"
msgstr "Zarzアdzanie Hasウami na Serwerze"
#.
#. * Create all the dialog boxes for data collection
#.
-#: ../web/swat.c:1085 ../web/swat.c:1132
-msgid "User Name"
-msgstr " Nazwa Uソytkownika"
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr " Nazwa Uソytkownika : "
-#: ../web/swat.c:1088 ../web/swat.c:1134
-msgid "Old Password"
-msgstr " Stare Hasウo"
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr " Stare Hasウo : "
-#: ../web/swat.c:1091 ../web/swat.c:1136
-msgid "New Password"
-msgstr " Nowe Hasウo"
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr " Nowe Hasウo : "
-#: ../web/swat.c:1093 ../web/swat.c:1138
-msgid "Re-type New Password"
-msgstr " Ponownie wpisz Nowe Hasウo"
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr " Ponownie wpisz Nowe Hasウo : "
-#: ../web/swat.c:1101 ../web/swat.c:1149
+#: web/swat.c:863 web/swat.c:911
msgid "Change Password"
msgstr "Zmie Hasウo"
-#: ../web/swat.c:1104
+#: web/swat.c:866
msgid "Add New User"
msgstr "Dodaj Nowego Uソytkownika"
-#: ../web/swat.c:1106
+#: web/swat.c:868
msgid "Delete User"
msgstr "Usu Uソytkownika"
-#: ../web/swat.c:1108
+#: web/swat.c:870
msgid "Disable User"
msgstr "Zablokuj Uソytkownika"
-#: ../web/swat.c:1110
+#: web/swat.c:872
msgid "Enable User"
msgstr "Odblokuj Uソytkownika"
-#: ../web/swat.c:1123
+#: web/swat.c:885
msgid "Client/Server Password Management"
msgstr "Zarzアdzanie Hasウami Klient/Serwer"
-#: ../web/swat.c:1140
-msgid "Remote Machine"
-msgstr " Zdalna Maszyna"
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr " Zdalna Maszyna : "
-#: ../web/swat.c:1179
+#: web/swat.c:940
msgid "Printer Parameters"
msgstr "Parametry Drukarki"
-#: ../web/swat.c:1181
+#: web/swat.c:942
msgid "Important Note:"
msgstr "Waソna Informacja:"
-#: ../web/swat.c:1182
+#: web/swat.c:943
msgid "Printer names marked with [*] in the Choose Printer drop-down box "
msgstr "Nazwy Drukarek zaznaczone [*] w rozwijanym polu Wybierz Drukark "
-#: ../web/swat.c:1183
+#: web/swat.c:944
msgid "are autoloaded printers from "
msgstr "sア drukarkami automatycznie ウadowanymi z "
-#: ../web/swat.c:1184
+#: web/swat.c:945
msgid "Printcap Name"
msgstr "Nazwa Printcap"
-#: ../web/swat.c:1185
-msgid "Attempting to delete these printers from SWAT will have no effect."
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
msgstr "Prby usuni鹹ia tych drukarek ze SWAT nie przyniosア efektu.\n"
-#: ../web/swat.c:1231
+#: web/swat.c:980
msgid "Choose Printer"
msgstr "Wybierz Drukark"
-#: ../web/swat.c:1250
+#: web/swat.c:999
msgid "Delete Printer"
msgstr "Usu Drukark"
-#: ../web/swat.c:1257
+#: web/swat.c:1006
msgid "Create Printer"
msgstr "Utwrz Drukark"
-#: ../web/statuspage.c:123
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr ""
+
+#: web/statuspage.c:41
+msgid "DENY_ALL "
+msgstr ""
+
+#: web/statuspage.c:42
+msgid "DENY_DOS "
+msgstr ""
+
+#: web/statuspage.c:43
+msgid "DENY_READ "
+msgstr ""
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr ""
+
+#: web/statuspage.c:50
msgid "RDONLY "
msgstr ""
-#: ../web/statuspage.c:124
+#: web/statuspage.c:51
msgid "WRONLY "
msgstr ""
-#: ../web/statuspage.c:125
+#: web/statuspage.c:52
msgid "RDWR "
msgstr ""
-#: ../web/statuspage.c:309
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr ""
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE "
+msgstr ""
+
+#: web/statuspage.c:64
+msgid "BATCH "
+msgstr ""
+
+#: web/statuspage.c:66
+msgid "LEVEL_II "
+msgstr ""
+
+#: web/statuspage.c:68
+msgid "NONE "
+msgstr ""
+
+#: web/statuspage.c:195
msgid "Server Status"
msgstr "Status Serwera"
-#: ../web/statuspage.c:314
+#: web/statuspage.c:200
msgid "Auto Refresh"
msgstr "Automatyczne Odカwieソanie"
-#: ../web/statuspage.c:315 ../web/statuspage.c:320
+#: web/statuspage.c:201 web/statuspage.c:206
msgid "Refresh Interval: "
msgstr "Interwaウ Odカwieソania: "
-#: ../web/statuspage.c:319
+#: web/statuspage.c:205
msgid "Stop Refreshing"
msgstr "Zatrzymaj Odカwieソanie"
-#: ../web/statuspage.c:334
+#: web/statuspage.c:220
msgid "version:"
msgstr "wersja:"
-#: ../web/statuspage.c:337
+#: web/statuspage.c:223
msgid "smbd:"
msgstr ""
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "running"
msgstr "dziaウa"
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "not running"
msgstr "nie dziaウa"
-#: ../web/statuspage.c:341
+#: web/statuspage.c:226
msgid "Stop smbd"
msgstr "Zatrzymaj smbd"
-#: ../web/statuspage.c:343
+#: web/statuspage.c:228
msgid "Start smbd"
msgstr "Uruchom smbd"
-#: ../web/statuspage.c:345
+#: web/statuspage.c:230
msgid "Restart smbd"
msgstr "Zrestartuj smbd"
-#: ../web/statuspage.c:350
+#: web/statuspage.c:235
msgid "nmbd:"
msgstr ""
-#: ../web/statuspage.c:354
+#: web/statuspage.c:238
msgid "Stop nmbd"
msgstr "Zatrzymaj nmbd"
-#: ../web/statuspage.c:356
+#: web/statuspage.c:240
msgid "Start nmbd"
msgstr "Uruchom nmbd"
-#: ../web/statuspage.c:358
+#: web/statuspage.c:242
msgid "Restart nmbd"
msgstr "Zrestartuj nmbd"
-#: ../web/statuspage.c:364
-msgid "winbindd:"
-msgstr ""
-
-#: ../web/statuspage.c:368
-msgid "Stop winbindd"
-msgstr "Zatrzymaj nmbd"
-
-#: ../web/statuspage.c:370
-msgid "Start winbindd"
-msgstr "Uruchom nmbd"
-
-#: ../web/statuspage.c:372
-msgid "Restart winbindd"
-msgstr "Zrestartuj nmbd"
-
-#. stop, restart all
-#: ../web/statuspage.c:381
-msgid "Stop All"
-msgstr ""
-
-#: ../web/statuspage.c:382
-msgid "Restart All"
-msgstr "Zrestartuj nmbd"
-
-#. start all
-#: ../web/statuspage.c:386
-msgid "Start All"
-msgstr "Uruchom nmbd"
-
-#: ../web/statuspage.c:393
+#: web/statuspage.c:249
msgid "Active Connections"
msgstr "Aktywne Poウアczenia"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "PID"
msgstr ""
-#: ../web/statuspage.c:395 ../web/statuspage.c:408
+#: web/statuspage.c:251 web/statuspage.c:264
msgid "Client"
msgstr "Klient"
-#: ../web/statuspage.c:395
+#: web/statuspage.c:251
msgid "IP address"
msgstr "adres IP"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "Date"
msgstr "Data"
-#: ../web/statuspage.c:397
+#: web/statuspage.c:253
msgid "Kill"
msgstr "Zatrzymaj"
-#: ../web/statuspage.c:405
+#: web/statuspage.c:261
msgid "Active Shares"
msgstr "Aktywne Wspウudziaウy"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Share"
msgstr "Wspウudziaウ"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "User"
msgstr "Uソytkownik"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Group"
msgstr "Grupa"
-#: ../web/statuspage.c:414
+#: web/statuspage.c:270
msgid "Open Files"
msgstr "Otwarte Pliki"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Sharing"
msgstr "Wspウdzielenie"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "R/W"
msgstr ""
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Oplock"
msgstr ""
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "File"
msgstr "Plik"
-#: ../web/statuspage.c:425
-msgid "Show Client in col 1"
+#: param/loadparm.c:641
+msgid "Base Options"
+msgstr "Bazowe Opcje"
+
+#: param/loadparm.c:643
+#, fuzzy
+msgid "dos charset"
+msgstr "Wybierz Wspウudziaウ"
+
+#: param/loadparm.c:644
+msgid "unix charset"
msgstr ""
-#: ../web/statuspage.c:426
-msgid "Show PID in col 1"
+#: param/loadparm.c:645
+msgid "display charset"
msgstr ""
-#: ../param/loadparm.c:755
-msgid "Base Options"
-msgstr "Bazowe Opcje"
+#: param/loadparm.c:646
+msgid "comment"
+msgstr ""
-#: ../param/loadparm.c:775
+#: param/loadparm.c:647
+msgid "path"
+msgstr ""
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr ""
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr ""
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr ""
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr ""
+
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr ""
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr ""
+
+#: param/loadparm.c:654
+#, fuzzy
+msgid "interfaces"
+msgstr "Drukarki"
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr ""
+
+#: param/loadparm.c:657
msgid "Security Options"
msgstr "Opcje Zabezpiecze"
-#: ../param/loadparm.c:859
+#: param/loadparm.c:659
+msgid "security"
+msgstr ""
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr ""
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr ""
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr ""
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr ""
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr ""
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr ""
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr ""
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr ""
+
+#: param/loadparm.c:668
+#, fuzzy
+msgid "null passwords"
+msgstr "Zmie Hasウo"
+
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
+msgstr ""
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr ""
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr ""
+
+#: param/loadparm.c:672
+msgid "private dir"
+msgstr ""
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr ""
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr ""
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr ""
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr ""
+
+#: param/loadparm.c:678
+#, fuzzy
+msgid "pam password change"
+msgstr "Zarzアdzanie Hasウami"
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr ""
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr ""
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr ""
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr ""
+
+#: param/loadparm.c:683
+#, fuzzy
+msgid "password level"
+msgstr "Zarzアdzanie Hasウami"
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr ""
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr ""
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr ""
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr ""
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr ""
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr ""
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr ""
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr ""
+
+#: param/loadparm.c:693
+#, fuzzy
+msgid "user"
+msgstr "Uソytkownik"
+
+#: param/loadparm.c:694
+#, fuzzy
+msgid "users"
+msgstr "Uソytkownik"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr ""
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr ""
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr ""
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr ""
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr ""
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr ""
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr ""
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr ""
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr ""
+
+#: param/loadparm.c:705
+#, fuzzy
+msgid "group"
+msgstr "Grupa"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr ""
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr ""
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr ""
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr ""
+
+#: param/loadparm.c:712
+#, fuzzy
+msgid "create mask"
+msgstr "Utwrz Wspウudziaウ"
+
+#: param/loadparm.c:713
+#, fuzzy
+msgid "create mode"
+msgstr "Utwrz Wspウudziaウ"
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr ""
+
+#: param/loadparm.c:715
+#, fuzzy
+msgid "security mask"
+msgstr "Opcje Zabezpiecze"
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr ""
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr ""
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr ""
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr ""
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr ""
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr ""
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr ""
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr ""
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr ""
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr ""
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr ""
+
+#: param/loadparm.c:729
+#, fuzzy
+msgid "only user"
+msgstr "Odblokuj Uソytkownika"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr ""
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr ""
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr ""
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr ""
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "Opcje SSL"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr ""
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr ""
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr ""
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr ""
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr ""
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr ""
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr ""
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr ""
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr ""
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr ""
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr ""
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr ""
+
+#: param/loadparm.c:750
+#, fuzzy
+msgid "ssl version"
+msgstr "wersja:"
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr ""
+
+#: param/loadparm.c:754
+#, fuzzy
msgid "Logging Options"
msgstr "Opcje Blokowania"
-#: ../param/loadparm.c:874
+#: param/loadparm.c:755
+msgid "log level"
+msgstr ""
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr ""
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr ""
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr ""
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr ""
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr ""
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr ""
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr ""
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr ""
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr ""
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr ""
+
+#: param/loadparm.c:768
msgid "Protocol Options"
msgstr "Opcje Protokoウu"
-#: ../param/loadparm.c:911
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr ""
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
+
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr ""
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr ""
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr ""
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr ""
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr ""
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr ""
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr ""
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr ""
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr ""
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr ""
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr ""
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr ""
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr ""
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr ""
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr ""
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr ""
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr ""
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr ""
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr ""
+
+#: param/loadparm.c:795
msgid "Tuning Options"
msgstr "Opcje Dostrajajアce"
-#: ../param/loadparm.c:940
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr ""
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr ""
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr ""
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr ""
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr ""
+
+#: param/loadparm.c:804
+#, fuzzy
+msgid "max connections"
+msgstr "Aktywne Poウアczenia"
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr ""
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr ""
+
+#: param/loadparm.c:807
+#, fuzzy
+msgid "max open files"
+msgstr "Otwarte Pliki"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr ""
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr ""
+
+#: param/loadparm.c:811
+#, fuzzy
+msgid "socket options"
+msgstr "Bazowe Opcje"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr ""
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr ""
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr ""
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr ""
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr ""
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr ""
+
+#: param/loadparm.c:820
msgid "Printing Options"
msgstr "Opcje Drukowania"
-#: ../param/loadparm.c:970
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr ""
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr ""
+
+#: param/loadparm.c:824
+#, fuzzy
+msgid "load printers"
+msgstr "Drukarki"
+
+#: param/loadparm.c:825
+#, fuzzy
+msgid "printcap name"
+msgstr "Nazwa Printcap"
+
+#: param/loadparm.c:826
+#, fuzzy
+msgid "printcap"
+msgstr "Nazwa Printcap"
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr ""
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr ""
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr ""
+
+#: param/loadparm.c:830
+#, fuzzy
+msgid "printing"
+msgstr "dziaウa"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr ""
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr ""
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr ""
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr ""
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr ""
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr ""
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr ""
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr ""
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr ""
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr ""
+
+#: param/loadparm.c:842
+#, fuzzy
+msgid "deleteprinter command"
+msgstr "Usu Drukark"
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr ""
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr ""
+
+#: param/loadparm.c:846
+#, fuzzy
+msgid "printer name"
+msgstr "Parametry Drukarki"
+
+#: param/loadparm.c:847
+#, fuzzy
+msgid "printer"
+msgstr "Drukarki"
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr ""
+
+#: param/loadparm.c:849
+#, fuzzy
+msgid "printer driver"
+msgstr "Parametry Drukarki"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr ""
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr ""
+
+#: param/loadparm.c:853
msgid "Filename Handling"
msgstr "Obsウuga Nazw Plikw"
-#: ../param/loadparm.c:996
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr ""
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr ""
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr ""
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr ""
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr ""
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr ""
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr ""
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr ""
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr ""
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr ""
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr ""
+
+#: param/loadparm.c:867
+#, fuzzy
+msgid "veto files"
+msgstr "Otwarte Pliki"
+
+#: param/loadparm.c:868
+#, fuzzy
+msgid "hide files"
+msgstr "Otwarte Pliki"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr ""
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr ""
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr ""
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr ""
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr ""
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr ""
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr ""
+
+#: param/loadparm.c:877
msgid "Domain Options"
msgstr "Opcje Domeny"
-#: ../param/loadparm.c:1000
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr ""
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr ""
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr ""
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr ""
+
+#: param/loadparm.c:888
msgid "Logon Options"
msgstr "Opcje Logowania"
-#: ../param/loadparm.c:1019
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr ""
+
+#: param/loadparm.c:891
+#, fuzzy
+msgid "delete user script"
+msgstr "Usu Uソytkownika"
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr ""
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr ""
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr ""
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr ""
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr ""
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr ""
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr ""
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr ""
+
+#: param/loadparm.c:901
+#, fuzzy
+msgid "logon path"
+msgstr "Opcje Logowania"
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr ""
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr ""
+
+#: param/loadparm.c:904
+#, fuzzy
+msgid "domain logons"
+msgstr "Opcje Domeny"
+
+#: param/loadparm.c:906
msgid "Browse Options"
msgstr "Opcje Przeglアdania"
-#: ../param/loadparm.c:1033
+#: param/loadparm.c:908
+msgid "os level"
+msgstr ""
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr ""
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr ""
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr ""
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr ""
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr ""
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr ""
+
+#: param/loadparm.c:915
+#, fuzzy
+msgid "browse list"
+msgstr "Opcje Przeglアdania"
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr ""
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr ""
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr ""
+
+#: param/loadparm.c:920
msgid "WINS Options"
msgstr "Opcje WINS"
-#: ../param/loadparm.c:1043
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr ""
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr ""
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr ""
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr ""
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr ""
+
+#: param/loadparm.c:928
msgid "Locking Options"
msgstr "Opcje Blokowania"
-#: ../param/loadparm.c:1061
+#: param/loadparm.c:930
+#, fuzzy
+msgid "blocking locks"
+msgstr "Opcje Blokowania"
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr ""
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr ""
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr ""
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr ""
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr ""
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr ""
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr ""
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr ""
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr ""
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr ""
+
+#: param/loadparm.c:944
msgid "Ldap Options"
msgstr "Opcje Ldap"
-#: ../param/loadparm.c:1078
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr ""
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr ""
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr ""
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr ""
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr ""
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr ""
+
+#: param/loadparm.c:954
msgid "Miscellaneous Options"
msgstr "Pozostaウe Opcje"
-#: ../param/loadparm.c:1138
-msgid "VFS module options"
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr ""
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr ""
+
+#: param/loadparm.c:957
+#, fuzzy
+msgid "delete share command"
+msgstr "Usu Wspウudziaウ"
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr ""
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr ""
+
+#: param/loadparm.c:961
+#, fuzzy
+msgid "auto services"
+msgstr "Automatyczne Odカwieソanie"
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr ""
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr ""
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr ""
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr ""
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr ""
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr ""
+
+#: param/loadparm.c:971
+#, fuzzy
+msgid "default"
+msgstr "Ustaw domyカlnie"
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr ""
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr ""
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr ""
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr ""
+
+#: param/loadparm.c:976
+#, fuzzy
+msgid "socket address"
+msgstr "adres IP"
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr ""
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr ""
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr ""
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr ""
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr ""
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr ""
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr ""
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr ""
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr ""
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr ""
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr ""
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr ""
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr ""
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr ""
+
+#: param/loadparm.c:993
+#, fuzzy
+msgid "volume"
+msgstr "Strona domowa"
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr ""
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr ""
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr ""
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr ""
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr ""
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr ""
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr ""
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr ""
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr ""
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr ""
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr ""
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr ""
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr ""
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr ""
+
+#: param/loadparm.c:1012
+#, fuzzy
+msgid "VFS options"
msgstr "Opcje WINS"
-#: ../param/loadparm.c:1148
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+#, fuzzy
+msgid "vfs options"
+msgstr "Bazowe Opcje"
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr ""
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr ""
+
+#: param/loadparm.c:1021
+#, fuzzy
msgid "Winbind options"
msgstr "Opcje Drukowania"
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr ""
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr ""
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr ""
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr ""
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr ""
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
+
+#~ msgid "failed to open %s for writing\n"
+#~ msgstr "nie udaウo si otworzy %s do zapisu\n"
+
+#~ msgid "Can't reload %s\n"
+#~ msgstr "Nie mog przeウadowa %s\n"
+
+#~ msgid "Can't setup password database vectors.\n"
+#~ msgstr "Nie moソna ustawi wektorw bazy haseウ.\n"
+
+#~ msgid "You need to have status=yes in your smb config file\n"
+#~ msgstr "Musisz mie status=yes w swoim pliku konfiguracyjnym smb\n"
diff --git a/source/po/tr.msg b/source/po/tr.msg
index 8ef551da46a..6c2bc1f93d8 100644
--- a/source/po/tr.msg
+++ b/source/po/tr.msg
@@ -1,5 +1,6 @@
-# Turkish messages for international release of SWAT.
-# Copyright (C) 2001 Deniz Akkus Kanca <deniz@arayan.com>
+# Swat Turkish Translation
+# Copyright (C) 2001 Deniz Akkus Kanca
+# Deniz Akkus Kanca <deniz@arayan.com>, 2001.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -14,11 +15,10 @@
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
msgid ""
msgstr ""
"Project-Id-Version: i18n_swat \n"
-"POT-Creation-Date: 2003-10-06 05:30+0900\n"
+"POT-Creation-Date: 2001-09-20 20:29+0900\n"
"PO-Revision-Date: 2001-09-20 22:51EEST\n"
"Last-Translator: Deniz Akkus Kanca <deniz@arayan.com>\n"
"Language-Team: Turkish <gnu-tr-u12a@lists.sourceforge.net>\n"
@@ -27,568 +27,1697 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: KBabel 0.9.1\n"
-#: ../web/swat.c:117
+#: web/swat.c:120
#, c-format
-msgid "ERROR: Can't open %s"
-msgstr ""
+msgid "ERROR: Can't open %s\n"
+msgstr "HATA: %s alamad\n"
-#: ../web/swat.c:200
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
msgid "Help"
msgstr "Yardm"
-#: ../web/swat.c:206 ../web/swat.c:220 ../web/swat.c:235 ../web/swat.c:243 ../web/swat.c:252 ../web/swat.c:261 ../web/swat.c:267 ../web/swat.c:273 ../web/swat.c:286
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
msgid "Set Default"
msgstr "ヨntanmlya Ayarla"
-#: ../web/swat.c:408
+#: web/swat.c:502
#, c-format
-msgid "failed to open %s for writing"
-msgstr ""
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr "<b>%s</b> kimlii ile oturum alm<p>\n"
-#: ../web/swat.c:431
-#, c-format
-msgid "Can't reload %s"
-msgstr ""
-
-#: ../web/swat.c:501
-#, c-format
-msgid "Logged in as <b>%s</b>"
-msgstr "<b>%s</b> kimlii ile oturum alm"
-
-#: ../web/swat.c:505
+#: web/swat.c:505
msgid "Home"
msgstr "Ev"
-#: ../web/swat.c:507
+#: web/swat.c:507
msgid "Globals"
msgstr "Evrenseller"
-#: ../web/swat.c:508
+#: web/swat.c:508
msgid "Shares"
msgstr "Paylamlar"
-#: ../web/swat.c:509
+#: web/swat.c:509
msgid "Printers"
msgstr "Yazclar"
-#: ../web/swat.c:510
-msgid "Wizard"
-msgstr ""
-
-#: ../web/swat.c:513
+#: web/swat.c:512
msgid "Status"
msgstr "Durum"
-#: ../web/swat.c:514
+#: web/swat.c:513
msgid "View Config"
msgstr "Ayarlara Gzat"
-#: ../web/swat.c:516
+#: web/swat.c:515
msgid "Password Management"
msgstr "゙ifre Ynetimi"
-#: ../web/swat.c:526
-msgid "Current View Is"
-msgstr "゙imdiki Ayarlar"
-
-#: ../web/swat.c:527 ../web/swat.c:530
-msgid "Basic"
-msgstr "Temel Grnm"
-
-#: ../web/swat.c:528 ../web/swat.c:531
-msgid "Advanced"
-msgstr "Gelimi Grnm"
-
-#: ../web/swat.c:529
-msgid "Change View To"
-msgstr "゙ifre Deitir"
-
-#: ../web/swat.c:554
+#: web/swat.c:539
msgid "Current Config"
msgstr "゙imdiki Ayarlar"
-#: ../web/swat.c:558
+#: web/swat.c:543
msgid "Normal View"
msgstr "Normal Grnm"
-#: ../web/swat.c:560
+#: web/swat.c:545
msgid "Full View"
msgstr "Tam Grnm"
-#. Here we first set and commit all the parameters that were selected
-#. in the previous screen.
-#: ../web/swat.c:579
-msgid "Wizard Parameter Edit Page"
-msgstr ""
-
-#: ../web/swat.c:608
-msgid "Note: smb.conf file has been read and rewritten"
-msgstr ""
-
-#. Here we go ...
-#: ../web/swat.c:716
-msgid "Samba Configuration Wizard"
-msgstr ""
-
-#: ../web/swat.c:720
-msgid "The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."
-msgstr ""
-
-#: ../web/swat.c:721
-msgid "The same will happen if you press the commit button."
-msgstr ""
-
-#: ../web/swat.c:724
-msgid "Rewrite smb.conf file"
-msgstr ""
-
-#: ../web/swat.c:725
-msgid "Commit"
-msgstr "aklama"
-
-#: ../web/swat.c:726
-msgid "Edit Parameter Values"
-msgstr "Yazc Bilgileri"
-
-#: ../web/swat.c:732
-msgid "Server Type"
-msgstr ""
-
-#: ../web/swat.c:733
-msgid "Stand Alone"
-msgstr "Nmbd'yi 軋ltr"
-
-#: ../web/swat.c:734
-msgid "Domain Member"
-msgstr "alan sunucusu"
-
-#: ../web/swat.c:735
-msgid "Domain Controller"
-msgstr "alan sunucusu"
-
-#: ../web/swat.c:738
-msgid "Unusual Type in smb.conf - Please Select New Mode"
-msgstr ""
-
-#: ../web/swat.c:740
-msgid "Configure WINS As"
-msgstr ""
-
-#: ../web/swat.c:741
-msgid "Not Used"
-msgstr "dont descend"
-
-#: ../web/swat.c:742
-msgid "Server for client use"
-msgstr ""
-
-#: ../web/swat.c:743
-msgid "Client of another WINS server"
-msgstr ""
-
-#: ../web/swat.c:745
-msgid "Remote WINS Server"
-msgstr ""
-
-#: ../web/swat.c:756
-msgid "Error: WINS Server Mode and WINS Support both set in smb.conf"
-msgstr ""
-
-#: ../web/swat.c:757
-msgid "Please Select desired WINS mode above."
-msgstr ""
-
-#: ../web/swat.c:759
-msgid "Expose Home Directories"
-msgstr ""
-
-#: ../web/swat.c:774
-msgid "The above configuration options will set multiple parameters and will generally assist with rapid Samba deployment."
-msgstr ""
-
-#: ../web/swat.c:787
-msgid "Global Parameters"
+#: web/swat.c:561
+msgid "Global Variables"
msgstr "Genel Deikenler"
-#: ../web/swat.c:815 ../web/swat.c:916 ../web/swat.c:1265
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
msgid "Commit Changes"
msgstr "Deiiklikleri Kaydet"
-#: ../web/swat.c:819 ../web/swat.c:919 ../web/swat.c:1267
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
msgid "Reset Values"
msgstr "Deerleri ンlk Haline Getir"
-#: ../web/swat.c:844
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "Gelimi Grnm"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "Temel Grnm"
+
+#: web/swat.c:613
msgid "Share Parameters"
msgstr "Paylam Parametreleri"
-#: ../web/swat.c:887
+#: web/swat.c:642
msgid "Choose Share"
msgstr "Paylam Se輅n"
-#: ../web/swat.c:901
+#: web/swat.c:656
msgid "Delete Share"
msgstr "Paylam Kaldr"
-#: ../web/swat.c:908
+#: web/swat.c:663
msgid "Create Share"
msgstr "Paylam Olutur"
-#: ../web/swat.c:944
-msgid "password change in demo mode rejected"
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
msgstr "demo kipinde ifre deiiklii kabul edilmedi\n"
-#: ../web/swat.c:957
-msgid "Can't setup password database vectors."
-msgstr ""
-
-#: ../web/swat.c:983
-msgid " Must specify \"User Name\" "
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
msgstr " \"Kullanc Ad\" belirtilmeli \n"
-#: ../web/swat.c:999
-msgid " Must specify \"Old Password\" "
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
msgstr " \"Eski ゙ifre\" belirtilmeli \n"
-#: ../web/swat.c:1005
-msgid " Must specify \"Remote Machine\" "
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
msgstr " \"Uzak Makina\" belirtilmeli \n"
-#: ../web/swat.c:1012
-msgid " Must specify \"New, and Re-typed Passwords\" "
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
msgstr " \"Yeni ve Tekrar Girilmi ゙ifreler\" belirtilmeli \n"
-#: ../web/swat.c:1018
-msgid " Re-typed password didn't match new password "
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
msgstr " Tekrar girilen ifre yeni ifre ile elemedi\n"
-#: ../web/swat.c:1048
+#: web/swat.c:812
#, c-format
-msgid " The passwd for '%s' has been changed."
-msgstr " '%s' i輅n ifre deitirildi."
+msgid " The passwd for '%s' has been changed. \n"
+msgstr " '%s' i輅n ifre deitirildi. \n"
-#: ../web/swat.c:1051
+#: web/swat.c:814
#, c-format
-msgid " The passwd for '%s' has NOT been changed."
-msgstr " '%s' i輅n ifre DEミン゙TンRンLMEDン."
+msgid " The passwd for '%s' has NOT been changed. \n"
+msgstr " '%s' i輅n ifre DEミン゙TンRンLMEDン. \n"
-#: ../web/swat.c:1076
+#: web/swat.c:838
msgid "Server Password Management"
msgstr "Sunucu ゙ifre Ynetimi"
#.
#. * Create all the dialog boxes for data collection
#.
-#: ../web/swat.c:1085 ../web/swat.c:1132
-msgid "User Name"
-msgstr " Kullanc Ad"
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr " Kullanc Ad : "
-#: ../web/swat.c:1088 ../web/swat.c:1134
-msgid "Old Password"
-msgstr " Eski ゙ifre"
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr " Eski ゙ifre : "
-#: ../web/swat.c:1091 ../web/swat.c:1136
-msgid "New Password"
-msgstr " Yeni ゙ifre"
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr " Yeni ゙ifre : "
-#: ../web/swat.c:1093 ../web/swat.c:1138
-msgid "Re-type New Password"
-msgstr " Yeni ゙ifre Tekrar"
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr " Yeni ゙ifre Tekrar : "
-#: ../web/swat.c:1101 ../web/swat.c:1149
+#: web/swat.c:863 web/swat.c:911
msgid "Change Password"
msgstr "゙ifre Deitir"
-#: ../web/swat.c:1104
+#: web/swat.c:866
msgid "Add New User"
msgstr "Kull. Ekle"
-#: ../web/swat.c:1106
+#: web/swat.c:868
msgid "Delete User"
msgstr "Kull. Sil"
-#: ../web/swat.c:1108
+#: web/swat.c:870
msgid "Disable User"
msgstr "Kull. Etkisizletir"
-#: ../web/swat.c:1110
+#: web/swat.c:872
msgid "Enable User"
msgstr "Kull. Etkinletir"
-#: ../web/swat.c:1123
+#: web/swat.c:885
msgid "Client/Server Password Management"
msgstr "ンstemci/Sunucu ゙ifre Ynetimi"
-#: ../web/swat.c:1140
-msgid "Remote Machine"
-msgstr " Uzak Makina"
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr " Uzak Makina : "
-#: ../web/swat.c:1179
+#: web/swat.c:940
msgid "Printer Parameters"
msgstr "Yazc Bilgileri"
-#: ../web/swat.c:1181
+#: web/swat.c:942
msgid "Important Note:"
-msgstr "ヨnemli Not:"
+msgstr "ヨnemli Not: "
-#: ../web/swat.c:1182
+#: web/swat.c:943
msgid "Printer names marked with [*] in the Choose Printer drop-down box "
msgstr "Yazc Se kutusunda [*] ile iaretlenmi yazc isimleri "
-#: ../web/swat.c:1183
+#: web/swat.c:944
msgid "are autoloaded printers from "
msgstr "otomatik yklenen yazclar "
-#: ../web/swat.c:1184
+#: web/swat.c:945
msgid "Printcap Name"
msgstr "Printcap Ad"
-#: ../web/swat.c:1185
-msgid "Attempting to delete these printers from SWAT will have no effect."
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
msgstr "Bu yazclar SWAT'dan silmek etkisiz olacaktr.\n"
-#: ../web/swat.c:1231
+#: web/swat.c:980
msgid "Choose Printer"
msgstr "Yazc Se"
-#: ../web/swat.c:1250
+#: web/swat.c:999
msgid "Delete Printer"
msgstr "Yazc Sil"
-#: ../web/swat.c:1257
+#: web/swat.c:1006
msgid "Create Printer"
msgstr "Yazc Olutur"
-#: ../web/statuspage.c:123
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr "HERKESE_AヌIK"
+
+#: web/statuspage.c:41
+msgid "DENY_ALL "
+msgstr "HERKESン_REDDET "
+
+#: web/statuspage.c:42
+msgid "DENY_DOS "
+msgstr "DOSU_REDDET "
+
+#: web/statuspage.c:43
+msgid "DENY_READ "
+msgstr "OKU_REDDET "
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr "YAZ_REDDET "
+
+#: web/statuspage.c:50
msgid "RDONLY "
msgstr "SALTOKUNUR "
-#: ../web/statuspage.c:124
+#: web/statuspage.c:51
msgid "WRONLY "
msgstr "SALTYAZILIR "
-#: ../web/statuspage.c:125
+#: web/statuspage.c:52
msgid "RDWR "
msgstr "O/Y "
-#: ../web/statuspage.c:309
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr "゙AHSン+TOPTAN "
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE "
+msgstr "゙AHSン "
+
+#: web/statuspage.c:64
+msgid "BATCH "
+msgstr "TOPTAN "
+
+#: web/statuspage.c:66
+msgid "LEVEL_II "
+msgstr "SEVンYE_II "
+
+#: web/statuspage.c:68
+msgid "NONE "
+msgstr "Hンヌ "
+
+#: web/statuspage.c:195
msgid "Server Status"
msgstr "Sunucu Durumu"
-#: ../web/statuspage.c:314
+#: web/statuspage.c:200
msgid "Auto Refresh"
msgstr "Oto Tazele"
-#: ../web/statuspage.c:315 ../web/statuspage.c:320
+#: web/statuspage.c:201 web/statuspage.c:206
msgid "Refresh Interval: "
msgstr "Tazeleme Aral: "
-#: ../web/statuspage.c:319
+#: web/statuspage.c:205
msgid "Stop Refreshing"
msgstr "Tazelemeyi Durdur"
-#: ../web/statuspage.c:334
+#: web/statuspage.c:220
msgid "version:"
msgstr "srm:"
-#: ../web/statuspage.c:337
+#: web/statuspage.c:223
msgid "smbd:"
msgstr "smbd:"
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "running"
msgstr "軋lyor"
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: web/statuspage.c:223 web/statuspage.c:235
msgid "not running"
msgstr "軋lmyor"
-#: ../web/statuspage.c:341
+#: web/statuspage.c:226
msgid "Stop smbd"
msgstr "Smbd'yi durdur"
-#: ../web/statuspage.c:343
+#: web/statuspage.c:228
msgid "Start smbd"
msgstr "Smbd'yi 軋ltr"
-#: ../web/statuspage.c:345
+#: web/statuspage.c:230
msgid "Restart smbd"
msgstr "Smbd'yi yeniden 軋ltr"
-#: ../web/statuspage.c:350
+#: web/statuspage.c:235
msgid "nmbd:"
msgstr "nmbd:"
-#: ../web/statuspage.c:354
+#: web/statuspage.c:238
msgid "Stop nmbd"
msgstr "Nmbd'yi durdur"
-#: ../web/statuspage.c:356
+#: web/statuspage.c:240
msgid "Start nmbd"
msgstr "Nmbd'yi 軋ltr"
-#: ../web/statuspage.c:358
+#: web/statuspage.c:242
msgid "Restart nmbd"
msgstr "Nmbd'yi yeniden 軋ltr"
-#: ../web/statuspage.c:364
-msgid "winbindd:"
-msgstr "winbind uid"
-
-#: ../web/statuspage.c:368
-msgid "Stop winbindd"
-msgstr "Nmbd'yi durdur"
-
-#: ../web/statuspage.c:370
-msgid "Start winbindd"
-msgstr "Nmbd'yi 軋ltr"
-
-#: ../web/statuspage.c:372
-msgid "Restart winbindd"
-msgstr "Nmbd'yi yeniden 軋ltr"
-
-#. stop, restart all
-#: ../web/statuspage.c:381
-msgid "Stop All"
-msgstr ""
-
-#: ../web/statuspage.c:382
-msgid "Restart All"
-msgstr "Nmbd'yi yeniden 軋ltr"
-
-#. start all
-#: ../web/statuspage.c:386
-msgid "Start All"
-msgstr "Nmbd'yi 軋ltr"
-
-#: ../web/statuspage.c:393
+#: web/statuspage.c:249
msgid "Active Connections"
msgstr "Aktif Balantlar"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "PID"
msgstr "PID"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408
+#: web/statuspage.c:251 web/statuspage.c:264
msgid "Client"
msgstr "ンstemci"
-#: ../web/statuspage.c:395
+#: web/statuspage.c:251
msgid "IP address"
msgstr "IP numaras"
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
msgid "Date"
msgstr "Tarih"
-#: ../web/statuspage.c:397
+#: web/statuspage.c:253
msgid "Kill"
msgstr "Kapat"
-#: ../web/statuspage.c:405
+#: web/statuspage.c:261
msgid "Active Shares"
msgstr "Aktif Paylamlar"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Share"
msgstr "Paylam"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "User"
msgstr "Kullanc"
-#: ../web/statuspage.c:408
+#: web/statuspage.c:264
msgid "Group"
msgstr "Grup"
-#: ../web/statuspage.c:414
+#: web/statuspage.c:270
msgid "Open Files"
msgstr "Ak Dosyalar"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Sharing"
msgstr "Paylalyor"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "R/W"
msgstr "O/Y"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "Oplock"
msgstr "Oplock"
-#: ../web/statuspage.c:416
+#: web/statuspage.c:272
msgid "File"
msgstr "Dosya"
-#: ../web/statuspage.c:425
-msgid "Show Client in col 1"
-msgstr ""
-
-#: ../web/statuspage.c:426
-msgid "Show PID in col 1"
-msgstr ""
-
-#: ../param/loadparm.c:755
+#: param/loadparm.c:641
msgid "Base Options"
msgstr "Temel Se軻nekler"
-#: ../param/loadparm.c:775
+#: param/loadparm.c:643
+msgid "dos charset"
+msgstr "dos karakter kmesi"
+
+#: param/loadparm.c:644
+msgid "unix charset"
+msgstr "unix karakter kmesi"
+
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr "karakter kmesini gster"
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr "aklama"
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr "yol"
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr "dizin"
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr "軋lma grubu"
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr "netbios ad"
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr "netbios rumuzlar"
+
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr "netbios kapsam"
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr "sunucu dizgesi"
+
+#: param/loadparm.c:654
+msgid "interfaces"
+msgstr "arayzler"
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr "yalnzca arayzleri bala"
+
+#: param/loadparm.c:657
msgid "Security Options"
msgstr "Gvenlik Se軻nekleri"
-#: ../param/loadparm.c:859
+#: param/loadparm.c:659
+msgid "security"
+msgstr "gvenlik"
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr "ifreyi ifrele "
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr "ifrelenmi gncelle"
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr "gvenli alanlara izin ver"
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr "baka izinler"
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr "hosts edeerlisi"
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr "en ksa ifre uzunluu"
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr "en ksa ifre uzunluu"
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr "guest (misafir) kullancya ele"
+
+#: param/loadparm.c:668
+msgid "null passwords"
+msgstr "bo ifreler"
+
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
+msgstr "pam kstlamalarna uy"
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr "ifre sunucusu"
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr "smb ifre dosyas"
+
+#: param/loadparm.c:672
+msgid "private dir"
+msgstr "zel dizin"
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr "ifre veritaban modl yolu"
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr "kk dizin"
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr "kk dizin"
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr "kk"
+
+#: param/loadparm.c:678
+msgid "pam password change"
+msgstr "pam ifre deiiklii"
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr "ifre yazlm"
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr "ifre diyalou"
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr "ifre diyalog hata ayklamas"
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr "kullanc ad elemesi"
+
+#: param/loadparm.c:683
+msgid "password level"
+msgstr "ifre seviyesi"
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr "kullanc kimlii seviyesi"
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr "unix ifre senkronizasyonu"
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr "anonim eriimi kstla"
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr "lanman auth"
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr "ntlm auth"
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr "dz metinden smbpasswd'e"
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr "rhosts kullan"
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr "kullanc ad"
+
+#: param/loadparm.c:693
+msgid "user"
+msgstr "kullanc"
+
+#: param/loadparm.c:694
+msgid "users"
+msgstr "kullanclar"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr "misafir hesap"
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr "ge軻rsiz kullanclar"
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr "ge軻rli kullanclar"
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr "ynetici kullanclar"
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr "okuma listesi"
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr "yazma listesi"
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr "yazc ynetimi"
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr "kullancy zorla"
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr "grubu zorla"
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr "grup"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr "salt okunur"
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr "yazma tamam"
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr "yazlabilir"
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr "yazlabilir"
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr "oluturma izinleri"
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr "oluturma kipi"
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr "oluturma kipini zorla"
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr "gvenlik izinleri"
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr "gvenlik kipini zorla"
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr "dizin izinleri"
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr "dizin kipi"
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr "dizin kipini zorla"
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr "dizin gvenlik izinleri"
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr "dizin gvenlik kipini zorla"
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr "izinleri ebeveynden al"
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr "yalnz misafir"
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr "yalnz misafir"
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr "misafir tamam"
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr "genel"
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr "salt kullanc"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr "hosts izinli"
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr "hosts izinli"
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr "hosts izinsiz"
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr "hosts izinsiz"
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "Gvenli Soket Katman Se軻nekleri"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr "ssl"
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr "ssl hosts"
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr "ssl hosts istifa"
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr "ssl CA sertifika dizini"
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr "ssl CA sertifika dosyas"
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr "ssl sunucu sertifikas"
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr "ssl sunucu anahtar"
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr "ssl istemci sertifikas"
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr "ssl istemci anahtar"
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr "ssl istemci sertifikas iste"
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr "ssl sunucu sertifikas iste"
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr "ssl ifreleri"
+
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr "ssl srm"
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr "ssl uyumluluu"
+
+#: param/loadparm.c:754
msgid "Logging Options"
msgstr "Gnlk Kayd Se軻nekleri"
-#: ../param/loadparm.c:874
+#: param/loadparm.c:755
+msgid "log level"
+msgstr "gnlk seviyesi"
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr "hata ayklama seviyesi"
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr "sistem gnl"
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr "salt sistem gnl"
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr "gnlk dosyas"
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr "maksimum gnlk bykl"
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr "zaman damgas gnlkleri"
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr "hata ayklama zaman damgas"
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr "hata ayklama yksek 銹znrlkl zaman damgas"
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr "hata ayklama pid"
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr "hata ayklama uid"
+
+#: param/loadparm.c:768
msgid "Protocol Options"
msgstr "Protokol Se軻nekleri"
-#: ../param/loadparm.c:911
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr "protokol"
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr "byk oku/yaz"
+
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr "max protokol"
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr "min protokol"
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr "unicode"
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr "bmpx oku"
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr "ham oku"
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr "ham yaz"
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr "nt smb destei"
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr "nt verihatt destei"
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr "nt acl destei"
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr "srm bildir"
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr "bildir"
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr "maksimum mux"
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr "maksimum xmit"
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr "ad 銹zmleme sras"
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr "maksimum paket"
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr "paket bykl"
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr "maksimum ttl"
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr "maksimum wins ttl"
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr "minimum wins ttl"
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr "zaman sunucusu"
+
+#: param/loadparm.c:795
msgid "Tuning Options"
msgstr "Ayar Se軻nekleri"
-#: ../param/loadparm.c:940
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr "zamanam bildirmesini deitir"
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr "lzaman"
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr "getwd arabellei"
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr "hayattatut"
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr "lpq arabellek zaman"
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr "maksimum smbd sreci"
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr "maksimum balant"
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr "yksek dereceli sunucu gvenlii"
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr "maksimum disk bykl"
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr "maksimum ak dosya"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr "minimum yazma alan"
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr "okuma boyu"
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr "soket se軻nekleri"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr "durum arabellei boyu"
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr "sk ayrma"
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr "sk senkronizasyon"
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr "herzaman senkronize"
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr "bellek elemesi kullan"
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr "sunucu ad arama"
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr "yazma arabellek boyu"
+
+#: param/loadparm.c:820
msgid "Printing Options"
msgstr "Yazdrma Se軻nekleri"
-#: ../param/loadparm.c:970
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr "toplam yazdrma ileri"
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr "maksimum yazdrma ii"
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr "yazclar ykle"
+
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr "printcap ad"
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr "printcap"
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr "yazdrlabilir"
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr "yazdrma tamam"
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr "postscript"
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr "yazdryor"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr "yazdrma komutu"
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr "kuyruu etkisizletir"
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr "lpq komutu"
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr "lprm komutu"
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr "lppause komutu"
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr "lpresume komutu"
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr "queuepause komutu"
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr "queueresume komutu"
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr "port listele komutu"
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr "yazc ekle komutu"
+
+#: param/loadparm.c:842
+msgid "deleteprinter command"
+msgstr "yazc sil komutu"
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr "yazc ekleme sihirbazn gster"
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr "os2 src elemesi"
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr "yazc ad"
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr "yazc"
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr "istemci srcs kullan"
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr "yazc srcs"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr "yazc src dosyas"
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr "yazc srcs yeri"
+
+#: param/loadparm.c:853
msgid "Filename Handling"
msgstr "Dosyaad ンlenmesi"
-#: ../param/loadparm.c:996
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr "noktalar bastr"
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr "kartrlm yt"
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr "ntanml byk/k錮k harf"
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr "byk k錮k harfe duyarl"
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr "casesignames"
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr "byk k錮k harf ayrmn tut"
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr "ksa byk k錮k harf ayrmn tut"
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr "byk k錮k harf harmanla"
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr "karakter harmanlanyor"
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr "nokta ile balayan dosyalar gizle"
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr "okunamazlar sakla"
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr "veto dosyalarn sil"
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr "veto dosyalar"
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr "dosyalar gizle"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr "veto oplock dosyalar"
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr "sistemi ele"
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr "gizlileri ele"
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr "arivi ele"
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr "harmanlanm isimler"
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr "harmanlanm eleme"
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr "durum arabellei"
+
+#: param/loadparm.c:877
msgid "Domain Options"
msgstr "Alan Se軻nekleri"
-#: ../param/loadparm.c:1000
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr "alan ynetici grubu"
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr "alan misafir grubu"
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr "grup ad elemesi"
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr "makina ifresi zamanam"
+
+#: param/loadparm.c:888
msgid "Logon Options"
msgstr "Sistem Giri Se軻nekleri"
-#: ../param/loadparm.c:1019
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr "kullanc ekleme betii"
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr "kullanc silme betii"
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr "grup ekleme betii"
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr "grup silme betii"
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr "gruba kullanc ekleme betii"
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr "gruptan kullanc silme betii"
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr "makina ekleme betii"
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr "sistem kapan betii"
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr "sistem kapan betiini durdur"
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr "sistem giri betii"
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr "sistem giri yolu"
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr "sistem giri aygt"
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr "sistem giri kk"
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr "alan girileri"
+
+#: param/loadparm.c:906
msgid "Browse Options"
msgstr "Gzatma Se軻nekleri"
-#: ../param/loadparm.c:1033
+#: param/loadparm.c:908
+msgid "os level"
+msgstr "iletim sistem seviyesi"
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr "lm bildirimi"
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr "lm aral"
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr "tercih edilen ana alan sunucusu"
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr "tercih edilen ana alan sunucusu"
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr "yerel alan sunucusu"
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr "alan sunucusu"
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr "gzatma listesi"
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr "gzatlabilir"
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr "gzatlabilir"
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr "gelikin gzatma"
+
+#: param/loadparm.c:920
msgid "WINS Options"
msgstr "WINS Se軻nekleri"
-#: ../param/loadparm.c:1043
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr "dns proxy"
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr "wins proxy"
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr "wins sunucusu"
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr "wins destei"
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr "wins girii"
+
+#: param/loadparm.c:928
msgid "Locking Options"
msgstr "Kilitleme Se軻nekleri"
-#: ../param/loadparm.c:1061
+#: param/loadparm.c:930
+msgid "blocking locks"
+msgstr "engelleyen kilitler"
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr "sahte oplocklar"
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr "軻kirdek oplocklar"
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr "kilitliyor"
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr "oplocklar"
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr "Seviye 2 oplocklar"
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr "oplock krma bekleme sresi"
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr "oplock ihtilaf limiti"
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr "posix kilitlemesi"
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr "sk kilitleme"
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr "paylam kipleri"
+
+#: param/loadparm.c:944
msgid "Ldap Options"
msgstr "Ldap Se軻nekleri"
-#: ../param/loadparm.c:1078
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr "ldap sunucusu"
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr "ldap portu"
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr "ldap soneki"
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr "ldap filtresi"
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr "ldap kk"
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr "ldap kk ifresi"
+
+#: param/loadparm.c:954
msgid "Miscellaneous Options"
msgstr "Dier Se軻nekler"
-#: ../param/loadparm.c:1138
-msgid "VFS module options"
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr "paylam ekle komutu"
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr "paylam deitir komutu"
+
+#: param/loadparm.c:957
+msgid "delete share command"
+msgstr "paylam sil komutu"
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr "ayar dosyas"
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr "nykle"
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr "otomatik servisler"
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr "kilit dizini"
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr "kilit dizini"
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr "utmp dizini"
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr "wtmp dizini"
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr "utmp"
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr "ntanml servis"
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr "ntanml"
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr "ileti komutu"
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr "dfree komutu"
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr "uzak bildirim"
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr "uzak gzatma senkronizasyonu"
+
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr "soket adresi"
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr "evdizini elemesi"
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr "zaman kaydrmas"
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr "NIS evdizini"
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr "-ge軻rli"
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr "kopyala"
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr "ekle"
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr "軋ltr"
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr "preexec"
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr "preexec close"
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr "postexec"
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr "root preexec"
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr "root preexec close"
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr "root postexec"
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr "mevcut"
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr "volume"
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr "dosya sistem tipi"
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr "dizini belirle"
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr "source environment"
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr "wide links"
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr "sembolik balar izle"
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr "dont descend"
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr "magic script"
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr "magic output"
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr "salt okunurlar sil"
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr "dos dosya kipi"
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr "dos dosya zamanlar"
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr "dos dosya zaman 銹znrl"
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr "dizin oluma zamanlarn taklit et"
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr "panik ilemi"
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr "yerel kullanclar sakla"
+
+#: param/loadparm.c:1012
+msgid "VFS options"
msgstr "VFS Se軻nekleri"
-#: ../param/loadparm.c:1148
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr "vfs nesnesi"
+
+#: param/loadparm.c:1015
+msgid "vfs options"
+msgstr "vfs se軻nekleri"
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr "msdfs kk"
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr "host msdfs"
+
+#: param/loadparm.c:1021
msgid "Winbind options"
msgstr "Winbind se軻nekleri"
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr "winbind uid"
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr "winbind gid"
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr "rnek ev dizini"
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr "rnek kabuk"
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr "winbind ayrac"
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr "winbind arabellek zaman"
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr "winbind kullanc listele"
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr "winbind grup listele"
+
diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c
index 9c95cf90856..868f68c0798 100644
--- a/source/printing/nt_printing.c
+++ b/source/printing/nt_printing.c
@@ -4572,7 +4572,7 @@ WERROR nt_printing_setsec(const char *printername, SEC_DESC_BUF *secdesc_ctr)
/* Make a deep copy of the security descriptor */
- psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision, secdesc_ctr->sec->type,
+ psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision,
owner_sid, group_sid,
sacl,
dacl,
@@ -4665,7 +4665,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
NT5 machine. */
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) != NULL) {
- psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
+ psd = make_sec_desc(ctx, SEC_DESC_REVISION,
&owner_sid, NULL,
NULL, psa, &sd_size);
}
@@ -4741,7 +4741,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *printername, SEC_DESC_BUF *
sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
- psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision, (*secdesc_ctr)->sec->type,
+ psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision,
&owner_sid,
(*secdesc_ctr)->sec->grp_sid,
(*secdesc_ctr)->sec->sacl,
diff --git a/source/python/py_ntsec.c b/source/python/py_ntsec.c
index 5ce5e8fc1be..3d408e0bda2 100644
--- a/source/python/py_ntsec.c
+++ b/source/python/py_ntsec.c
@@ -276,7 +276,7 @@ BOOL py_to_SECDESC(SEC_DESC **sd, PyObject *dict, TALLOC_CTX *mem_ctx)
{
size_t sd_size;
- *sd = make_sec_desc(mem_ctx, revision, SEC_DESC_SELF_RELATIVE,
+ *sd = make_sec_desc(mem_ctx, revision,
got_owner_sid ? &owner_sid : NULL,
got_group_sid ? &group_sid : NULL,
got_sacl ? &sacl : NULL,
diff --git a/source/python/py_spoolss_forms.c b/source/python/py_spoolss_forms.c
index 66a6540e074..ef9ed94533a 100644
--- a/source/python/py_spoolss_forms.c
+++ b/source/python/py_spoolss_forms.c
@@ -59,7 +59,7 @@ PyObject *spoolss_hnd_addform(PyObject *self, PyObject *args, PyObject *kw)
PyObject *obj = PyDict_GetItemString(info, "name");
char *form_name = PyString_AsString(obj);
- init_unistr2(&form.name, form_name, UNI_STR_TERMINATE);
+ init_unistr2(&form.name, form_name, strlen(form_name) + 1);
break;
}
default:
diff --git a/source/python/py_spoolss_forms_conv.c b/source/python/py_spoolss_forms_conv.c
index ede729cad33..095a318fd24 100644
--- a/source/python/py_spoolss_forms_conv.c
+++ b/source/python/py_spoolss_forms_conv.c
@@ -81,7 +81,7 @@ BOOL py_to_FORM(FORM *form, PyObject *dict)
obj = PyDict_GetItemString(dict, "name");
name = PyString_AsString(obj);
- init_unistr2(&form->name, name, UNI_STR_TERMINATE);
+ init_unistr2(&form->name, name, strlen(name) + 1);
result = True;
diff --git a/source/registry/reg_printing.c b/source/registry/reg_printing.c
index e50a5f4d4fd..50ac81dcbb2 100644
--- a/source/registry/reg_printing.c
+++ b/source/registry/reg_printing.c
@@ -288,32 +288,34 @@ static int print_subpath_values_environments( char *key, REGVAL_CTR *val )
info3 = driver_ctr.info_3;
filename = dos_basename( info3->driverpath );
- init_unistr2( &data, filename, UNI_STR_TERMINATE);
+ init_unistr2( &data, filename, strlen(filename)+1 );
regval_ctr_addvalue( val, "Driver", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
filename = dos_basename( info3->configfile );
- init_unistr2( &data, filename, UNI_STR_TERMINATE);
+ init_unistr2( &data, filename, strlen(filename)+1 );
regval_ctr_addvalue( val, "Configuration File", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
filename = dos_basename( info3->datafile );
- init_unistr2( &data, filename, UNI_STR_TERMINATE);
+ init_unistr2( &data, filename, strlen(filename)+1 );
regval_ctr_addvalue( val, "Data File", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
filename = dos_basename( info3->helpfile );
- init_unistr2( &data, filename, UNI_STR_TERMINATE);
+ init_unistr2( &data, filename, strlen(filename)+1 );
regval_ctr_addvalue( val, "Help File", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
- init_unistr2( &data, info3->defaultdatatype, UNI_STR_TERMINATE);
+ init_unistr2( &data, info3->defaultdatatype, strlen(info3->defaultdatatype)+1 );
regval_ctr_addvalue( val, "Data Type", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
regval_ctr_addvalue( val, "Version", REG_DWORD, (char*)&info3->cversion, sizeof(info3->cversion) );
- if ( info3->dependentfiles ) {
+ if ( info3->dependentfiles )
+ {
/* place the list of dependent files in a single
character buffer, separating each file name by
a NULL */
- for ( i=0; strcmp(info3->dependentfiles[i], ""); i++ ) {
+ for ( i=0; strcmp(info3->dependentfiles[i], ""); i++ )
+ {
/* strip the path to only the file's base name */
filename = dos_basename( info3->dependentfiles[i] );
@@ -325,7 +327,7 @@ static int print_subpath_values_environments( char *key, REGVAL_CTR *val )
break;
buffer = buffer2;
- init_unistr2( &data, filename, UNI_STR_TERMINATE);
+ init_unistr2( &data, filename, length+1 );
memcpy( buffer+buffer_size, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
buffer_size += (length + 1)*sizeof(uint16);
@@ -337,7 +339,8 @@ static int print_subpath_values_environments( char *key, REGVAL_CTR *val )
if ( !buffer2 ) {
SAFE_FREE( buffer );
buffer_size = 0;
- } else {
+ }
+ else {
buffer = buffer2;
buffer[buffer_size++] = '\0';
buffer[buffer_size++] = '\0';
@@ -570,25 +573,25 @@ static int print_subpath_values_printers( char *key, REGVAL_CTR *val )
regval_ctr_addvalue( val, "cjobs", REG_DWORD, (char*)&info2->cjobs, sizeof(info2->cjobs) );
regval_ctr_addvalue( val, "AveragePPM", REG_DWORD, (char*)&info2->averageppm, sizeof(info2->averageppm) );
- init_unistr2( &data, info2->printername, UNI_STR_TERMINATE);
+ init_unistr2( &data, info2->printername, strlen(info2->printername)+1 );
regval_ctr_addvalue( val, "Name", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
- init_unistr2( &data, info2->location, UNI_STR_TERMINATE);
+ init_unistr2( &data, info2->location, strlen(info2->location)+1 );
regval_ctr_addvalue( val, "Location", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
- init_unistr2( &data, info2->comment, UNI_STR_TERMINATE);
+ init_unistr2( &data, info2->comment, strlen(info2->comment)+1 );
regval_ctr_addvalue( val, "Comment", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
- init_unistr2( &data, info2->parameters, UNI_STR_TERMINATE);
+ init_unistr2( &data, info2->parameters, strlen(info2->parameters)+1 );
regval_ctr_addvalue( val, "Parameters", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
- init_unistr2( &data, info2->portname, UNI_STR_TERMINATE);
+ init_unistr2( &data, info2->portname, strlen(info2->portname)+1 );
regval_ctr_addvalue( val, "Port", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
- init_unistr2( &data, info2->servername, UNI_STR_TERMINATE);
+ init_unistr2( &data, info2->servername, strlen(info2->servername)+1 );
regval_ctr_addvalue( val, "Server", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
- init_unistr2( &data, info2->sharename, UNI_STR_TERMINATE);
+ init_unistr2( &data, info2->sharename, strlen(info2->sharename)+1 );
regval_ctr_addvalue( val, "Share", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
- init_unistr2( &data, info2->drivername, UNI_STR_TERMINATE);
+ init_unistr2( &data, info2->drivername, strlen(info2->drivername)+1 );
regval_ctr_addvalue( val, "Driver", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
- init_unistr2( &data, info2->sepfile, UNI_STR_TERMINATE);
+ init_unistr2( &data, info2->sepfile, strlen(info2->sepfile)+1 );
regval_ctr_addvalue( val, "Separator File", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
- init_unistr2( &data, "winprint", UNI_STR_TERMINATE);
+ init_unistr2( &data, "winprint", strlen("winprint")+1 );
regval_ctr_addvalue( val, "Print Processor", REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c
index 65115419b47..db873236e46 100644
--- a/source/rpc_client/cli_lsarpc.c
+++ b/source/rpc_client/cli_lsarpc.c
@@ -1035,9 +1035,9 @@ NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx,
}
for (i=0; i<r.count; i++) {
- (*set)[i].luid.low = r.set->set[i].luid.low;
- (*set)[i].luid.high = r.set->set[i].luid.high;
- (*set)[i].attr = r.set->set[i].attr;
+ (*set)[i].luid.low = r.set.set[i].luid.low;
+ (*set)[i].luid.high = r.set.set[i].luid.high;
+ (*set)[i].attr = r.set.set[i].attr;
}
*count=r.count;
diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index 9ce10202dbe..dedbf017a93 100644
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -29,9 +29,7 @@
extern struct pipe_id_info pipe_names[];
-/* convert pipe auth flags into the RPC auth type and level */
-
-void get_auth_type_level(int pipe_auth_flags, int *auth_type, int *auth_level)
+static void get_auth_type_level(int pipe_auth_flags, int *auth_type, int *auth_level)
{
*auth_type = 0;
*auth_level = 0;
@@ -940,6 +938,7 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
uint32 data_len, send_size;
uint8 flags = 0;
uint32 auth_padding = 0;
+ RPC_AUTH_NETSEC_CHK verf;
DATA_BLOB sign_blob;
/*
@@ -1023,10 +1022,14 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
}
else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
+ static const uchar netsec_sig[8] = NETSEC_SIGNATURE;
+ static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 };
size_t parse_offset_marker;
- RPC_AUTH_NETSEC_CHK verf;
DEBUG(10,("SCHANNEL seq_num=%d\n", cli->auth_info.seq_num));
+ init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes,
+ nullbytes, nullbytes);
+
netsec_encode(&cli->auth_info,
cli->pipe_auth_flags,
SENDER_IS_INITIATOR,
@@ -1274,10 +1277,8 @@ static BOOL rpc_send_auth_reply(struct cli_state *cli, prs_struct *rdata, uint32
prs_init(&rpc_out, RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN, /* need at least this much */
cli->mem_ctx, MARSHALL);
- if (!NT_STATUS_IS_OK(create_rpc_bind_resp(cli, rpc_call_id,
- &rpc_out))) {
- return False;
- }
+ create_rpc_bind_resp(cli, rpc_call_id,
+ &rpc_out);
if ((ret = cli_write(cli, cli->nt_pipe_fnum, 0x8, prs_data_p(&rpc_out),
0, (size_t)prs_offset(&rpc_out))) != (ssize_t)prs_offset(&rpc_out)) {
@@ -1492,7 +1493,9 @@ NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan,
const uchar trust_password[16])
{
NTSTATUS result;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ /* The 7 here seems to be required to get Win2k not to downgrade us
+ to NT4. Actually, anything other than 1ff would seem to do... */
+ uint32 neg_flags = 0x000701ff;
int fnum;
cli_nt_netlogon_netsec_session_close(cli);
@@ -1581,11 +1584,13 @@ NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan,
}
-NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan, int auth_flags,
+NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan,
const uchar trust_password[16])
{
NTSTATUS result;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ /* The 7 here seems to be required to get Win2k not to downgrade us
+ to NT4. Actually, anything other than 1ff would seem to do... */
+ uint32 neg_flags = 0x000701ff;
cli->pipe_auth_flags = 0;
if (lp_client_schannel() == False) {
@@ -1627,7 +1632,7 @@ NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan, int auth_flags
cli->nt_pipe_fnum = 0;
/* doing schannel, not per-user auth */
- cli->pipe_auth_flags = auth_flags;
+ cli->pipe_auth_flags = AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL;
return NT_STATUS_OK;
}
diff --git a/source/rpc_client/cli_srvsvc.c b/source/rpc_client/cli_srvsvc.c
index 555703cf4d8..27349b72957 100644
--- a/source/rpc_client/cli_srvsvc.c
+++ b/source/rpc_client/cli_srvsvc.c
@@ -138,11 +138,11 @@ WERROR cli_srvsvc_net_share_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx,
s = unistr2_tdup(mem_ctx, &r.ctr.share.info1[i].info_1_str.uni_netname);
if (s)
- init_unistr2(&info1->info_1_str.uni_netname, s, UNI_STR_TERMINATE);
+ init_unistr2(&info1->info_1_str.uni_netname, s, strlen(s) + 1);
s = unistr2_tdup(mem_ctx, &r.ctr.share.info1[i].info_1_str.uni_remark);
if (s)
- init_unistr2(&info1->info_1_str.uni_remark, s, UNI_STR_TERMINATE);
+ init_unistr2(&info1->info_1_str.uni_remark, s, strlen(s) + 1);
}
@@ -166,19 +166,19 @@ WERROR cli_srvsvc_net_share_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx,
s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_netname);
if (s)
- init_unistr2(&info2->info_2_str.uni_netname, s, UNI_STR_TERMINATE);
+ init_unistr2(&info2->info_2_str.uni_netname, s, strlen(s) + 1);
s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_remark);
if (s)
- init_unistr2(&info2->info_2_str.uni_remark, s, UNI_STR_TERMINATE);
+ init_unistr2(&info2->info_2_str.uni_remark, s, strlen(s) + 1);
s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_path);
if (s)
- init_unistr2(&info2->info_2_str.uni_path, s, UNI_STR_TERMINATE);
+ init_unistr2(&info2->info_2_str.uni_path, s, strlen(s) + 1);
s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_passwd);
if (s)
- init_unistr2(&info2->info_2_str.uni_passwd, s, UNI_STR_TERMINATE);
+ init_unistr2(&info2->info_2_str.uni_passwd, s, strlen(s) + 1);
}
break;
}
@@ -385,11 +385,11 @@ WERROR cli_srvsvc_net_file_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx,
s = unistr2_tdup(mem_ctx, &r.ctr.file.info3[i].info_3_str.uni_path_name);
if (s)
- init_unistr2(&info3->info_3_str.uni_path_name, s, UNI_STR_TERMINATE);
+ init_unistr2(&info3->info_3_str.uni_path_name, s, strlen(s) + 1);
s = unistr2_tdup(mem_ctx, &r.ctr.file.info3[i].info_3_str.uni_user_name);
if (s)
- init_unistr2(&info3->info_3_str.uni_user_name, s, UNI_STR_TERMINATE);
+ init_unistr2(&info3->info_3_str.uni_user_name, s, strlen(s) + 1);
}
diff --git a/source/rpc_parse/parse_dfs.c b/source/rpc_parse/parse_dfs.c
index 0d0ce557b22..6f13500359f 100644
--- a/source/rpc_parse/parse_dfs.c
+++ b/source/rpc_parse/parse_dfs.c
@@ -80,9 +80,9 @@ BOOL init_dfs_q_dfs_remove(DFS_Q_DFS_REMOVE *q_d, const char *entrypath,
const char *servername, const char *sharename)
{
DEBUG(5,("init_dfs_q_dfs_remove\n"));
- init_unistr2(&q_d->DfsEntryPath, entrypath, UNI_STR_TERMINATE);
- init_unistr2(&q_d->ServerName, servername, UNI_STR_TERMINATE);
- init_unistr2(&q_d->ShareName, sharename, UNI_STR_TERMINATE);
+ init_unistr2(&q_d->DfsEntryPath, entrypath, strlen(entrypath)+1);
+ init_unistr2(&q_d->ServerName, servername, strlen(servername)+1);
+ init_unistr2(&q_d->ShareName, sharename, strlen(sharename)+1);
q_d->ptr_ServerName = q_d->ptr_ShareName = 1;
return True;
}
@@ -155,11 +155,11 @@ BOOL init_dfs_q_dfs_add(DFS_Q_DFS_ADD *q_d, const char *entrypath,
{
DEBUG(5,("init_dfs_q_dfs_add\n"));
q_d->ptr_DfsEntryPath = q_d->ptr_ServerName = q_d->ptr_ShareName = 1;
- init_unistr2(&q_d->DfsEntryPath, entrypath, UNI_STR_TERMINATE);
- init_unistr2(&q_d->ServerName, servername, UNI_STR_TERMINATE);
- init_unistr2(&q_d->ShareName, sharename, UNI_STR_TERMINATE);
+ init_unistr2(&q_d->DfsEntryPath, entrypath, strlen(entrypath)+1);
+ init_unistr2(&q_d->ServerName, servername, strlen(servername)+1);
+ init_unistr2(&q_d->ShareName, sharename, strlen(sharename)+1);
if(comment != NULL) {
- init_unistr2(&q_d->Comment, comment,UNI_STR_TERMINATE);
+ init_unistr2(&q_d->Comment, comment, strlen(comment)+1);
q_d->ptr_Comment = 1;
} else {
q_d->ptr_Comment = 0;
@@ -237,9 +237,9 @@ BOOL init_dfs_q_dfs_get_info(DFS_Q_DFS_GET_INFO *q_d, const char *entrypath,
uint32 info_level)
{
DEBUG(5,("init_dfs_q2_get_info\n"));
- init_unistr2(&q_d->uni_path, entrypath, UNI_STR_TERMINATE);
- init_unistr2(&q_d->uni_server, servername, UNI_STR_TERMINATE);
- init_unistr2(&q_d->uni_share, sharename, UNI_STR_TERMINATE);
+ init_unistr2(&q_d->uni_path, entrypath, strlen(entrypath)+1);
+ init_unistr2(&q_d->uni_server, servername, strlen(servername)+1);
+ init_unistr2(&q_d->uni_share, sharename, strlen(sharename)+1);
q_d->level = info_level;
q_d->ptr_server = q_d->ptr_share = 1;
return True;
diff --git a/source/rpc_parse/parse_ds.c b/source/rpc_parse/parse_ds.c
index 26dcdb34b8b..f954806036b 100644
--- a/source/rpc_parse/parse_ds.c
+++ b/source/rpc_parse/parse_ds.c
@@ -138,6 +138,8 @@ BOOL ds_io_r_getprimdominfo( const char *desc, prs_struct *ps, int depth, DS_R_G
BOOL init_q_ds_enum_domain_trusts( DS_Q_ENUM_DOM_TRUSTS *q, const char *server,
uint32 flags )
{
+ int len;
+
q->flags = flags;
if ( server && *server )
@@ -145,7 +147,9 @@ BOOL init_q_ds_enum_domain_trusts( DS_Q_ENUM_DOM_TRUSTS *q, const char *server,
else
q->server_ptr = 0;
- init_unistr2( &q->server, server, UNI_STR_TERMINATE);
+ len = q->server_ptr ? strlen(server)+1 : 0;
+
+ init_unistr2( &q->server, server, len );
return True;
}
diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c
index f960345fe74..07b0da7e9c2 100644
--- a/source/rpc_parse/parse_lsa.c
+++ b/source/rpc_parse/parse_lsa.c
@@ -36,9 +36,14 @@ static BOOL lsa_io_trans_names(const char *desc, LSA_TRANS_NAME_ENUM *trn, prs_s
void init_lsa_trans_name(LSA_TRANS_NAME *trn, UNISTR2 *uni_name,
uint16 sid_name_use, const char *name, uint32 idx)
{
+ int len_name = strlen(name);
+
+ if(len_name == 0)
+ len_name = 1;
+
trn->sid_name_use = sid_name_use;
- init_unistr2(uni_name, name, UNI_FLAGS_NONE);
- init_uni_hdr(&trn->hdr_name, uni_name);
+ init_uni_hdr(&trn->hdr_name, len_name);
+ init_unistr2(uni_name, name, len_name);
trn->domain_idx = idx;
}
@@ -341,7 +346,8 @@ void init_q_open_pol2(LSA_Q_OPEN_POL2 *r_q, const char *server_name,
r_q->des_access = desired_access;
- init_unistr2(&r_q->uni_server_name, server_name, UNI_STR_TERMINATE);
+ init_unistr2(&r_q->uni_server_name, server_name,
+ strlen(server_name) + 1);
init_lsa_obj_attr(&r_q->attr, attributes, qos);
}
@@ -560,10 +566,10 @@ void init_r_enum_trust_dom(TALLOC_CTX *ctx, LSA_R_ENUM_TRUST_DOM *r_e, uint32 en
/* don't know what actually is this for */
r_e->ptr_enum_domains = 1;
+ init_uni_hdr2(&r_e->hdr_domain_name[i], strlen_w((td[i])->name));
init_dom_sid2(&r_e->domain_sid[i], &(td[i])->sid);
init_unistr2_w(ctx, &r_e->uni_domain_name[i], (td[i])->name);
- init_uni_hdr2(&r_e->hdr_domain_name[i], &r_e->uni_domain_name[i]);
};
}
@@ -1081,8 +1087,11 @@ void init_q_lookup_names(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_NAMES *q_l,
}
for (i = 0; i < num_names; i++) {
- init_unistr2(&q_l->uni_name[i], names[i], UNI_FLAGS_NONE);
- init_uni_hdr(&q_l->hdr_name[i], &q_l->uni_name[i]);
+ int len;
+ len = strlen(names[i]);
+
+ init_uni_hdr(&q_l->hdr_name[i], len);
+ init_unistr2(&q_l->uni_name[i], names[i], len);
}
}
@@ -1427,10 +1436,15 @@ BOOL lsa_io_r_enum_privs(const char *desc, LSA_R_ENUM_PRIVS *r_q, prs_struct *ps
void init_lsa_priv_get_dispname(LSA_Q_PRIV_GET_DISPNAME *trn, POLICY_HND *hnd, const char *name, uint16 lang_id, uint16 lang_id_sys)
{
+ int len_name = strlen(name);
+
+ if(len_name == 0)
+ len_name = 1;
+
memcpy(&trn->pol, hnd, sizeof(trn->pol));
- init_unistr2(&trn->name, name, UNI_FLAGS_NONE);
- init_uni_hdr(&trn->hdr_name, &trn->name);
+ init_uni_hdr(&trn->hdr_name, len_name);
+ init_unistr2(&trn->name, name, len_name);
trn->lang_id = lang_id;
trn->lang_id_sys = lang_id_sys;
}
@@ -1809,22 +1823,14 @@ static BOOL lsa_io_privilege_set(const char *desc, PRIVILEGE_SET *r_c, prs_struc
return True;
}
-NTSTATUS init_lsa_r_enum_privsaccount(TALLOC_CTX *mem_ctx, LSA_R_ENUMPRIVSACCOUNT *r_u, LUID_ATTR *set, uint32 count, uint32 control)
+void init_lsa_r_enum_privsaccount(LSA_R_ENUMPRIVSACCOUNT *r_u, LUID_ATTR *set, uint32 count, uint32 control)
{
- NTSTATUS ret = NT_STATUS_OK;
-
- r_u->ptr = 1;
- r_u->count = count;
-
- if (!NT_STATUS_IS_OK(ret = init_priv_with_ctx(mem_ctx, &(r_u->set))))
- return ret;
-
- if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(r_u->set->mem_ctx, &(r_u->set->set), set)))
- return ret;
-
- DEBUG(10,("init_lsa_r_enum_privsaccount: %d %d privileges\n", r_u->count, r_u->set->count));
-
- return ret;
+ r_u->ptr=1;
+ r_u->count=count;
+ r_u->set.set=set;
+ r_u->set.count=count;
+ r_u->set.control=control;
+ DEBUG(10,("init_lsa_r_enum_privsaccount: %d %d privileges\n", r_u->count, r_u->set.count));
}
/*******************************************************************
@@ -1848,16 +1854,13 @@ BOOL lsa_io_r_enum_privsaccount(const char *desc, LSA_R_ENUMPRIVSACCOUNT *r_c, p
/* malloc memory if unmarshalling here */
- if (UNMARSHALLING(ps) && r_c->count != 0) {
- if (!NT_STATUS_IS_OK(init_priv_with_ctx(ps->mem_ctx, &(r_c->set))))
- return False;
-
- if (!(r_c->set->set = (LUID_ATTR *)prs_alloc_mem(ps,sizeof(LUID_ATTR) * r_c->count)))
+ if (UNMARSHALLING(ps) && r_c->count!=0) {
+ if (!(r_c->set.set = (LUID_ATTR *)prs_alloc_mem(ps,sizeof(LUID_ATTR) * r_c->count)))
return False;
}
- if(!lsa_io_privilege_set(desc, r_c->set, ps, depth))
+ if(!lsa_io_privilege_set(desc, &r_c->set, ps, depth))
return False;
}
@@ -1951,9 +1954,14 @@ BOOL lsa_io_r_setsystemaccount(const char *desc, LSA_R_SETSYSTEMACCOUNT *r_c, p
void init_lsa_q_lookupprivvalue(LSA_Q_LOOKUPPRIVVALUE *trn, POLICY_HND *hnd, const char *name)
{
+ int len_name = strlen(name);
memcpy(&trn->pol, hnd, sizeof(trn->pol));
- init_unistr2(&trn->uni2_right, name, UNI_FLAGS_NONE);
- init_uni_hdr(&trn->hdr_right, &trn->uni2_right);
+
+ if(len_name == 0)
+ len_name = 1;
+
+ init_uni_hdr(&trn->hdr_right, len_name);
+ init_unistr2(&trn->uni2_right, name, len_name);
}
/*******************************************************************
@@ -2019,14 +2027,11 @@ BOOL lsa_io_q_addprivs(const char *desc, LSA_Q_ADDPRIVS *r_c, prs_struct *ps, in
return False;
if (UNMARSHALLING(ps) && r_c->count!=0) {
- if (!NT_STATUS_IS_OK(init_priv_with_ctx(ps->mem_ctx, &(r_c->set))))
- return False;
-
- if (!(r_c->set->set = (LUID_ATTR *)prs_alloc_mem(ps, sizeof(LUID_ATTR) * r_c->count)))
+ if (!(r_c->set.set = (LUID_ATTR *)prs_alloc_mem(ps,sizeof(LUID_ATTR) * r_c->count)))
return False;
}
- if(!lsa_io_privilege_set(desc, r_c->set, ps, depth))
+ if(!lsa_io_privilege_set(desc, &r_c->set, ps, depth))
return False;
return True;
@@ -2081,14 +2086,11 @@ BOOL lsa_io_q_removeprivs(const char *desc, LSA_Q_REMOVEPRIVS *r_c, prs_struct *
return False;
if (UNMARSHALLING(ps) && r_c->count!=0) {
- if (!NT_STATUS_IS_OK(init_priv_with_ctx(ps->mem_ctx, &(r_c->set))))
- return False;
-
- if (!(r_c->set->set = (LUID_ATTR *)prs_alloc_mem(ps, sizeof(LUID_ATTR) * r_c->count)))
+ if (!(r_c->set.set = (LUID_ATTR *)prs_alloc_mem(ps,sizeof(LUID_ATTR) * r_c->count)))
return False;
}
- if(!lsa_io_privilege_set(desc, r_c->set, ps, depth))
+ if(!lsa_io_privilege_set(desc, &r_c->set, ps, depth))
return False;
}
diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c
index e1825355320..17a96fff80c 100644
--- a/source/rpc_parse/parse_misc.c
+++ b/source/rpc_parse/parse_misc.c
@@ -361,11 +361,11 @@ BOOL smb_io_strhdr(const char *desc, STRHDR *hdr, prs_struct *ps, int depth)
Inits a UNIHDR structure.
********************************************************************/
-void init_uni_hdr(UNIHDR *hdr, UNISTR2 *str2)
+void init_uni_hdr(UNIHDR *hdr, int len)
{
- hdr->uni_str_len = 2 * (str2->uni_str_len);
- hdr->uni_max_len = 2 * (str2->uni_max_len);
- hdr->buffer = (str2->uni_str_len != 0) ? 1 : 0;
+ hdr->uni_str_len = 2 * len;
+ hdr->uni_max_len = 2 * len;
+ hdr->buffer = len != 0 ? 1 : 0;
}
/*******************************************************************
@@ -482,10 +482,10 @@ BOOL smb_io_hdrbuf(const char *desc, BUFHDR *hdr, prs_struct *ps, int depth)
creates a UNIHDR2 structure.
********************************************************************/
-void init_uni_hdr2(UNIHDR2 *hdr, UNISTR2 *str2)
+void init_uni_hdr2(UNIHDR2 *hdr, int len)
{
- init_uni_hdr(&hdr->unihdr, str2);
- hdr->buffer = (str2->uni_str_len > 0) ? 1 : 0;
+ init_uni_hdr(&hdr->unihdr, len);
+ hdr->buffer = (len > 0) ? 1 : 0;
}
/*******************************************************************
@@ -703,7 +703,7 @@ void init_buffer2(BUFFER2 *str, const uint8 *buf, size_t len)
/* max buffer size (allocated size) */
str->buf_max_len = len;
- str->offset = 0;
+ str->undoc = 0;
str->buf_len = buf != NULL ? len : 0;
if (buf != NULL) {
@@ -737,7 +737,7 @@ BOOL smb_io_buffer2(const char *desc, BUFFER2 *buf2, uint32 buffer, prs_struct *
if(!prs_uint32("uni_max_len", ps, depth, &buf2->buf_max_len))
return False;
- if(!prs_uint32("offset ", ps, depth, &buf2->offset))
+ if(!prs_uint32("undoc ", ps, depth, &buf2->undoc))
return False;
if(!prs_uint32("buf_len ", ps, depth, &buf2->buf_len))
return False;
@@ -765,11 +765,14 @@ creates a UNISTR2 structure: sets up the buffer, too
void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf)
{
if (buf != NULL) {
+
*ptr = 1;
- init_unistr2(str, buf, UNI_STR_TERMINATE);
+ init_unistr2(str, buf, strlen(buf)+1);
+
} else {
+
*ptr = 0;
- init_unistr2(str, NULL, UNI_FLAGS_NONE);
+ init_unistr2(str, "", 0);
}
}
@@ -780,8 +783,10 @@ void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf)
void copy_unistr2(UNISTR2 *str, const UNISTR2 *from)
{
+
+ /* set up string lengths. add one if string is not null-terminated */
str->uni_max_len = from->uni_max_len;
- str->offset = from->offset;
+ str->undoc = from->undoc;
str->uni_str_len = from->uni_str_len;
if (from->buffer == NULL)
@@ -798,7 +803,8 @@ void copy_unistr2(UNISTR2 *str, const UNISTR2 *from)
len *= sizeof(uint16);
str->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
- if ((str->buffer == NULL) && (len > 0 )) {
+ if ((str->buffer == NULL) && (len > 0 ))
+ {
smb_panic("copy_unistr2: talloc fail\n");
return;
}
@@ -818,7 +824,7 @@ void init_string2(STRING2 *str, const char *buf, int max_len, int str_len)
/* set up string lengths. */
str->str_max_len = max_len;
- str->offset = 0;
+ str->undoc = 0;
str->str_str_len = str_len;
/* store the string */
@@ -829,7 +835,7 @@ void init_string2(STRING2 *str, const char *buf, int max_len, int str_len)
if (str->buffer == NULL)
smb_panic("init_string2: malloc fail\n");
memcpy(str->buffer, buf, str_len);
- }
+ }
}
/*******************************************************************
@@ -854,7 +860,7 @@ BOOL smb_io_string2(const char *desc, STRING2 *str2, uint32 buffer, prs_struct *
if(!prs_uint32("str_max_len", ps, depth, &str2->str_max_len))
return False;
- if(!prs_uint32("offset ", ps, depth, &str2->offset))
+ if(!prs_uint32("undoc ", ps, depth, &str2->undoc))
return False;
if(!prs_uint32("str_str_len", ps, depth, &str2->str_str_len))
return False;
@@ -879,43 +885,34 @@ BOOL smb_io_string2(const char *desc, STRING2 *str2, uint32 buffer, prs_struct *
Inits a UNISTR2 structure.
********************************************************************/
-void init_unistr2(UNISTR2 *str, const char *buf, enum unistr2_term_codes flags)
+void init_unistr2(UNISTR2 *str, const char *buf, size_t len)
{
- size_t len = 0;
- uint32 num_chars = 0;
+ ZERO_STRUCTP(str);
- if (buf) {
- /* We always null terminate the copy. */
- len = strlen(buf) + 1;
- }
+ /* set up string lengths. */
+ str->uni_max_len = (uint32)len;
+ str->undoc = 0;
+ str->uni_str_len = (uint32)len;
if (len < MAX_UNISTRLEN)
len = MAX_UNISTRLEN;
len *= sizeof(uint16);
str->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
- if ((str->buffer == NULL) && (len > 0)) {
+ if ((str->buffer == NULL) && (len > 0))
+ {
smb_panic("init_unistr2: malloc fail\n");
return;
}
/*
- * The UNISTR2 must be initialized !!!
+ * don't move this test above ! The UNISTR2 must be initialized !!!
* jfm, 7/7/2001.
*/
- if (buf) {
- rpcstr_push((char *)str->buffer, buf, len, STR_TERMINATE);
- num_chars = strlen_w(str->buffer);
- if (flags == STR_TERMINATE || flags == UNI_MAXLEN_TERMINATE) {
- num_chars++;
- }
- }
+ if (buf==NULL)
+ return;
- str->uni_max_len = num_chars;
- str->offset = 0;
- str->uni_str_len = num_chars;
- if (num_chars && (flags == UNI_MAXLEN_TERMINATE))
- str->uni_max_len++;
+ rpcstr_push((char *)str->buffer, buf, len, STR_TERMINATE);
}
/**
@@ -935,7 +932,7 @@ void init_unistr2_w(TALLOC_CTX *ctx, UNISTR2 *str, const smb_ucs2_t *buf)
/* set up string lengths. */
str->uni_max_len = len;
- str->offset = 0;
+ str->undoc = 0;
str->uni_str_len = len;
if (max_len < MAX_UNISTRLEN)
@@ -944,7 +941,8 @@ void init_unistr2_w(TALLOC_CTX *ctx, UNISTR2 *str, const smb_ucs2_t *buf)
alloc_len = (max_len + 1) * sizeof(uint16);
str->buffer = (uint16 *)talloc_zero(ctx, alloc_len);
- if ((str->buffer == NULL) && (alloc_len > 0)) {
+ if ((str->buffer == NULL) && (alloc_len > 0))
+ {
smb_panic("init_unistr2_w: malloc fail\n");
return;
}
@@ -965,9 +963,9 @@ void init_unistr2_w(TALLOC_CTX *ctx, UNISTR2 *str, const smb_ucs2_t *buf)
/*******************************************************************
Inits a UNISTR2 structure from a UNISTR
********************************************************************/
-
-void init_unistr2_from_unistr(UNISTR2 *to, const UNISTR *from)
+void init_unistr2_from_unistr (UNISTR2 *to, const UNISTR *from)
{
+
uint32 i;
/* the destination UNISTR2 should never be NULL.
@@ -989,7 +987,7 @@ void init_unistr2_from_unistr(UNISTR2 *to, const UNISTR *from)
/* set up string lengths; uni_max_len is set to i+1
because we need to account for the final NULL termination */
to->uni_max_len = i;
- to->offset = 0;
+ to->undoc = 0;
to->uni_str_len = i;
/* allocate the space and copy the string buffer */
@@ -997,9 +995,11 @@ void init_unistr2_from_unistr(UNISTR2 *to, const UNISTR *from)
if (to->buffer == NULL)
smb_panic("init_unistr2_from_unistr: malloc fail\n");
memcpy(to->buffer, from->buffer, to->uni_max_len*sizeof(uint16));
+
return;
}
+
/*******************************************************************
Reads or writes a UNISTR2 structure.
XXXX NOTE: UNISTR2 structures need NOT be null-terminated.
@@ -1022,7 +1022,7 @@ BOOL smb_io_unistr2(const char *desc, UNISTR2 *uni2, uint32 buffer, prs_struct *
if(!prs_uint32("uni_max_len", ps, depth, &uni2->uni_max_len))
return False;
- if(!prs_uint32("offset ", ps, depth, &uni2->offset))
+ if(!prs_uint32("undoc ", ps, depth, &uni2->undoc))
return False;
if(!prs_uint32("uni_str_len", ps, depth, &uni2->uni_str_len))
return False;
@@ -1064,7 +1064,7 @@ BOOL init_unistr2_array(UNISTR2_ARRAY *array,
}
for (i=0;i<count;i++) {
- init_unistr2(&array->strings[i].string, strings[i], UNI_FLAGS_NONE);
+ init_unistr2(&array->strings[i].string, strings[i], strlen(strings[i]));
array->strings[i].size = array->strings[i].string.uni_max_len*2;
array->strings[i].length = array->strings[i].size;
array->strings[i].ref_id = 1;
@@ -1223,14 +1223,14 @@ static void init_clnt_srv(DOM_CLNT_SRV *logcln, const char *logon_srv, const cha
if (logon_srv != NULL) {
logcln->undoc_buffer = 1;
- init_unistr2(&logcln->uni_logon_srv, logon_srv, UNI_STR_TERMINATE);
+ init_unistr2(&logcln->uni_logon_srv, logon_srv, strlen(logon_srv)+1);
} else {
logcln->undoc_buffer = 0;
}
if (comp_name != NULL) {
logcln->undoc_buffer2 = 1;
- init_unistr2(&logcln->uni_comp_name, comp_name, UNI_STR_TERMINATE);
+ init_unistr2(&logcln->uni_comp_name, comp_name, strlen(comp_name)+1);
} else {
logcln->undoc_buffer2 = 0;
}
@@ -1284,12 +1284,12 @@ void init_log_info(DOM_LOG_INFO *loginfo, const char *logon_srv, const char *acc
loginfo->undoc_buffer = 1;
- init_unistr2(&loginfo->uni_logon_srv, logon_srv, UNI_STR_TERMINATE);
- init_unistr2(&loginfo->uni_acct_name, acct_name, UNI_STR_TERMINATE);
+ init_unistr2(&loginfo->uni_logon_srv, logon_srv, strlen(logon_srv)+1);
+ init_unistr2(&loginfo->uni_acct_name, acct_name, strlen(acct_name)+1);
loginfo->sec_chan = sec_chan;
- init_unistr2(&loginfo->uni_comp_name, comp_name, UNI_STR_TERMINATE);
+ init_unistr2(&loginfo->uni_comp_name, comp_name, strlen(comp_name)+1);
}
/*******************************************************************
diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c
index 3b096e088ab..dd319df5a0f 100644
--- a/source/rpc_parse/parse_net.c
+++ b/source/rpc_parse/parse_net.c
@@ -136,15 +136,16 @@ static BOOL net_io_netinfo_1(const char *desc, NETLOGON_INFO_1 *info, prs_struct
static void init_netinfo_2(NETLOGON_INFO_2 *info, uint32 flags, uint32 pdc_status,
uint32 tc_status, const char *trusted_dc_name)
{
+ int len_dc_name = strlen(trusted_dc_name);
info->flags = flags;
info->pdc_status = pdc_status;
info->ptr_trusted_dc_name = 1;
info->tc_status = tc_status;
if (trusted_dc_name != NULL)
- init_unistr2(&info->uni_trusted_dc_name, trusted_dc_name, UNI_STR_TERMINATE);
+ init_unistr2(&info->uni_trusted_dc_name, trusted_dc_name, len_dc_name+1);
else
- init_unistr2(&info->uni_trusted_dc_name, "", UNI_STR_TERMINATE);
+ init_unistr2(&info->uni_trusted_dc_name, "", 1);
}
/*******************************************************************
@@ -229,7 +230,7 @@ void init_net_q_logon_ctrl2(NET_Q_LOGON_CTRL2 *q_l, const char *srv_name,
q_l->query_level = query_level;
q_l->switch_value = 0x01;
- init_unistr2(&q_l->uni_server_name, srv_name, UNI_STR_TERMINATE);
+ init_unistr2(&q_l->uni_server_name, srv_name, strlen(srv_name) + 1);
}
/*******************************************************************
@@ -359,7 +360,7 @@ void init_net_q_logon_ctrl(NET_Q_LOGON_CTRL *q_l, const char *srv_name,
q_l->function_code = 0x01; /* ??? */
q_l->query_level = query_level;
- init_unistr2(&q_l->uni_server_name, srv_name, UNI_STR_TERMINATE);
+ init_unistr2(&q_l->uni_server_name, srv_name, strlen(srv_name) + 1);
}
/*******************************************************************
@@ -446,9 +447,9 @@ void init_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t,
fstring domain_name;
fstrcpy(domain_name, dom_name);
strupper_m(domain_name);
- init_unistr2(&r_t->uni_trust_dom_name[i], domain_name, UNI_STR_TERMINATE);
+ init_unistr2(&r_t->uni_trust_dom_name[i], domain_name, strlen(domain_name)+1);
/* the use of UNISTR2 here is non-standard. */
- r_t->uni_trust_dom_name[i].offset = 0x1;
+ r_t->uni_trust_dom_name[i].undoc = 0x1;
}
r_t->status = NT_STATUS_OK;
@@ -538,8 +539,8 @@ void init_q_req_chal(NET_Q_REQ_CHAL *q_c,
q_c->undoc_buffer = 1; /* don't know what this buffer is */
- init_unistr2(&q_c->uni_logon_srv, logon_srv , UNI_STR_TERMINATE);
- init_unistr2(&q_c->uni_logon_clnt, logon_clnt, UNI_STR_TERMINATE);
+ init_unistr2(&q_c->uni_logon_srv, logon_srv , strlen(logon_srv )+1);
+ init_unistr2(&q_c->uni_logon_clnt, logon_clnt, strlen(logon_clnt)+1);
memcpy(q_c->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
@@ -909,6 +910,10 @@ void init_id_info1(NET_ID_INFO_1 *id, const char *domain_name,
const char *sess_key,
unsigned char lm_cypher[16], unsigned char nt_cypher[16])
{
+ int len_domain_name = strlen(domain_name);
+ int len_user_name = strlen(user_name );
+ int len_wksta_name = strlen(wksta_name );
+
unsigned char lm_owf[16];
unsigned char nt_owf[16];
@@ -916,9 +921,13 @@ void init_id_info1(NET_ID_INFO_1 *id, const char *domain_name,
id->ptr_id_info1 = 1;
+ init_uni_hdr(&id->hdr_domain_name, len_domain_name);
+
id->param_ctrl = param_ctrl;
init_logon_id(&id->logon_id, log_id_low, log_id_high);
+ init_uni_hdr(&id->hdr_user_name, len_user_name);
+ init_uni_hdr(&id->hdr_wksta_name, len_wksta_name);
if (lm_cypher && nt_cypher) {
unsigned char key[16];
@@ -953,12 +962,9 @@ void init_id_info1(NET_ID_INFO_1 *id, const char *domain_name,
init_owf_info(&id->lm_owf, lm_cypher);
init_owf_info(&id->nt_owf, nt_cypher);
- init_unistr2(&id->uni_domain_name, domain_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_domain_name, &id->uni_domain_name);
- init_unistr2(&id->uni_user_name, user_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_user_name, &id->uni_user_name);
- init_unistr2(&id->uni_wksta_name, wksta_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_wksta_name, &id->uni_wksta_name);
+ init_unistr2(&id->uni_domain_name, domain_name, len_domain_name);
+ init_unistr2(&id->uni_user_name, user_name, len_user_name);
+ init_unistr2(&id->uni_wksta_name, wksta_name, len_wksta_name);
}
/*******************************************************************
@@ -1035,6 +1041,9 @@ void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name,
const uchar * lm_chal_resp, size_t lm_chal_resp_len,
const uchar * nt_chal_resp, size_t nt_chal_resp_len)
{
+ size_t len_domain_name = strlen(domain_name);
+ size_t len_user_name = strlen(user_name );
+ size_t len_wksta_name = strlen(wksta_name );
unsigned char lm_owf[24];
unsigned char nt_owf[128];
@@ -1042,10 +1051,14 @@ void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name,
id->ptr_id_info2 = 1;
+ init_uni_hdr(&id->hdr_domain_name, len_domain_name);
id->param_ctrl = param_ctrl;
init_logon_id(&id->logon_id, log_id_low, log_id_high);
+ init_uni_hdr(&id->hdr_user_name, len_user_name);
+ init_uni_hdr(&id->hdr_wksta_name, len_wksta_name);
+
if (nt_chal_resp) {
/* oops. can only send what-ever-it-is direct */
memcpy(nt_owf, nt_chal_resp, MIN(sizeof(nt_owf), nt_chal_resp_len));
@@ -1061,12 +1074,9 @@ void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name,
init_str_hdr(&id->hdr_nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len, (nt_chal_resp != NULL) ? 1 : 0);
init_str_hdr(&id->hdr_lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len, (lm_chal_resp != NULL) ? 1 : 0);
- init_unistr2(&id->uni_domain_name, domain_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_domain_name, &id->uni_domain_name);
- init_unistr2(&id->uni_user_name, user_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_user_name, &id->uni_user_name);
- init_unistr2(&id->uni_wksta_name, wksta_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_wksta_name, &id->uni_wksta_name);
+ init_unistr2(&id->uni_domain_name, domain_name, len_domain_name);
+ init_unistr2(&id->uni_user_name, user_name, len_user_name);
+ init_unistr2(&id->uni_wksta_name, wksta_name, len_wksta_name);
init_string2(&id->nt_chal_resp, (const char *)nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len);
init_string2(&id->lm_chal_resp, (const char *)lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len);
@@ -1278,10 +1288,26 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr,
pass_last_set_time, pass_can_change_time,
pass_must_change_time;
+ int len_user_name, len_full_name, len_home_dir,
+ len_dir_drive, len_logon_script, len_profile_path;
+
+ int len_logon_srv = strlen(logon_srv);
+ int len_logon_dom = strlen(logon_dom);
+
+ len_user_name = strlen(user_name );
+ len_full_name = strlen(full_name );
+ len_home_dir = strlen(home_dir );
+ len_dir_drive = strlen(dir_drive );
+ len_logon_script = strlen(logon_script);
+ len_profile_path = strlen(profile_path);
+
+
ZERO_STRUCTP(usr);
usr->ptr_user_info = 1; /* yes, we're bothering to put USER_INFO data here */
+
+
/* Create NTTIME structs */
unix_to_nt_time (&logon_time, unix_logon_time);
unix_to_nt_time (&logoff_time, unix_logoff_time);
@@ -1297,6 +1323,13 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr,
usr->pass_can_change_time = pass_can_change_time;
usr->pass_must_change_time = pass_must_change_time;
+ init_uni_hdr(&usr->hdr_user_name, len_user_name);
+ init_uni_hdr(&usr->hdr_full_name, len_full_name);
+ init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+ init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+ init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+ init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
+
usr->logon_count = logon_count;
usr->bad_pw_count = bad_pw_count;
@@ -1312,6 +1345,9 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr,
else
memset((char *)usr->user_sess_key, '\0', sizeof(usr->user_sess_key));
+ init_uni_hdr(&usr->hdr_logon_srv, len_logon_srv);
+ init_uni_hdr(&usr->hdr_logon_dom, len_logon_dom);
+
usr->buffer_dom_id = dom_sid ? 1 : 0; /* yes, we're bothering to put a domain SID in */
memset((char *)usr->padding, '\0', sizeof(usr->padding));
@@ -1321,18 +1357,12 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr,
usr->num_other_sids = num_other_sids;
usr->buffer_other_sids = (num_other_sids != 0) ? 1 : 0;
- init_unistr2(&usr->uni_user_name, user_name, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_user_name, &usr->uni_user_name);
- init_unistr2(&usr->uni_full_name, full_name, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_full_name, &usr->uni_full_name);
- init_unistr2(&usr->uni_logon_script, logon_script, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_logon_script, &usr->uni_logon_script);
- init_unistr2(&usr->uni_profile_path, profile_path, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_profile_path, &usr->uni_profile_path);
- init_unistr2(&usr->uni_home_dir, home_dir, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_home_dir, &usr->uni_home_dir);
- init_unistr2(&usr->uni_dir_drive, dir_drive, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_dir_drive, &usr->uni_dir_drive);
+ init_unistr2(&usr->uni_user_name, user_name, len_user_name);
+ init_unistr2(&usr->uni_full_name, full_name, len_full_name);
+ init_unistr2(&usr->uni_logon_script, logon_script, len_logon_script);
+ init_unistr2(&usr->uni_profile_path, profile_path, len_profile_path);
+ init_unistr2(&usr->uni_home_dir, home_dir, len_home_dir);
+ init_unistr2(&usr->uni_dir_drive, dir_drive, len_dir_drive);
usr->num_groups2 = num_groups;
@@ -1343,10 +1373,8 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr,
for (i = 0; i < num_groups; i++)
usr->gids[i] = gids[i];
- init_unistr2(&usr->uni_logon_srv, logon_srv, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_logon_srv, &usr->uni_logon_srv);
- init_unistr2(&usr->uni_logon_dom, logon_dom, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_logon_dom, &usr->uni_logon_dom);
+ init_unistr2(&usr->uni_logon_srv, logon_srv, len_logon_srv);
+ init_unistr2(&usr->uni_logon_dom, logon_dom, len_logon_dom);
init_dom_sid2(&usr->dom_sid, dom_sid);
/* "other" sids are set up above */
@@ -1642,8 +1670,8 @@ BOOL init_net_q_sam_sync(NET_Q_SAM_SYNC * q_s, const char *srv_name,
{
DEBUG(5, ("init_q_sam_sync\n"));
- init_unistr2(&q_s->uni_srv_name, srv_name, UNI_STR_TERMINATE);
- init_unistr2(&q_s->uni_cli_name, cli_name, UNI_STR_TERMINATE);
+ init_unistr2(&q_s->uni_srv_name, srv_name, strlen(srv_name) + 1);
+ init_unistr2(&q_s->uni_cli_name, cli_name, strlen(cli_name) + 1);
if (cli_creds)
memcpy(&q_s->cli_creds, cli_creds, sizeof(q_s->cli_creds));
@@ -2830,8 +2858,8 @@ BOOL init_net_q_sam_deltas(NET_Q_SAM_DELTAS *q_s, const char *srv_name,
{
DEBUG(5, ("init_net_q_sam_deltas\n"));
- init_unistr2(&q_s->uni_srv_name, srv_name, UNI_STR_TERMINATE);
- init_unistr2(&q_s->uni_cli_name, cli_name, UNI_STR_TERMINATE);
+ init_unistr2(&q_s->uni_srv_name, srv_name, strlen(srv_name) + 1);
+ init_unistr2(&q_s->uni_cli_name, cli_name, strlen(cli_name) + 1);
memcpy(&q_s->cli_creds, cli_creds, sizeof(q_s->cli_creds));
memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds));
diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c
index b30c41c0903..81a95730778 100644
--- a/source/rpc_parse/parse_prs.c
+++ b/source/rpc_parse/parse_prs.c
@@ -3,8 +3,7 @@
Samba memory buffer functions
Copyright (C) Andrew Tridgell 1992-1997
Copyright (C) Luke Kenneth Casson Leighton 1996-1997
- Copyright (C) Jeremy Allison 1999
- Copyright (C) Andrew Bartlett 2003.
+ Copyright (C) Jeremy Allison 1999.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -1338,6 +1337,47 @@ BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16], int len)
return True;
}
+static void netsechash(uchar * key, uchar * data, int data_len)
+{
+ uchar hash[256];
+ uchar index_i = 0;
+ uchar index_j = 0;
+ uchar j = 0;
+ int ind;
+
+ for (ind = 0; ind < 256; ind++)
+ {
+ hash[ind] = (uchar) ind;
+ }
+
+ for (ind = 0; ind < 256; ind++)
+ {
+ uchar tc;
+
+ j += (hash[ind] + key[ind % 16]);
+
+ tc = hash[ind];
+ hash[ind] = hash[j];
+ hash[j] = tc;
+ }
+
+ for (ind = 0; ind < data_len; ind++)
+ {
+ uchar tc;
+ uchar t;
+
+ index_i++;
+ index_j += hash[index_i];
+
+ tc = hash[index_i];
+ hash[index_i] = hash[index_j];
+ hash[index_j] = tc;
+
+ t = hash[index_i] + hash[index_j];
+ data[ind] ^= hash[t];
+ }
+}
+
/*******************************************************************
Create a digest over the entire packet (including the data), and
@@ -1360,7 +1400,7 @@ static void netsec_digest(struct netsec_auth_struct *a,
MD5Update(&ctx3, zeros, sizeof(zeros));
MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
if (auth_flags & AUTH_PIPE_SEAL) {
- MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
+ MD5Update(&ctx3, verf->data8, sizeof(verf->data8));
}
MD5Update(&ctx3, (const unsigned char *)data, data_len);
MD5Final(whole_packet_digest, &ctx3);
@@ -1416,29 +1456,10 @@ static void netsec_deal_with_seq_num(struct netsec_auth_struct *a,
dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
dump_data_pw("seq_num (before):\n", verf->seq_num, sizeof(verf->seq_num));
- SamOEMhash(verf->seq_num, sequence_key, 8);
+ netsechash(sequence_key, verf->seq_num, 8);
dump_data_pw("seq_num (after):\n", verf->seq_num, sizeof(verf->seq_num));
}
-/*******************************************************************
-creates an RPC_AUTH_NETSEC_CHK structure.
-********************************************************************/
-static BOOL init_rpc_auth_netsec_chk(RPC_AUTH_NETSEC_CHK * chk,
- const uchar sig[8],
- const uchar packet_digest[8],
- const uchar seq_num[8], const uchar confounder[8])
-{
- if (chk == NULL)
- return False;
-
- memcpy(chk->sig, sig, sizeof(chk->sig));
- memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest));
- memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num));
- memcpy(chk->confounder, confounder, sizeof(chk->confounder));
-
- return True;
-}
-
/*******************************************************************
Encode a blob of data using the netsec (schannel) alogrithm, also produceing
@@ -1448,47 +1469,26 @@ static BOOL init_rpc_auth_netsec_chk(RPC_AUTH_NETSEC_CHK * chk,
********************************************************************/
void netsec_encode(struct netsec_auth_struct *a, int auth_flags,
enum netsec_direction direction,
- RPC_AUTH_NETSEC_CHK * verf,
- char *data, size_t data_len)
+ RPC_AUTH_NETSEC_CHK * verf, char *data, size_t data_len)
{
uchar digest_final[16];
- uchar confounder[8];
- uchar seq_num[8];
- static const uchar nullbytes[8];
-
- static const uchar netsec_seal_sig[8] = NETSEC_SEAL_SIGNATURE;
- static const uchar netsec_sign_sig[8] = NETSEC_SIGN_SIGNATURE;
- const uchar *netsec_sig;
DEBUG(10,("SCHANNEL: netsec_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
-
- if (auth_flags & AUTH_PIPE_SEAL) {
- netsec_sig = netsec_seal_sig;
- } else if (auth_flags & AUTH_PIPE_SIGN) {
- netsec_sig = netsec_sign_sig;
- }
-
- /* fill the 'confounder' with random data */
- generate_random_buffer(confounder, sizeof(confounder), False);
-
dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
- RSIVAL(seq_num, 0, a->seq_num);
+ RSIVAL(verf->seq_num, 0, a->seq_num);
switch (direction) {
case SENDER_IS_INITIATOR:
- SIVAL(seq_num, 4, 0x80);
+ SIVAL(verf->seq_num, 4, 0x80);
break;
case SENDER_IS_ACCEPTOR:
- SIVAL(seq_num, 4, 0x0);
+ SIVAL(verf->seq_num, 4, 0x0);
break;
}
- dump_data_pw("verf->seq_num:\n", seq_num, sizeof(verf->seq_num));
+ dump_data_pw("verf->seq_num:\n", verf->seq_num, sizeof(verf->seq_num));
- init_rpc_auth_netsec_chk(verf, netsec_sig, nullbytes,
- seq_num, confounder);
-
/* produce a digest of the packet to prove it's legit (before we seal it) */
netsec_digest(a, auth_flags, verf, data, data_len, digest_final);
memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
@@ -1500,14 +1500,14 @@ void netsec_encode(struct netsec_auth_struct *a, int auth_flags,
netsec_get_sealing_key(a, verf, sealing_key);
/* encode the verification data */
- dump_data_pw("verf->confounder:\n", verf->confounder, sizeof(verf->confounder));
- SamOEMhash(verf->confounder, sealing_key, 8);
+ dump_data_pw("verf->data8:\n", verf->data8, sizeof(verf->data8));
+ netsechash(sealing_key, verf->data8, 8);
- dump_data_pw("verf->confounder_enc:\n", verf->confounder, sizeof(verf->confounder));
+ dump_data_pw("verf->data8_enc:\n", verf->data8, sizeof(verf->data8));
/* encode the packet payload */
dump_data_pw("data:\n", (const unsigned char *)data, data_len);
- SamOEMhash((unsigned char *)data, sealing_key, data_len);
+ netsechash(sealing_key, (unsigned char *)data, data_len);
dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
}
@@ -1531,21 +1531,8 @@ BOOL netsec_decode(struct netsec_auth_struct *a, int auth_flags,
{
uchar digest_final[16];
- static const uchar netsec_seal_sig[8] = NETSEC_SEAL_SIGNATURE;
- static const uchar netsec_sign_sig[8] = NETSEC_SIGN_SIGNATURE;
- const uchar *netsec_sig;
-
- uchar seq_num[8];
-
- DEBUG(10,("SCHANNEL: netsec_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
-
- if (auth_flags & AUTH_PIPE_SEAL) {
- netsec_sig = netsec_seal_sig;
- } else if (auth_flags & AUTH_PIPE_SIGN) {
- netsec_sig = netsec_sign_sig;
- }
-
/* Create the expected sequence number for comparison */
+ uchar seq_num[8];
RSIVAL(seq_num, 0, a->seq_num);
switch (direction) {
@@ -1573,20 +1560,6 @@ BOOL netsec_decode(struct netsec_auth_struct *a, int auth_flags,
digest, as supplied by the client. We check that it's a valid
checksum after the decode, below
*/
- DEBUG(2, ("netsec_decode: FAILED: packet sequence number:\n"));
- dump_data(2, verf->seq_num, sizeof(verf->seq_num));
- DEBUG(2, ("should be:\n"));
- dump_data(2, seq_num, sizeof(seq_num));
-
- return False;
- }
-
- if (memcmp(verf->sig, netsec_sig, sizeof(verf->sig))) {
- /* Validate that the other end sent the expected header */
- DEBUG(2, ("netsec_decode: FAILED: packet header:\n"));
- dump_data(2, verf->sig, sizeof(verf->sig));
- DEBUG(2, ("should be:\n"));
- dump_data(2, netsec_sig, sizeof(netsec_sig));
return False;
}
@@ -1597,16 +1570,16 @@ BOOL netsec_decode(struct netsec_auth_struct *a, int auth_flags,
netsec_get_sealing_key(a, verf, sealing_key);
/* extract the verification data */
- dump_data_pw("verf->confounder:\n", verf->confounder,
- sizeof(verf->confounder));
- SamOEMhash(verf->confounder, sealing_key, 8);
+ dump_data_pw("verf->data8:\n", verf->data8,
+ sizeof(verf->data8));
+ netsechash(sealing_key, verf->data8, 8);
- dump_data_pw("verf->confounder_dec:\n", verf->confounder,
- sizeof(verf->confounder));
+ dump_data_pw("verf->data8_dec:\n", verf->data8,
+ sizeof(verf->data8));
/* extract the packet payload */
dump_data_pw("data :\n", (const unsigned char *)data, data_len);
- SamOEMhash((unsigned char *)data, sealing_key, data_len);
+ netsechash(sealing_key, (unsigned char *)data, data_len);
dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);
}
diff --git a/source/rpc_parse/parse_reg.c b/source/rpc_parse/parse_reg.c
index 69c0dfc7548..bbf6e6a8e3d 100644
--- a/source/rpc_parse/parse_reg.c
+++ b/source/rpc_parse/parse_reg.c
@@ -281,15 +281,18 @@ void init_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
char *name, char *class, SEC_ACCESS *sam_access,
SEC_DESC_BUF *sec_buf)
{
+ int len_name = name != NULL ? strlen(name ) + 1: 0;
+ int len_class = class != NULL ? strlen(class) + 1: 0;
+
ZERO_STRUCTP(q_c);
memcpy(&q_c->pnt_pol, hnd, sizeof(q_c->pnt_pol));
- init_unistr2(&q_c->uni_name, name, UNI_STR_TERMINATE);
- init_uni_hdr(&q_c->hdr_name, &q_c->uni_name);
+ init_uni_hdr(&q_c->hdr_name, len_name);
+ init_unistr2(&q_c->uni_name, name, len_name);
- init_unistr2(&q_c->uni_class, class, UNI_STR_TERMINATE);
- init_uni_hdr(&q_c->hdr_class, &q_c->uni_class);
+ init_uni_hdr(&q_c->hdr_class, len_class);
+ init_unistr2(&q_c->uni_class, class, len_class);
q_c->reserved = 0x00000000;
memcpy(&q_c->sam_access, sam_access, sizeof(q_c->sam_access));
@@ -394,12 +397,13 @@ BOOL reg_io_r_create_key(const char *desc, REG_R_CREATE_KEY *r_r, prs_struct *p
void init_reg_q_delete_val(REG_Q_DELETE_VALUE *q_c, POLICY_HND *hnd,
char *name)
{
+ int len_name = name != NULL ? strlen(name ) + 1: 0;
ZERO_STRUCTP(q_c);
memcpy(&q_c->pnt_pol, hnd, sizeof(q_c->pnt_pol));
- init_unistr2(&q_c->uni_name, name, UNI_STR_TERMINATE);
- init_uni_hdr(&q_c->hdr_name, &q_c->uni_name);
+ init_uni_hdr(&q_c->hdr_name, len_name);
+ init_unistr2(&q_c->uni_name, name, len_name);
}
/*******************************************************************
@@ -459,12 +463,13 @@ BOOL reg_io_r_delete_val(const char *desc, REG_R_DELETE_VALUE *r_r, prs_struct
void init_reg_q_delete_key(REG_Q_DELETE_KEY *q_c, POLICY_HND *hnd,
char *name)
{
+ int len_name = name != NULL ? strlen(name ) + 1: 0;
ZERO_STRUCTP(q_c);
memcpy(&q_c->pnt_pol, hnd, sizeof(q_c->pnt_pol));
- init_unistr2(&q_c->uni_name, name, UNI_STR_TERMINATE);
- init_uni_hdr(&q_c->hdr_name, &q_c->uni_name);
+ init_uni_hdr(&q_c->hdr_name, len_name);
+ init_unistr2(&q_c->uni_name, name, len_name);
}
/*******************************************************************
@@ -520,12 +525,14 @@ BOOL reg_io_r_delete_key(const char *desc, REG_R_DELETE_KEY *r_r, prs_struct *p
Inits a structure.
********************************************************************/
-void init_reg_q_query_key(REG_Q_QUERY_KEY *q_o, POLICY_HND *hnd, UNISTR2 *uni2)
+void init_reg_q_query_key(REG_Q_QUERY_KEY *q_o, POLICY_HND *hnd,
+ uint32 max_class_len)
{
ZERO_STRUCTP(q_o);
memcpy(&q_o->pol, hnd, sizeof(q_o->pol));
- init_uni_hdr(&q_o->hdr_class, uni2);
+ init_uni_hdr(&q_o->hdr_class, max_class_len);
+ q_o->uni_class.uni_max_len = max_class_len;
}
/*******************************************************************
@@ -1003,13 +1010,15 @@ makes a structure.
BOOL init_reg_q_info(REG_Q_INFO *q_i, POLICY_HND *pol, char* val_name)
{
+ int len_type = val_name != NULL ? strlen(val_name) + 1 : 0;
+
if (q_i == NULL)
return False;
q_i->pol = *pol;
- init_unistr2(&q_i->uni_type, val_name, UNI_STR_TERMINATE);
- init_uni_hdr(&q_i->hdr_type, &q_i->uni_type);
+ init_uni_hdr(&(q_i->hdr_type), len_type);
+ init_unistr2(&(q_i->uni_type), val_name, len_type);
q_i->ptr_reserved = 1;
q_i->ptr_buf = 1;
@@ -1221,7 +1230,7 @@ makes a structure.
********************************************************************/
void init_reg_q_enum_val(REG_Q_ENUM_VALUE *q_i, POLICY_HND *pol,
- uint32 val_idx, UNISTR2 *uni2,
+ uint32 val_idx, uint32 max_val_len,
uint32 max_buf_len)
{
ZERO_STRUCTP(q_i);
@@ -1229,7 +1238,8 @@ void init_reg_q_enum_val(REG_Q_ENUM_VALUE *q_i, POLICY_HND *pol,
memcpy(&q_i->pol, pol, sizeof(q_i->pol));
q_i->val_index = val_idx;
- init_uni_hdr(&q_i->hdr_name, uni2);
+ init_uni_hdr(&q_i->hdr_name, max_val_len);
+ q_i->uni_name.uni_max_len = max_val_len;
q_i->ptr_type = 1;
q_i->type = 0x0;
@@ -1260,8 +1270,8 @@ void init_reg_r_enum_val(REG_R_ENUM_VALUE *r_u, REGISTRY_VALUE *val )
DEBUG(10,("init_reg_r_enum_val: Valuename => [%s]\n", val->valuename));
- init_unistr2( &r_u->uni_name, val->valuename, UNI_STR_TERMINATE);
- init_uni_hdr( &r_u->hdr_name, &r_u->uni_name);
+ init_uni_hdr( &r_u->hdr_name, strlen(val->valuename)+1 );
+ init_unistr2( &r_u->uni_name, val->valuename, strlen(val->valuename)+1 );
/* type */
@@ -1408,12 +1418,14 @@ void init_reg_q_create_val(REG_Q_CREATE_VALUE *q_i, POLICY_HND *pol,
char *val_name, uint32 type,
BUFFER3 *val)
{
+ int val_len = strlen(val_name) + 1;
+
ZERO_STRUCTP(q_i);
memcpy(&q_i->pol, pol, sizeof(q_i->pol));
- init_unistr2(&q_i->uni_name, val_name, UNI_STR_TERMINATE);
- init_uni_hdr(&q_i->hdr_name, &q_i->uni_name);
+ init_uni_hdr(&q_i->hdr_name, val_len);
+ init_unistr2(&q_i->uni_name, val_name, val_len);
q_i->type = type;
q_i->buf_value = val;
@@ -1638,10 +1650,12 @@ makes a structure.
void init_reg_q_open_entry(REG_Q_OPEN_ENTRY *r_q, POLICY_HND *pol,
char *key_name, uint32 access_desired)
{
+ int len_name = strlen(key_name)+1;
+
memcpy(&r_q->pol, pol, sizeof(r_q->pol));
- init_unistr2(&r_q->uni_name, key_name, UNI_STR_TERMINATE);
- init_uni_hdr(&r_q->hdr_name, &r_q->uni_name);
+ init_uni_hdr(&r_q->hdr_name, len_name);
+ init_unistr2(&r_q->uni_name, key_name, len_name);
r_q->unknown_0 = 0x00000000;
r_q->access_desired = access_desired;
@@ -1722,27 +1736,29 @@ BOOL reg_io_r_open_entry(const char *desc, REG_R_OPEN_ENTRY *r_r, prs_struct *p
/*******************************************************************
Inits a structure.
********************************************************************/
-
void init_reg_q_shutdown(REG_Q_SHUTDOWN * q_s, const char *msg,
uint32 timeout, BOOL do_reboot, BOOL force)
{
+ int msg_len;
+ msg_len = strlen(msg);
+
q_s->ptr_0 = 1;
q_s->ptr_1 = 1;
q_s->ptr_2 = 1;
- init_unistr2(&q_s->uni_msg, msg, UNI_FLAGS_NONE);
- init_uni_hdr(&q_s->hdr_msg, &q_s->uni_msg);
+ init_uni_hdr(&(q_s->hdr_msg), msg_len);
+ init_unistr2(&(q_s->uni_msg), msg, msg_len);
q_s->timeout = timeout;
q_s->reboot = do_reboot ? 1 : 0;
q_s->force = force ? 1 : 0;
+
}
/*******************************************************************
reads or writes a structure.
********************************************************************/
-
BOOL reg_io_q_shutdown(const char *desc, REG_Q_SHUTDOWN * q_s, prs_struct *ps,
int depth)
{
diff --git a/source/rpc_parse/parse_rpc.c b/source/rpc_parse/parse_rpc.c
index 1ea59feaedb..34ba62caa92 100644
--- a/source/rpc_parse/parse_rpc.c
+++ b/source/rpc_parse/parse_rpc.c
@@ -243,49 +243,30 @@ BOOL smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth)
}
/*******************************************************************
- Reads or writes an RPC_UUID structure.
+ Reads or writes an RPC_IFACE structure.
********************************************************************/
-static BOOL smb_io_rpc_uuid(const char *desc, RPC_UUID *uuid, prs_struct *ps, int depth)
+static BOOL smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth)
{
- if (uuid == NULL)
+ if (ifc == NULL)
return False;
- prs_debug(ps, depth, desc, "smb_io_rpc_uuid");
+ prs_debug(ps, depth, desc, "smb_io_rpc_iface");
depth++;
if(!prs_align(ps))
return False;
- if(!prs_uint32 ("data ", ps, depth, &uuid->time_low))
+ if(!prs_uint32 ("data ", ps, depth, &ifc->uuid.time_low))
return False;
- if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid))
+ if(!prs_uint16 ("data ", ps, depth, &ifc->uuid.time_mid))
return False;
- if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version))
+ if(!prs_uint16 ("data ", ps, depth, &ifc->uuid.time_hi_and_version))
return False;
- if(!prs_uint8s (False, "data ", ps, depth, uuid->remaining, sizeof(uuid->remaining)))
+ if(!prs_uint8s (False, "data ", ps, depth, ifc->uuid.remaining, sizeof(ifc->uuid.remaining)))
return False;
-
- return True;
-}
-
-/*******************************************************************
- Reads or writes an RPC_IFACE structure.
-********************************************************************/
-
-static BOOL smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth)
-{
- if (ifc == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "smb_io_rpc_iface");
- depth++;
-
- if (!smb_io_rpc_uuid( "uuid", &ifc->uuid, ps, depth))
- return False;
-
- if(!prs_uint32 ("version", ps, depth, &ifc->version))
+ if(!prs_uint32 ( "version", ps, depth, &ifc->version))
return False;
return True;
@@ -1187,6 +1168,26 @@ BOOL smb_io_rpc_auth_netsec_neg(const char *desc, RPC_AUTH_NETSEC_NEG *neg,
return True;
}
+
+/*******************************************************************
+creates an RPC_AUTH_NETSEC_CHK structure.
+********************************************************************/
+BOOL init_rpc_auth_netsec_chk(RPC_AUTH_NETSEC_CHK * chk,
+ const uchar sig[8],
+ const uchar packet_digest[8],
+ const uchar seq_num[8], const uchar data8[8])
+{
+ if (chk == NULL)
+ return False;
+
+ memcpy(chk->sig, sig, sizeof(chk->sig));
+ memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest));
+ memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num));
+ memcpy(chk->data8, data8, sizeof(chk->data8));
+
+ return True;
+}
+
/*******************************************************************
reads or writes an RPC_AUTH_NETSEC_CHK structure.
********************************************************************/
@@ -1202,7 +1203,7 @@ BOOL smb_io_rpc_auth_netsec_chk(const char *desc, RPC_AUTH_NETSEC_CHK * chk,
prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig));
prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num));
prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest));
- prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder));
+ prs_uint8s(False, "data8", ps, depth, chk->data8, sizeof(chk->data8));
return True;
}
diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c
index 939b652a1e3..1fe9b3231fc 100644
--- a/source/rpc_parse/parse_samr.c
+++ b/source/rpc_parse/parse_samr.c
@@ -93,12 +93,14 @@ inits a SAMR_Q_LOOKUP_DOMAIN structure.
void init_samr_q_lookup_domain(SAMR_Q_LOOKUP_DOMAIN * q_u,
POLICY_HND *pol, char *dom_name)
{
+ int len_name = strlen(dom_name);
+
DEBUG(5, ("init_samr_q_lookup_domain\n"));
q_u->connect_pol = *pol;
- init_unistr2(&q_u->uni_domain, dom_name, UNI_FLAGS_NONE);
- init_uni_hdr(&q_u->hdr_domain, &q_u->uni_domain);
+ init_uni_hdr(&q_u->hdr_domain, len_name);
+ init_unistr2(&q_u->uni_domain, dom_name, len_name);
}
/*******************************************************************
@@ -628,11 +630,13 @@ static BOOL sam_io_unk_info12(const char *desc, SAM_UNK_INFO_12 * u_12,
/*******************************************************************
inits a structure.
********************************************************************/
-
void init_unk_info5(SAM_UNK_INFO_5 * u_5,const char *server)
{
- init_unistr2(&u_5->uni_server, server, UNI_FLAGS_NONE);
- init_uni_hdr(&u_5->hdr_server, &u_5->uni_server);
+ int len_server = strlen(server);
+
+ init_uni_hdr(&u_5->hdr_server, len_server);
+
+ init_unistr2(&u_5->uni_server, server, len_server);
}
/*******************************************************************
@@ -660,16 +664,20 @@ static BOOL sam_io_unk_info5(const char *desc, SAM_UNK_INFO_5 * u_5,
/*******************************************************************
inits a structure.
********************************************************************/
-
void init_unk_info2(SAM_UNK_INFO_2 * u_2,
const char *domain, const char *server,
uint32 seq_num, uint32 num_users, uint32 num_groups, uint32 num_alias)
{
+ int len_domain = strlen(domain);
+ int len_server = strlen(server);
+
u_2->unknown_0 = 0x00000000;
u_2->unknown_1 = 0x80000000;
u_2->unknown_2 = 0x00000000;
u_2->ptr_0 = 1;
+ init_uni_hdr(&u_2->hdr_domain, len_domain);
+ init_uni_hdr(&u_2->hdr_server, len_server);
u_2->seq_num = seq_num;
u_2->unknown_3 = 0x00000000;
@@ -683,10 +691,8 @@ void init_unk_info2(SAM_UNK_INFO_2 * u_2,
memset(u_2->padding, 0, sizeof(u_2->padding)); /* 12 bytes zeros */
- init_unistr2(&u_2->uni_domain, domain, UNI_FLAGS_NONE);
- init_uni_hdr(&u_2->hdr_domain, &u_2->uni_domain);
- init_unistr2(&u_2->uni_server, server, UNI_FLAGS_NONE);
- init_uni_hdr(&u_2->hdr_server, &u_2->uni_server);
+ init_unistr2(&u_2->uni_domain, domain, len_domain);
+ init_unistr2(&u_2->uni_server, server, len_server);
}
/*******************************************************************
@@ -978,9 +984,9 @@ static BOOL sam_io_sam_str1(const char *desc, SAM_STR1 * sam, uint32 acct_buf,
inits a SAM_ENTRY1 structure.
********************************************************************/
-static void init_sam_entry1(SAM_ENTRY1 *sam, uint32 user_idx,
- UNISTR2 *sam_name, UNISTR2 *sam_full,
- UNISTR2 *sam_desc, uint32 rid_user,
+static void init_sam_entry1(SAM_ENTRY1 * sam, uint32 user_idx,
+ uint32 len_sam_name, uint32 len_sam_full,
+ uint32 len_sam_desc, uint32 rid_user,
uint16 acb_info)
{
DEBUG(5, ("init_sam_entry1\n"));
@@ -991,9 +997,9 @@ static void init_sam_entry1(SAM_ENTRY1 *sam, uint32 user_idx,
sam->rid_user = rid_user;
sam->acb_info = acb_info;
- init_uni_hdr(&sam->hdr_acct_name, sam_name);
- init_uni_hdr(&sam->hdr_user_name, sam_full);
- init_uni_hdr(&sam->hdr_user_desc, sam_desc);
+ init_uni_hdr(&sam->hdr_acct_name, len_sam_name);
+ init_uni_hdr(&sam->hdr_user_name, len_sam_full);
+ init_uni_hdr(&sam->hdr_user_desc, len_sam_desc);
}
/*******************************************************************
@@ -1061,7 +1067,7 @@ static BOOL sam_io_sam_str2(const char *desc, SAM_STR2 * sam, uint32 acct_buf,
inits a SAM_ENTRY2 structure.
********************************************************************/
static void init_sam_entry2(SAM_ENTRY2 * sam, uint32 user_idx,
- UNISTR2 *sam_name, UNISTR2 *sam_desc,
+ uint32 len_sam_name, uint32 len_sam_desc,
uint32 rid_user, uint16 acb_info)
{
DEBUG(5, ("init_sam_entry2\n"));
@@ -1070,8 +1076,8 @@ static void init_sam_entry2(SAM_ENTRY2 * sam, uint32 user_idx,
sam->rid_user = rid_user;
sam->acb_info = acb_info;
- init_uni_hdr(&sam->hdr_srv_name, sam_name);
- init_uni_hdr(&sam->hdr_srv_desc, sam_desc);
+ init_uni_hdr(&sam->hdr_srv_name, len_sam_name);
+ init_uni_hdr(&sam->hdr_srv_desc, len_sam_desc);
}
/*******************************************************************
@@ -1138,7 +1144,7 @@ inits a SAM_ENTRY3 structure.
********************************************************************/
static void init_sam_entry3(SAM_ENTRY3 * sam, uint32 grp_idx,
- UNISTR2 *grp_name, UNISTR2 *grp_desc,
+ uint32 len_grp_name, uint32 len_grp_desc,
uint32 rid_grp)
{
DEBUG(5, ("init_sam_entry3\n"));
@@ -1147,8 +1153,8 @@ static void init_sam_entry3(SAM_ENTRY3 * sam, uint32 grp_idx,
sam->rid_grp = rid_grp;
sam->attr = 0x07; /* group rid attributes - gets ignored by nt 4.0 */
- init_uni_hdr(&sam->hdr_grp_name, grp_name);
- init_uni_hdr(&sam->hdr_grp_desc, grp_desc);
+ init_uni_hdr(&sam->hdr_grp_name, len_grp_name);
+ init_uni_hdr(&sam->hdr_grp_desc, len_grp_desc);
}
/*******************************************************************
@@ -1262,12 +1268,12 @@ static BOOL sam_io_sam_entry5(const char *desc, SAM_ENTRY5 * sam,
inits a SAM_ENTRY structure.
********************************************************************/
-void init_sam_entry(SAM_ENTRY *sam, UNISTR2 *uni2, uint32 rid)
+void init_sam_entry(SAM_ENTRY * sam, uint32 len_sam_name, uint32 rid)
{
- DEBUG(10, ("init_sam_entry: %d\n", rid));
+ DEBUG(10, ("init_sam_entry: %d %d\n", len_sam_name, rid));
sam->rid = rid;
- init_uni_hdr(&sam->hdr_name, uni2);
+ init_uni_hdr(&sam->hdr_name, len_sam_name);
}
/*******************************************************************
@@ -1496,6 +1502,7 @@ NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_en
uint32 start_idx, SAM_ACCOUNT *disp_user_info,
DOM_SID *domain_sid)
{
+ uint32 len_sam_name, len_sam_full, len_sam_desc;
uint32 i;
SAM_ACCOUNT *pwd = NULL;
@@ -1553,14 +1560,21 @@ NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_en
return NT_STATUS_UNSUCCESSFUL;
}
- init_unistr2(&sam->str[i].uni_acct_name, pdb_get_username(pwd), UNI_FLAGS_NONE);
- init_unistr2(&sam->str[i].uni_full_name, pdb_get_fullname(pwd), UNI_FLAGS_NONE);
- init_unistr2(&sam->str[i].uni_acct_desc, pdb_get_acct_desc(pwd), UNI_FLAGS_NONE);
+ len_sam_name = strlen(username);
+ len_sam_full = strlen(fullname);
+ len_sam_desc = strlen(acct_desc);
init_sam_entry1(&sam->sam[i], start_idx + i + 1,
- &sam->str[i].uni_acct_name, &sam->str[i].uni_full_name, &sam->str[i].uni_acct_desc,
+ len_sam_name, len_sam_full, len_sam_desc,
user_rid, pdb_get_acct_ctrl(pwd));
+ ZERO_STRUCTP(&sam->str[i].uni_acct_name);
+ ZERO_STRUCTP(&sam->str[i].uni_full_name);
+ ZERO_STRUCTP(&sam->str[i].uni_acct_desc);
+
+ init_unistr2(&sam->str[i].uni_acct_name, pdb_get_username(pwd), len_sam_name);
+ init_unistr2(&sam->str[i].uni_full_name, pdb_get_fullname(pwd), len_sam_full);
+ init_unistr2(&sam->str[i].uni_acct_desc, pdb_get_acct_desc(pwd), len_sam_desc);
}
return NT_STATUS_OK;
@@ -1623,6 +1637,7 @@ NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 num_en
uint32 start_idx, SAM_ACCOUNT *disp_user_info,
DOM_SID *domain_sid )
{
+ uint32 len_sam_name, len_sam_desc;
uint32 i;
SAM_ACCOUNT *pwd = NULL;
@@ -1665,12 +1680,18 @@ NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 num_en
return NT_STATUS_UNSUCCESSFUL;
}
- init_unistr2(&sam->str[i].uni_srv_name, username, UNI_FLAGS_NONE);
- init_unistr2(&sam->str[i].uni_srv_desc, pdb_get_acct_desc(pwd), UNI_FLAGS_NONE);
-
+ len_sam_name = strlen(username);
+ len_sam_desc = strlen(acct_desc);
+
init_sam_entry2(&sam->sam[i], start_idx + i + 1,
- &sam->str[i].uni_srv_name, &sam->str[i].uni_srv_desc,
+ len_sam_name, len_sam_desc,
user_rid, pdb_get_acct_ctrl(pwd));
+
+ ZERO_STRUCTP(&sam->str[i].uni_srv_name);
+ ZERO_STRUCTP(&sam->str[i].uni_srv_desc);
+
+ init_unistr2(&sam->str[i].uni_srv_name, username, len_sam_name);
+ init_unistr2(&sam->str[i].uni_srv_desc, pdb_get_acct_desc(pwd), len_sam_desc);
}
return NT_STATUS_OK;
@@ -1734,6 +1755,7 @@ inits a SAM_DISPINFO_3 structure.
NTSTATUS init_sam_dispinfo_3(TALLOC_CTX *ctx, SAM_DISPINFO_3 *sam, uint32 num_entries,
uint32 start_idx, DOMAIN_GRP *disp_group_info)
{
+ uint32 len_sam_name, len_sam_desc;
uint32 i;
ZERO_STRUCTP(sam);
@@ -1757,11 +1779,13 @@ NTSTATUS init_sam_dispinfo_3(TALLOC_CTX *ctx, SAM_DISPINFO_3 *sam, uint32 num_en
DEBUG(11, ("init_sam_dispinfo_3: entry: %d\n",i));
- init_unistr2(&sam->str[i].uni_grp_name, grp->name, UNI_FLAGS_NONE);
- init_unistr2(&sam->str[i].uni_grp_desc, grp->comment, UNI_FLAGS_NONE);
+ len_sam_name = strlen(grp->name);
+ len_sam_desc = strlen(grp->comment);
- init_sam_entry3(&sam->sam[i], start_idx + i + 1, &sam->str[i].uni_grp_name,
- &sam->str[i].uni_grp_desc, grp->rid);
+ init_sam_entry3(&sam->sam[i], start_idx + i + 1, len_sam_name, len_sam_desc, grp->rid);
+
+ init_unistr2(&sam->str[i].uni_grp_name, grp->name, len_sam_name);
+ init_unistr2(&sam->str[i].uni_grp_desc, grp->comment, len_sam_desc);
}
return NT_STATUS_OK;
@@ -2186,15 +2210,20 @@ void init_samr_group_info1(GROUP_INFO1 * gr1,
char *acct_name, char *acct_desc,
uint32 num_members)
{
+ int desc_len = acct_desc != NULL ? strlen(acct_desc) : 0;
+ int acct_len = acct_name != NULL ? strlen(acct_name) : 0;
+
DEBUG(5, ("init_samr_group_info1\n"));
+ init_uni_hdr(&gr1->hdr_acct_name, acct_len);
+
gr1->unknown_1 = 0x3;
gr1->num_members = num_members;
- init_unistr2(&gr1->uni_acct_name, acct_name, UNI_FLAGS_NONE);
- init_uni_hdr(&gr1->hdr_acct_name, &gr1->uni_acct_name);
- init_unistr2(&gr1->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
- init_uni_hdr(&gr1->hdr_acct_desc, &gr1->uni_acct_desc);
+ init_uni_hdr(&gr1->hdr_acct_desc, desc_len);
+
+ init_unistr2(&gr1->uni_acct_name, acct_name, acct_len);
+ init_unistr2(&gr1->uni_acct_desc, acct_desc, desc_len);
}
/*******************************************************************
@@ -2273,10 +2302,12 @@ inits a GROUP_INFO4 structure.
void init_samr_group_info4(GROUP_INFO4 * gr4, char *acct_desc)
{
+ int acct_len = acct_desc != NULL ? strlen(acct_desc) : 0;
+
DEBUG(5, ("init_samr_group_info4\n"));
- init_unistr2(&gr4->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
- init_uni_hdr(&gr4->hdr_acct_desc, &gr4->uni_acct_desc);
+ init_uni_hdr(&gr4->hdr_acct_desc, acct_len);
+ init_unistr2(&gr4->uni_acct_desc, acct_desc, acct_len);
}
/*******************************************************************
@@ -2352,12 +2383,14 @@ void init_samr_q_create_dom_group(SAMR_Q_CREATE_DOM_GROUP * q_e,
POLICY_HND *pol, char *acct_desc,
uint32 access_mask)
{
+ int acct_len = acct_desc != NULL ? strlen(acct_desc) : 0;
+
DEBUG(5, ("init_samr_q_create_dom_group\n"));
q_e->pol = *pol;
- init_unistr2(&q_e->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
- init_uni_hdr(&q_e->hdr_acct_desc, &q_e->uni_acct_desc);
+ init_uni_hdr(&q_e->hdr_acct_desc, acct_len);
+ init_unistr2(&q_e->uni_acct_desc, acct_desc, acct_len);
q_e->access_mask = access_mask;
}
@@ -3469,15 +3502,18 @@ inits a ALIAS_INFO1 structure.
void init_samr_alias_info1(ALIAS_INFO1 * al1, char *acct_name, uint32 num_member, char *acct_desc)
{
+ int acct_len_name = acct_name != NULL ? strlen(acct_name) : 0;
+ int acct_len_desc = acct_desc != NULL ? strlen(acct_desc) : 0;
+
DEBUG(5, ("init_samr_alias_info1\n"));
- init_unistr2(&al1->uni_acct_name, acct_name, UNI_FLAGS_NONE);
- init_uni_hdr(&al1->hdr_acct_name, &al1->uni_acct_name);
+ init_uni_hdr(&al1->hdr_acct_name, acct_len_name);
+ init_unistr2(&al1->uni_acct_name, acct_name, acct_len_name);
al1->num_member=num_member;
- init_unistr2(&al1->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
- init_uni_hdr(&al1->hdr_acct_desc, &al1->uni_acct_name);
+ init_uni_hdr(&al1->hdr_acct_desc, acct_len_desc);
+ init_unistr2(&al1->uni_acct_desc, acct_desc, acct_len_desc);
}
/*******************************************************************
@@ -3523,10 +3559,12 @@ inits a ALIAS_INFO3 structure.
void init_samr_alias_info3(ALIAS_INFO3 * al3, char *acct_desc)
{
+ int acct_len = acct_desc != NULL ? strlen(acct_desc) : 0;
+
DEBUG(5, ("init_samr_alias_info3\n"));
- init_unistr2(&al3->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
- init_uni_hdr(&al3->hdr_acct_desc, &al3->uni_acct_desc);
+ init_uni_hdr(&al3->hdr_acct_desc, acct_len);
+ init_unistr2(&al3->uni_acct_desc, acct_desc, acct_len);
}
/*******************************************************************
@@ -4234,12 +4272,14 @@ inits a SAMR_Q_CREATE_DOM_ALIAS structure.
void init_samr_q_create_dom_alias(SAMR_Q_CREATE_DOM_ALIAS * q_u,
POLICY_HND *hnd, char *acct_desc)
{
+ int acct_len = acct_desc != NULL ? strlen(acct_desc) : 0;
+
DEBUG(5, ("init_samr_q_create_dom_alias\n"));
q_u->dom_pol = *hnd;
- init_unistr2(&q_u->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
- init_uni_hdr(&q_u->hdr_acct_desc, &q_u->uni_acct_desc);
+ init_uni_hdr(&q_u->hdr_acct_desc, acct_len);
+ init_unistr2(&q_u->uni_acct_desc, acct_desc, acct_len);
q_u->access_mask = 0x001f000f;
}
@@ -4635,8 +4675,9 @@ NTSTATUS init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u,
return NT_STATUS_NO_MEMORY;
for (i = 0; i < num_names; i++) {
- init_unistr2(&q_u->uni_name[i], name[i], UNI_FLAGS_NONE); /* unicode string for machine account */
- init_uni_hdr(&q_u->hdr_name[i], &q_u->uni_name[i]); /* unicode header for user_name */
+ int len_name = name[i] != NULL ? strlen(name[i]) : 0;
+ init_uni_hdr(&q_u->hdr_name[i], len_name); /* unicode header for user_name */
+ init_unistr2(&q_u->uni_name[i], name[i], len_name); /* unicode string for machine account */
}
return NT_STATUS_OK;
@@ -4972,12 +5013,15 @@ void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u,
const char *name,
uint32 acb_info, uint32 access_mask)
{
+ int len_name;
+ len_name = strlen(name);
+
DEBUG(5, ("samr_init_samr_q_create_user\n"));
q_u->domain_pol = *pol;
- init_unistr2(&q_u->uni_name, name, UNI_FLAGS_NONE);
- init_uni_hdr(&q_u->hdr_name, &q_u->uni_name);
+ init_uni_hdr(&q_u->hdr_name, len_name);
+ init_unistr2(&q_u->uni_name, name, len_name);
q_u->acb_info = acb_info;
q_u->access_mask = access_mask;
@@ -5200,11 +5244,16 @@ void init_sam_user_info11(SAM_USER_INFO_11 * usr,
char *mach_acct,
uint32 rid_user, uint32 rid_group, uint16 acct_ctrl)
{
+ int len_mach_acct;
+
DEBUG(5, ("init_sam_user_info11\n"));
- memcpy(&usr->expiry, expiry, sizeof(usr->expiry)); /* expiry time or something? */
+ len_mach_acct = strlen(mach_acct);
+
+ memcpy(&(usr->expiry), expiry, sizeof(usr->expiry)); /* expiry time or something? */
ZERO_STRUCT(usr->padding_1); /* 0 - padding 24 bytes */
+ init_uni_hdr(&usr->hdr_mach_acct, len_mach_acct); /* unicode header for machine account */
usr->padding_2 = 0; /* 0 - padding 4 bytes */
usr->ptr_1 = 1; /* pointer */
@@ -5229,8 +5278,7 @@ void init_sam_user_info11(SAM_USER_INFO_11 * usr,
ZERO_STRUCT(usr->padding_7); /* 0 - padding 16 bytes */
usr->padding_8 = 0; /* 0 - padding 4 bytes */
- init_unistr2(&usr->uni_mach_acct, mach_acct, UNI_FLAGS_NONE); /* unicode string for machine account */
- init_uni_hdr(&usr->hdr_mach_acct, &usr->uni_mach_acct); /* unicode header for machine account */
+ init_unistr2(&usr->uni_mach_acct, mach_acct, len_mach_acct); /* unicode string for machine account */
}
/*******************************************************************
@@ -5363,6 +5411,7 @@ static BOOL sam_io_user_info24(const char *desc, SAM_USER_INFO_24 * usr,
init_sam_user_info23
unknown_3 = 0x09f8 27fa
+ unknown_5 = 0x0001 0000
unknown_6 = 0x0000 04ec
*************************************************************************/
@@ -5389,10 +5438,20 @@ void init_sam_user_info23W(SAM_USER_INFO_23 * usr, NTTIME * logon_time, /* all z
uint32 unknown_3,
uint16 logon_divs,
LOGON_HRS * hrs,
- uint16 bad_password_count,
- uint16 logon_count,
+ uint32 unknown_5,
char newpass[516], uint32 unknown_6)
{
+ int len_user_name = user_name != NULL ? user_name->uni_str_len : 0;
+ int len_full_name = full_name != NULL ? full_name->uni_str_len : 0;
+ int len_home_dir = home_dir != NULL ? home_dir->uni_str_len : 0;
+ int len_dir_drive = dir_drive != NULL ? dir_drive->uni_str_len : 0;
+ int len_logon_script = log_scr != NULL ? log_scr->uni_str_len : 0;
+ int len_profile_path = prof_path != NULL ? prof_path->uni_str_len : 0;
+ int len_description = desc != NULL ? desc->uni_str_len : 0;
+ int len_workstations = wkstas != NULL ? wkstas->uni_str_len : 0;
+ int len_unknown_str = unk_str != NULL ? unk_str->uni_str_len : 0;
+ int len_munged_dial = mung_dial != NULL ? mung_dial->uni_str_len : 0;
+
usr->logon_time = *logon_time; /* all zeros */
usr->logoff_time = *logoff_time; /* all zeros */
usr->kickoff_time = *kickoff_time; /* all zeros */
@@ -5400,6 +5459,17 @@ void init_sam_user_info23W(SAM_USER_INFO_23 * usr, NTTIME * logon_time, /* all z
usr->pass_can_change_time = *pass_can_change_time; /* all zeros */
usr->pass_must_change_time = *pass_must_change_time; /* all zeros */
+ init_uni_hdr(&usr->hdr_user_name, len_user_name); /* NULL */
+ init_uni_hdr(&usr->hdr_full_name, len_full_name);
+ init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+ init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
+ init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+ init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+ init_uni_hdr(&usr->hdr_acct_desc, len_description);
+ init_uni_hdr(&usr->hdr_workstations, len_workstations);
+ init_uni_hdr(&usr->hdr_unknown_str, len_unknown_str);
+ init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial);
+
ZERO_STRUCT(usr->nt_pwd);
ZERO_STRUCT(usr->lm_pwd);
@@ -5417,43 +5487,24 @@ void init_sam_user_info23W(SAM_USER_INFO_23 * usr, NTTIME * logon_time, /* all z
usr->passmustchange=0;
}
+
ZERO_STRUCT(usr->padding1);
ZERO_STRUCT(usr->padding2);
- usr->bad_password_count = bad_password_count;
- usr->logon_count = logon_count;
+ usr->unknown_5 = unknown_5; /* 0x0001 0000 */
memcpy(usr->pass, newpass, sizeof(usr->pass));
copy_unistr2(&usr->uni_user_name, user_name);
- init_uni_hdr(&usr->hdr_user_name, &usr->uni_user_name);
-
copy_unistr2(&usr->uni_full_name, full_name);
- init_uni_hdr(&usr->hdr_full_name, &usr->uni_full_name);
-
copy_unistr2(&usr->uni_home_dir, home_dir);
- init_uni_hdr(&usr->hdr_home_dir, &usr->uni_home_dir);
-
copy_unistr2(&usr->uni_dir_drive, dir_drive);
- init_uni_hdr(&usr->hdr_dir_drive, &usr->uni_dir_drive);
-
copy_unistr2(&usr->uni_logon_script, log_scr);
- init_uni_hdr(&usr->hdr_logon_script, &usr->uni_logon_script);
-
copy_unistr2(&usr->uni_profile_path, prof_path);
- init_uni_hdr(&usr->hdr_profile_path, &usr->uni_profile_path);
-
copy_unistr2(&usr->uni_acct_desc, desc);
- init_uni_hdr(&usr->hdr_acct_desc, &usr->uni_acct_desc);
-
copy_unistr2(&usr->uni_workstations, wkstas);
- init_uni_hdr(&usr->hdr_workstations, &usr->uni_workstations);
-
copy_unistr2(&usr->uni_unknown_str, unk_str);
- init_uni_hdr(&usr->hdr_unknown_str, &usr->uni_unknown_str);
-
copy_unistr2(&usr->uni_munged_dial, mung_dial);
- init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
usr->unknown_6 = unknown_6; /* 0x0000 04ec */
usr->padding4 = 0;
@@ -5465,6 +5516,7 @@ void init_sam_user_info23W(SAM_USER_INFO_23 * usr, NTTIME * logon_time, /* all z
init_sam_user_info23
unknown_3 = 0x09f8 27fa
+ unknown_5 = 0x0001 0000
unknown_6 = 0x0000 04ec
*************************************************************************/
@@ -5482,9 +5534,20 @@ void init_sam_user_info23A(SAM_USER_INFO_23 * usr, NTTIME * logon_time, /* all z
char *unk_str, char *mung_dial, uint32 user_rid, /* 0x0000 0000 */
uint32 group_rid, uint32 acb_info,
uint32 unknown_3, uint16 logon_divs,
- LOGON_HRS * hrs, uint16 bad_password_count, uint16 logon_count,
+ LOGON_HRS * hrs, uint32 unknown_5,
char newpass[516], uint32 unknown_6)
{
+ int len_user_name = user_name != NULL ? strlen(user_name) : 0;
+ int len_full_name = full_name != NULL ? strlen(full_name) : 0;
+ int len_home_dir = home_dir != NULL ? strlen(home_dir) : 0;
+ int len_dir_drive = dir_drive != NULL ? strlen(dir_drive) : 0;
+ int len_logon_script = log_scr != NULL ? strlen(log_scr) : 0;
+ int len_profile_path = prof_path != NULL ? strlen(prof_path) : 0;
+ int len_description = desc != NULL ? strlen(desc) : 0;
+ int len_workstations = wkstas != NULL ? strlen(wkstas) : 0;
+ int len_unknown_str = unk_str != NULL ? strlen(unk_str) : 0;
+ int len_munged_dial = mung_dial != NULL ? strlen(mung_dial) : 0;
+
usr->logon_time = *logon_time; /* all zeros */
usr->logoff_time = *logoff_time; /* all zeros */
usr->kickoff_time = *kickoff_time; /* all zeros */
@@ -5492,6 +5555,17 @@ void init_sam_user_info23A(SAM_USER_INFO_23 * usr, NTTIME * logon_time, /* all z
usr->pass_can_change_time = *pass_can_change_time; /* all zeros */
usr->pass_must_change_time = *pass_must_change_time; /* all zeros */
+ init_uni_hdr(&usr->hdr_user_name, len_user_name); /* NULL */
+ init_uni_hdr(&usr->hdr_full_name, len_full_name);
+ init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+ init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
+ init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+ init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+ init_uni_hdr(&usr->hdr_acct_desc, len_description);
+ init_uni_hdr(&usr->hdr_workstations, len_workstations);
+ init_uni_hdr(&usr->hdr_unknown_str, len_unknown_str);
+ init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial);
+
ZERO_STRUCT(usr->nt_pwd);
ZERO_STRUCT(usr->lm_pwd);
@@ -5512,40 +5586,20 @@ void init_sam_user_info23A(SAM_USER_INFO_23 * usr, NTTIME * logon_time, /* all z
ZERO_STRUCT(usr->padding1);
ZERO_STRUCT(usr->padding2);
- usr->bad_password_count = bad_password_count;
- usr->logon_count = logon_count;
+ usr->unknown_5 = unknown_5; /* 0x0001 0000 */
memcpy(usr->pass, newpass, sizeof(usr->pass));
- init_unistr2(&usr->uni_user_name, user_name, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_user_name, &usr->uni_user_name);
-
- init_unistr2(&usr->uni_full_name, full_name, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_full_name, &usr->uni_full_name);
-
- init_unistr2(&usr->uni_home_dir, home_dir, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_home_dir, &usr->uni_home_dir);
-
- init_unistr2(&usr->uni_dir_drive, dir_drive, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_dir_drive, &usr->uni_dir_drive);
-
- init_unistr2(&usr->uni_logon_script, log_scr, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_logon_script, &usr->uni_logon_script);
-
- init_unistr2(&usr->uni_profile_path, prof_path, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_profile_path, &usr->uni_profile_path);
-
- init_unistr2(&usr->uni_acct_desc, desc, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_acct_desc, &usr->uni_acct_desc);
-
- init_unistr2(&usr->uni_workstations, wkstas, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_workstations, &usr->uni_workstations);
-
- init_unistr2(&usr->uni_unknown_str, unk_str, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_unknown_str, &usr->uni_unknown_str);
-
- init_unistr2(&usr->uni_munged_dial, mung_dial, UNI_FLAGS_NONE);
- init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+ init_unistr2(&usr->uni_user_name, user_name, len_user_name); /* NULL */
+ init_unistr2(&usr->uni_full_name, full_name, len_full_name);
+ init_unistr2(&usr->uni_home_dir, home_dir, len_home_dir);
+ init_unistr2(&usr->uni_dir_drive, dir_drive, len_dir_drive);
+ init_unistr2(&usr->uni_logon_script, log_scr, len_logon_script);
+ init_unistr2(&usr->uni_profile_path, prof_path, len_profile_path);
+ init_unistr2(&usr->uni_acct_desc, desc, len_description);
+ init_unistr2(&usr->uni_workstations, wkstas, len_workstations);
+ init_unistr2(&usr->uni_unknown_str, unk_str, len_unknown_str);
+ init_unistr2(&usr->uni_munged_dial, mung_dial, len_munged_dial);
usr->unknown_6 = unknown_6; /* 0x0000 04ec */
usr->padding4 = 0;
@@ -5624,9 +5678,7 @@ static BOOL sam_io_user_info23(const char *desc, SAM_USER_INFO_23 * usr,
if(!prs_uint32("ptr_logon_hrs ", ps, depth, &usr->ptr_logon_hrs))
return False;
- if(!prs_uint16("bad_password_count ", ps, depth, &usr->bad_password_count))
- return False;
- if(!prs_uint16("logon_count ", ps, depth, &usr->logon_count))
+ if(!prs_uint32("unknown_5 ", ps, depth, &usr->unknown_5))
return False;
if(!prs_uint8s(False, "padding1 ", ps, depth, usr->padding1, sizeof(usr->padding1)))
@@ -5813,6 +5865,7 @@ static BOOL sam_io_user_info25(const char *desc, SAM_USER_INFO_25 * usr, prs_str
init_sam_user_info21W
unknown_3 = 0x00ff ffff
+ unknown_5 = 0x0002 0000
unknown_6 = 0x0000 04ec
*************************************************************************/
@@ -5842,10 +5895,19 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
uint32 unknown_3,
uint16 logon_divs,
LOGON_HRS * hrs,
- uint16 bad_password_count,
- uint16 logon_count,
- uint32 unknown_6)
-{
+ uint32 unknown_5, uint32 unknown_6)
+{
+ int len_user_name = user_name != NULL ? user_name->uni_str_len : 0;
+ int len_full_name = full_name != NULL ? full_name->uni_str_len : 0;
+ int len_home_dir = home_dir != NULL ? home_dir->uni_str_len : 0;
+ int len_dir_drive = dir_drive != NULL ? dir_drive->uni_str_len : 0;
+ int len_logon_script = log_scr != NULL ? log_scr->uni_str_len : 0;
+ int len_profile_path = prof_path != NULL ? prof_path->uni_str_len : 0;
+ int len_description = desc != NULL ? desc->uni_str_len : 0;
+ int len_workstations = wkstas != NULL ? wkstas->uni_str_len : 0;
+ int len_unknown_str = unk_str != NULL ? unk_str->uni_str_len : 0;
+ int len_munged_dial = mung_dial != NULL ? mung_dial->uni_str_len : 0;
+
usr->logon_time = *logon_time;
usr->logoff_time = *logoff_time;
usr->kickoff_time = *kickoff_time;
@@ -5853,6 +5915,17 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
usr->pass_can_change_time = *pass_can_change_time;
usr->pass_must_change_time = *pass_must_change_time;
+ init_uni_hdr(&usr->hdr_user_name, len_user_name);
+ init_uni_hdr(&usr->hdr_full_name, len_full_name);
+ init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+ init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
+ init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+ init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+ init_uni_hdr(&usr->hdr_acct_desc, len_description);
+ init_uni_hdr(&usr->hdr_workstations, len_workstations);
+ init_uni_hdr(&usr->hdr_unknown_str, len_unknown_str);
+ init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial);
+
memcpy(usr->lm_pwd, lm_pwd, sizeof(usr->lm_pwd));
memcpy(usr->nt_pwd, nt_pwd, sizeof(usr->nt_pwd));
@@ -5863,8 +5936,7 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
usr->logon_divs = logon_divs; /* should be 168 (hours/week) */
usr->ptr_logon_hrs = hrs ? 1 : 0;
- usr->bad_password_count = bad_password_count;
- usr->logon_count = logon_count;
+ usr->unknown_5 = unknown_5; /* 0x0002 0000 */
if (nt_time_is_zero(pass_must_change_time)) {
usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
@@ -5872,38 +5944,20 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
usr->passmustchange=0;
}
+
ZERO_STRUCT(usr->padding1);
ZERO_STRUCT(usr->padding2);
copy_unistr2(&usr->uni_user_name, user_name);
- init_uni_hdr(&usr->hdr_user_name, &usr->uni_user_name);
-
copy_unistr2(&usr->uni_full_name, full_name);
- init_uni_hdr(&usr->hdr_full_name, &usr->uni_full_name);
-
copy_unistr2(&usr->uni_home_dir, home_dir);
- init_uni_hdr(&usr->hdr_home_dir, &usr->uni_home_dir);
-
copy_unistr2(&usr->uni_dir_drive, dir_drive);
- init_uni_hdr(&usr->hdr_dir_drive, &usr->uni_dir_drive);
-
copy_unistr2(&usr->uni_logon_script, log_scr);
- init_uni_hdr(&usr->hdr_logon_script, &usr->uni_logon_script);
-
copy_unistr2(&usr->uni_profile_path, prof_path);
- init_uni_hdr(&usr->hdr_profile_path, &usr->uni_profile_path);
-
copy_unistr2(&usr->uni_acct_desc, desc);
- init_uni_hdr(&usr->hdr_acct_desc, &usr->uni_acct_desc);
-
copy_unistr2(&usr->uni_workstations, wkstas);
- init_uni_hdr(&usr->hdr_workstations, &usr->uni_workstations);
-
copy_unistr2(&usr->uni_unknown_str, unk_str);
- init_uni_hdr(&usr->hdr_unknown_str, &usr->uni_unknown_str);
-
copy_unistr2(&usr->uni_munged_dial, mung_dial);
- init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
usr->unknown_6 = unknown_6; /* 0x0000 04ec */
usr->padding4 = 0;
@@ -5915,6 +5969,7 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
init_sam_user_info21
unknown_3 = 0x00ff ffff
+ unknown_5 = 0x0002 0000
unknown_6 = 0x0000 04ec
*************************************************************************/
@@ -5924,6 +5979,11 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *
NTTIME logon_time, logoff_time, kickoff_time,
pass_last_set_time, pass_can_change_time,
pass_must_change_time;
+
+ int len_user_name, len_full_name, len_home_dir,
+ len_dir_drive, len_logon_script, len_profile_path,
+ len_description, len_workstations, len_unknown_str,
+ len_munged_dial;
const char* user_name = pdb_get_username(pw);
const char* full_name = pdb_get_fullname(pw);
@@ -5941,6 +6001,18 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *
uint32 group_rid;
const DOM_SID *group_sid;
+ len_user_name = user_name != NULL ? strlen(user_name )+1 : 0;
+ len_full_name = full_name != NULL ? strlen(full_name )+1 : 0;
+ len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0;
+ len_dir_drive = dir_drive != NULL ? strlen(dir_drive )+1 : 0;
+ len_logon_script = logon_script != NULL ? strlen(logon_script)+1 : 0;
+ len_profile_path = profile_path != NULL ? strlen(profile_path)+1 : 0;
+ len_description = description != NULL ? strlen(description )+1 : 0;
+ len_workstations = workstations != NULL ? strlen(workstations)+1 : 0;
+ len_unknown_str = 0;
+ len_munged_dial = munged_dial != NULL ? strlen(munged_dial )+1 : 0;
+
+
/* Create NTTIME structs */
unix_to_nt_time (&logon_time, pdb_get_logon_time(pw));
unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw));
@@ -5957,6 +6029,17 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *
usr->pass_can_change_time = pass_can_change_time;
usr->pass_must_change_time = pass_must_change_time;
+ init_uni_hdr(&usr->hdr_user_name, len_user_name);
+ init_uni_hdr(&usr->hdr_full_name, len_full_name);
+ init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+ init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
+ init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+ init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+ init_uni_hdr(&usr->hdr_acct_desc, len_description);
+ init_uni_hdr(&usr->hdr_workstations, len_workstations);
+ init_uni_hdr(&usr->hdr_unknown_str, len_unknown_str);
+ init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial);
+
ZERO_STRUCT(usr->nt_pwd);
ZERO_STRUCT(usr->lm_pwd);
@@ -6003,8 +6086,7 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *
usr->logon_divs = pdb_get_logon_divs(pw);
usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0;
- usr->bad_password_count = pdb_get_bad_password_count(pw);
- usr->logon_count = pdb_get_logon_count(pw);
+ usr->unknown_5 = pdb_get_unknown_5(pw); /* 0x0002 0000 */
if (pdb_get_pass_must_change_time(pw) == 0) {
usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
@@ -6012,38 +6094,20 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *
usr->passmustchange=0;
}
+
ZERO_STRUCT(usr->padding1);
ZERO_STRUCT(usr->padding2);
- init_unistr2(&usr->uni_user_name, user_name, UNI_STR_TERMINATE);
- init_uni_hdr(&usr->hdr_user_name, &usr->uni_user_name);
-
- init_unistr2(&usr->uni_full_name, full_name, UNI_STR_TERMINATE);
- init_uni_hdr(&usr->hdr_full_name, &usr->uni_full_name);
-
- init_unistr2(&usr->uni_home_dir, home_dir, UNI_STR_TERMINATE);
- init_uni_hdr(&usr->hdr_home_dir, &usr->uni_home_dir);
-
- init_unistr2(&usr->uni_dir_drive, dir_drive, UNI_STR_TERMINATE);
- init_uni_hdr(&usr->hdr_dir_drive, &usr->uni_dir_drive);
-
- init_unistr2(&usr->uni_logon_script, logon_script, UNI_STR_TERMINATE);
- init_uni_hdr(&usr->hdr_logon_script, &usr->uni_logon_script);
-
- init_unistr2(&usr->uni_profile_path, profile_path, UNI_STR_TERMINATE);
- init_uni_hdr(&usr->hdr_profile_path, &usr->uni_profile_path);
-
- init_unistr2(&usr->uni_acct_desc, description, UNI_STR_TERMINATE);
- init_uni_hdr(&usr->hdr_acct_desc, &usr->uni_acct_desc);
-
- init_unistr2(&usr->uni_workstations, workstations, UNI_STR_TERMINATE);
- init_uni_hdr(&usr->hdr_workstations, &usr->uni_workstations);
-
- init_unistr2(&usr->uni_unknown_str, NULL, UNI_STR_TERMINATE);
- init_uni_hdr(&usr->hdr_unknown_str, &usr->uni_unknown_str);
-
- init_unistr2(&usr->uni_munged_dial, munged_dial, UNI_STR_TERMINATE);
- init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+ init_unistr2(&usr->uni_user_name, user_name, len_user_name);
+ init_unistr2(&usr->uni_full_name, full_name, len_full_name);
+ init_unistr2(&usr->uni_home_dir, home_dir, len_home_dir);
+ init_unistr2(&usr->uni_dir_drive, dir_drive, len_dir_drive);
+ init_unistr2(&usr->uni_logon_script, logon_script, len_logon_script);
+ init_unistr2(&usr->uni_profile_path, profile_path, len_profile_path);
+ init_unistr2(&usr->uni_acct_desc, description, len_description);
+ init_unistr2(&usr->uni_workstations, workstations, len_workstations);
+ init_unistr2(&usr->uni_unknown_str, NULL, len_unknown_str);
+ init_unistr2(&usr->uni_munged_dial, munged_dial, len_munged_dial);
usr->unknown_6 = pdb_get_unknown_6(pw);
usr->padding4 = 0;
@@ -6128,9 +6192,7 @@ static BOOL sam_io_user_info21(const char *desc, SAM_USER_INFO_21 * usr,
if(!prs_uint32("ptr_logon_hrs ", ps, depth, &usr->ptr_logon_hrs))
return False;
- if(!prs_uint16("bad_password_count ", ps, depth, &usr->bad_password_count))
- return False;
- if(!prs_uint16("logon_count ", ps, depth, &usr->logon_count))
+ if(!prs_uint32("unknown_5 ", ps, depth, &usr->unknown_5))
return False;
if(!prs_uint8s(False, "padding1 ", ps, depth, usr->padding1, sizeof(usr->padding1)))
@@ -6183,10 +6245,12 @@ static BOOL sam_io_user_info21(const char *desc, SAM_USER_INFO_21 * usr,
void init_sam_user_info20A(SAM_USER_INFO_20 *usr, SAM_ACCOUNT *pw)
{
- const char *munged_dial = pdb_get_munged_dial(pw);
+ int len_munged_dial;
+ const char* munged_dial = pdb_get_munged_dial(pw);
- init_unistr2(&usr->uni_munged_dial, munged_dial, UNI_STR_TERMINATE);
- init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+ len_munged_dial = munged_dial != NULL ? strlen(munged_dial )+1 : 0;
+ init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial);
+ init_unistr2(&usr->uni_munged_dial, munged_dial, len_munged_dial);
}
@@ -6652,11 +6716,13 @@ inits a SAMR_Q_CONNECT structure.
void init_samr_q_connect(SAMR_Q_CONNECT * q_u,
char *srv_name, uint32 access_mask)
{
+ int len_srv_name = strlen(srv_name);
+
DEBUG(5, ("init_samr_q_connect\n"));
/* make PDC server name \\server */
- q_u->ptr_srv_name = (srv_name != NULL && *srv_name) ? 1 : 0;
- init_unistr2(&q_u->uni_srv_name, srv_name, UNI_STR_TERMINATE);
+ q_u->ptr_srv_name = len_srv_name > 0 ? 1 : 0;
+ init_unistr2(&q_u->uni_srv_name, srv_name, len_srv_name + 1);
/* example values: 0x0000 0002 */
q_u->access_mask = access_mask;
@@ -6723,11 +6789,13 @@ inits a SAMR_Q_CONNECT4 structure.
void init_samr_q_connect4(SAMR_Q_CONNECT4 * q_u,
char *srv_name, uint32 access_mask)
{
+ int len_srv_name = strlen(srv_name);
+
DEBUG(5, ("init_samr_q_connect\n"));
/* make PDC server name \\server */
- q_u->ptr_srv_name = (srv_name != NULL && *srv_name) ? 1 : 0;
- init_unistr2(&q_u->uni_srv_name, srv_name, UNI_STR_TERMINATE);
+ q_u->ptr_srv_name = len_srv_name > 0 ? 1 : 0;
+ init_unistr2(&q_u->uni_srv_name, srv_name, len_srv_name + 1);
/* Only value we've seen, possibly an address type ? */
q_u->unk_0 = 2;
@@ -6866,11 +6934,13 @@ inits a SAMR_Q_GET_DOM_PWINFO structure.
void init_samr_q_get_dom_pwinfo(SAMR_Q_GET_DOM_PWINFO * q_u,
char *srv_name)
{
+ int len_srv_name = strlen(srv_name);
+
DEBUG(5, ("init_samr_q_get_dom_pwinfo\n"));
q_u->ptr = 1;
- init_unistr2(&q_u->uni_srv_name, srv_name, UNI_FLAGS_NONE);
- init_uni_hdr(&q_u->hdr_srv_name, &q_u->uni_srv_name);
+ init_uni_hdr(&q_u->hdr_srv_name, len_srv_name);
+ init_unistr2(&q_u->uni_srv_name, srv_name, len_srv_name);
}
/*******************************************************************
@@ -7031,14 +7101,16 @@ void init_samr_q_chgpasswd_user(SAMR_Q_CHGPASSWD_USER * q_u,
char lm_newpass[516],
uchar lm_oldhash[16])
{
+ int len_dest_host = strlen(dest_host);
+ int len_user_name = strlen(user_name);
+
DEBUG(5, ("init_samr_q_chgpasswd_user\n"));
q_u->ptr_0 = 1;
- init_unistr2(&q_u->uni_dest_host, dest_host, UNI_FLAGS_NONE);
- init_uni_hdr(&q_u->hdr_dest_host, &q_u->uni_dest_host);
-
- init_unistr2(&q_u->uni_user_name, user_name, UNI_FLAGS_NONE);
- init_uni_hdr(&q_u->hdr_user_name, &q_u->uni_user_name);
+ init_uni_hdr(&q_u->hdr_dest_host, len_dest_host);
+ init_unistr2(&q_u->uni_dest_host, dest_host, len_dest_host);
+ init_uni_hdr(&q_u->hdr_user_name, len_user_name);
+ init_unistr2(&q_u->uni_user_name, user_name, len_user_name);
init_enc_passwd(&q_u->nt_newpass, nt_newpass);
init_enc_hash(&q_u->nt_oldhash, nt_oldhash);
diff --git a/source/rpc_parse/parse_sec.c b/source/rpc_parse/parse_sec.c
index bf43ef288ae..3848bd7051f 100644
--- a/source/rpc_parse/parse_sec.c
+++ b/source/rpc_parse/parse_sec.c
@@ -28,6 +28,15 @@
#define DBGC_CLASS DBGC_RPC_PARSE
/*******************************************************************
+ Sets up a SEC_ACCESS structure.
+********************************************************************/
+
+void init_sec_access(SEC_ACCESS *t, uint32 mask)
+{
+ t->mask = mask;
+}
+
+/*******************************************************************
Reads or writes a SEC_ACCESS structure.
********************************************************************/
@@ -46,6 +55,51 @@ BOOL sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth)
}
/*******************************************************************
+ Check if ACE has OBJECT type.
+********************************************************************/
+
+BOOL sec_ace_object(uint8 type)
+{
+ if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
+ type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
+ type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
+ type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) {
+ return True;
+ }
+ return False;
+}
+
+/*******************************************************************
+ copy a SEC_ACE structure.
+********************************************************************/
+void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src)
+{
+ ace_dest->type = ace_src->type;
+ ace_dest->flags = ace_src->flags;
+ ace_dest->size = ace_src->size;
+ ace_dest->info.mask = ace_src->info.mask;
+ ace_dest->obj_flags = ace_src->obj_flags;
+ memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, GUID_SIZE);
+ memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, GUID_SIZE);
+ sid_copy(&ace_dest->trustee, &ace_src->trustee);
+}
+
+/*******************************************************************
+ Sets up a SEC_ACE structure.
+********************************************************************/
+
+void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag)
+{
+ t->type = type;
+ t->flags = flag;
+ t->size = sid_size(sid) + 8;
+ t->info = mask;
+
+ ZERO_STRUCTP(&t->trustee);
+ sid_copy(&t->trustee, sid);
+}
+
+/*******************************************************************
Reads or writes a SEC_ACE structure.
********************************************************************/
@@ -100,6 +154,127 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth)
}
/*******************************************************************
+ adds new SID with its permissions to ACE list
+********************************************************************/
+
+NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask)
+{
+ unsigned int i = 0;
+
+ if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER;
+
+ *num += 1;
+
+ if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0)
+ return NT_STATUS_NO_MEMORY;
+
+ for (i = 0; i < *num - 1; i ++)
+ sec_ace_copy(&(*new)[i], &old[i]);
+
+ (*new)[i].type = 0;
+ (*new)[i].flags = 0;
+ (*new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid);
+ (*new)[i].info.mask = mask;
+ sid_copy(&(*new)[i].trustee, sid);
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ modify SID's permissions at ACL
+********************************************************************/
+
+NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask)
+{
+ unsigned int i = 0;
+
+ if (!ace || !sid) return NT_STATUS_INVALID_PARAMETER;
+
+ for (i = 0; i < num; i ++) {
+ if (sid_compare(&ace[i].trustee, sid) == 0) {
+ ace[i].info.mask = mask;
+ return NT_STATUS_OK;
+ }
+ }
+ return NT_STATUS_NOT_FOUND;
+}
+
+/*******************************************************************
+ delete SID from ACL
+********************************************************************/
+
+static NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, uint32 *num, DOM_SID *sid)
+{
+ unsigned int i = 0;
+ unsigned int n_del = 0;
+
+ if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER;
+
+ if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0)
+ return NT_STATUS_NO_MEMORY;
+
+ for (i = 0; i < *num; i ++) {
+ if (sid_compare(&old[i].trustee, sid) != 0)
+ sec_ace_copy(&(*new)[i], &old[i]);
+ else
+ n_del ++;
+ }
+ if (n_del == 0)
+ return NT_STATUS_NOT_FOUND;
+ else {
+ *num -= n_del;
+ return NT_STATUS_OK;
+ }
+}
+
+/*******************************************************************
+ Create a SEC_ACL structure.
+********************************************************************/
+
+SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list)
+{
+ SEC_ACL *dst;
+ int i;
+
+ if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL)
+ return NULL;
+
+ dst->revision = revision;
+ dst->num_aces = num_aces;
+ dst->size = SEC_ACL_HEADER_SIZE;
+
+ /* Now we need to return a non-NULL address for the ace list even
+ if the number of aces required is zero. This is because there
+ is a distinct difference between a NULL ace and an ace with zero
+ entries in it. This is achieved by checking that num_aces is a
+ positive number. */
+
+ if ((num_aces) &&
+ ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces))
+ == NULL)) {
+ return NULL;
+ }
+
+ for (i = 0; i < num_aces; i++) {
+ dst->ace[i] = ace_list[i]; /* Structure copy. */
+ dst->size += ace_list[i].size;
+ }
+
+ return dst;
+}
+
+/*******************************************************************
+ Duplicate a SEC_ACL structure.
+********************************************************************/
+
+SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src)
+{
+ if(src == NULL)
+ return NULL;
+
+ return make_sec_acl(ctx, src->revision, src->num_aces, src->ace);
+}
+
+/*******************************************************************
Reads or writes a SEC_ACL structure.
First of the xx_io_xx functions that allocates its data structures
@@ -172,6 +347,330 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth)
}
/*******************************************************************
+ Works out the linearization size of a SEC_DESC.
+********************************************************************/
+
+size_t sec_desc_size(SEC_DESC *psd)
+{
+ size_t offset;
+
+ if (!psd) return 0;
+
+ offset = SEC_DESC_HEADER_SIZE;
+
+ /* don't align */
+
+ if (psd->owner_sid != NULL)
+ offset += sid_size(psd->owner_sid);
+
+ if (psd->grp_sid != NULL)
+ offset += sid_size(psd->grp_sid);
+
+ if (psd->sacl != NULL)
+ offset += psd->sacl->size;
+
+ if (psd->dacl != NULL)
+ offset += psd->dacl->size;
+
+ return offset;
+}
+
+/*******************************************************************
+ Compares two SEC_ACE structures
+********************************************************************/
+
+BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2)
+{
+ /* Trivial case */
+
+ if (!s1 && !s2) return True;
+
+ /* Check top level stuff */
+
+ if (s1->type != s2->type || s1->flags != s2->flags ||
+ s1->info.mask != s2->info.mask) {
+ return False;
+ }
+
+ /* Check SID */
+
+ if (!sid_equal(&s1->trustee, &s2->trustee)) {
+ return False;
+ }
+
+ return True;
+}
+
+/*******************************************************************
+ Compares two SEC_ACL structures
+********************************************************************/
+
+BOOL sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2)
+{
+ unsigned int i, j;
+
+ /* Trivial cases */
+
+ if (!s1 && !s2) return True;
+ if (!s1 || !s2) return False;
+
+ /* Check top level stuff */
+
+ if (s1->revision != s2->revision) {
+ DEBUG(10, ("sec_acl_equal(): revision differs (%d != %d)\n",
+ s1->revision, s2->revision));
+ return False;
+ }
+
+ if (s1->num_aces != s2->num_aces) {
+ DEBUG(10, ("sec_acl_equal(): num_aces differs (%d != %d)\n",
+ s1->revision, s2->revision));
+ return False;
+ }
+
+ /* The ACEs could be in any order so check each ACE in s1 against
+ each ACE in s2. */
+
+ for (i = 0; i < s1->num_aces; i++) {
+ BOOL found = False;
+
+ for (j = 0; j < s2->num_aces; j++) {
+ if (sec_ace_equal(&s1->ace[i], &s2->ace[j])) {
+ found = True;
+ break;
+ }
+ }
+
+ if (!found) return False;
+ }
+
+ return True;
+}
+
+/*******************************************************************
+ Compares two SEC_DESC structures
+********************************************************************/
+
+BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2)
+{
+ /* Trivial case */
+
+ if (!s1 && !s2) {
+ goto done;
+ }
+
+ /* Check top level stuff */
+
+ if (s1->revision != s2->revision) {
+ DEBUG(10, ("sec_desc_equal(): revision differs (%d != %d)\n",
+ s1->revision, s2->revision));
+ return False;
+ }
+
+ if (s1->type!= s2->type) {
+ DEBUG(10, ("sec_desc_equal(): type differs (%d != %d)\n",
+ s1->type, s2->type));
+ return False;
+ }
+
+ /* Check owner and group */
+
+ if (!sid_equal(s1->owner_sid, s2->owner_sid)) {
+ fstring str1, str2;
+
+ sid_to_string(str1, s1->owner_sid);
+ sid_to_string(str2, s2->owner_sid);
+
+ DEBUG(10, ("sec_desc_equal(): owner differs (%s != %s)\n",
+ str1, str2));
+ return False;
+ }
+
+ if (!sid_equal(s1->grp_sid, s2->grp_sid)) {
+ fstring str1, str2;
+
+ sid_to_string(str1, s1->grp_sid);
+ sid_to_string(str2, s2->grp_sid);
+
+ DEBUG(10, ("sec_desc_equal(): group differs (%s != %s)\n",
+ str1, str2));
+ return False;
+ }
+
+ /* Check ACLs present in one but not the other */
+
+ if ((s1->dacl && !s2->dacl) || (!s1->dacl && s2->dacl) ||
+ (s1->sacl && !s2->sacl) || (!s1->sacl && s2->sacl)) {
+ DEBUG(10, ("sec_desc_equal(): dacl or sacl not present\n"));
+ return False;
+ }
+
+ /* Sigh - we have to do it the hard way by iterating over all
+ the ACEs in the ACLs */
+
+ if (!sec_acl_equal(s1->dacl, s2->dacl) ||
+ !sec_acl_equal(s1->sacl, s2->sacl)) {
+ DEBUG(10, ("sec_desc_equal(): dacl/sacl list not equal\n"));
+ return False;
+ }
+
+ done:
+ DEBUG(10, ("sec_desc_equal(): secdescs are identical\n"));
+ return True;
+}
+
+/*******************************************************************
+ Merge part of security descriptor old_sec in to the empty sections of
+ security descriptor new_sec.
+********************************************************************/
+
+SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb)
+{
+ DOM_SID *owner_sid, *group_sid;
+ SEC_DESC_BUF *return_sdb;
+ SEC_ACL *dacl, *sacl;
+ SEC_DESC *psd = NULL;
+ uint16 secdesc_type;
+ size_t secdesc_size;
+
+ /* Copy over owner and group sids. There seems to be no flag for
+ this so just check the pointer values. */
+
+ owner_sid = new_sdb->sec->owner_sid ? new_sdb->sec->owner_sid :
+ old_sdb->sec->owner_sid;
+
+ group_sid = new_sdb->sec->grp_sid ? new_sdb->sec->grp_sid :
+ old_sdb->sec->grp_sid;
+
+ secdesc_type = new_sdb->sec->type;
+
+ /* Ignore changes to the system ACL. This has the effect of making
+ changes through the security tab audit button not sticking.
+ Perhaps in future Samba could implement these settings somehow. */
+
+ sacl = NULL;
+ secdesc_type &= ~SEC_DESC_SACL_PRESENT;
+
+ /* Copy across discretionary ACL */
+
+ if (secdesc_type & SEC_DESC_DACL_PRESENT) {
+ dacl = new_sdb->sec->dacl;
+ } else {
+ dacl = old_sdb->sec->dacl;
+ }
+
+ /* Create new security descriptor from bits */
+
+ psd = make_sec_desc(ctx, new_sdb->sec->revision,
+ owner_sid, group_sid, sacl, dacl, &secdesc_size);
+
+ return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd);
+
+ return(return_sdb);
+}
+
+/*******************************************************************
+ Creates a SEC_DESC structure
+********************************************************************/
+
+SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision,
+ DOM_SID *owner_sid, DOM_SID *grp_sid,
+ SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
+{
+ SEC_DESC *dst;
+ uint32 offset = 0;
+
+ *sd_size = 0;
+
+ if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL)
+ return NULL;
+
+ dst->revision = revision;
+ dst->type = SEC_DESC_SELF_RELATIVE;
+
+ if (sacl) dst->type |= SEC_DESC_SACL_PRESENT;
+ if (dacl) dst->type |= SEC_DESC_DACL_PRESENT;
+
+ dst->off_owner_sid = 0;
+ dst->off_grp_sid = 0;
+ dst->off_sacl = 0;
+ dst->off_dacl = 0;
+
+ if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL))
+ goto error_exit;
+
+ if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
+ goto error_exit;
+
+ if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL))
+ goto error_exit;
+
+ if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL))
+ goto error_exit;
+
+ offset = SEC_DESC_HEADER_SIZE;
+
+ /*
+ * Work out the linearization sizes.
+ */
+
+ if (dst->sacl != NULL) {
+ dst->off_sacl = offset;
+ offset += dst->sacl->size;
+ }
+
+ if (dst->dacl != NULL) {
+ dst->off_dacl = offset;
+ offset += dst->dacl->size;
+ }
+
+ if (dst->owner_sid != NULL) {
+ dst->off_owner_sid = offset;
+ offset += sid_size(dst->owner_sid);
+ }
+
+ if (dst->grp_sid != NULL) {
+ dst->off_grp_sid = offset;
+ offset += sid_size(dst->grp_sid);
+ }
+
+ *sd_size = (size_t)offset;
+ return dst;
+
+error_exit:
+
+ *sd_size = 0;
+ return NULL;
+}
+
+/*******************************************************************
+ Duplicate a SEC_DESC structure.
+********************************************************************/
+
+SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
+{
+ size_t dummy;
+
+ if(src == NULL)
+ return NULL;
+
+ return make_sec_desc( ctx, src->revision,
+ src->owner_sid, src->grp_sid, src->sacl,
+ src->dacl, &dummy);
+}
+
+/*******************************************************************
+ Creates a SEC_DESC structure with typical defaults.
+********************************************************************/
+
+SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, DOM_SID *owner_sid, DOM_SID *grp_sid,
+ SEC_ACL *dacl, size_t *sd_size)
+{
+ return make_sec_desc(ctx, SEC_DESC_REVISION,
+ owner_sid, grp_sid, NULL, dacl, sd_size);
+}
+
+/*******************************************************************
Reads or writes a SEC_DESC structure.
If reading and the *ppsd = NULL, allocates the structure.
********************************************************************/
@@ -307,6 +806,42 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)
}
/*******************************************************************
+ Creates a SEC_DESC_BUF structure.
+********************************************************************/
+
+SEC_DESC_BUF *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc)
+{
+ SEC_DESC_BUF *dst;
+
+ if((dst = (SEC_DESC_BUF *)talloc_zero(ctx, sizeof(SEC_DESC_BUF))) == NULL)
+ return NULL;
+
+ /* max buffer size (allocated size) */
+ dst->max_len = (uint32)len;
+ dst->len = (uint32)len;
+
+ if(sec_desc && ((dst->sec = dup_sec_desc(ctx, sec_desc)) == NULL)) {
+ return NULL;
+ }
+
+ dst->ptr = 0x1;
+
+ return dst;
+}
+
+/*******************************************************************
+ Duplicates a SEC_DESC_BUF structure.
+********************************************************************/
+
+SEC_DESC_BUF *dup_sec_desc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *src)
+{
+ if(src == NULL)
+ return NULL;
+
+ return make_sec_desc_buf( ctx, src->len, src->sec);
+}
+
+/*******************************************************************
Reads or writes a SEC_DESC_BUF structure.
********************************************************************/
@@ -364,3 +899,193 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int
return True;
}
+
+/*******************************************************************
+ Add a new SID with its permissions to SEC_DESC.
+********************************************************************/
+
+NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 mask, size_t *sd_size)
+{
+ SEC_DESC *sd = 0;
+ SEC_ACL *dacl = 0;
+ SEC_ACE *ace = 0;
+ NTSTATUS status;
+
+ *sd_size = 0;
+
+ if (!ctx || !psd || !sid || !sd_size)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid, mask);
+
+ if (!NT_STATUS_IS_OK(status))
+ return status;
+
+ if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid,
+ psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ *psd = sd;
+ sd = 0;
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Modify a SID's permissions in a SEC_DESC.
+********************************************************************/
+
+NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask)
+{
+ NTSTATUS status;
+
+ if (!sd || !sid)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ status = sec_ace_mod_sid(sd->dacl->ace, sd->dacl->num_aces, sid, mask);
+
+ if (!NT_STATUS_IS_OK(status))
+ return status;
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Delete a SID from a SEC_DESC.
+********************************************************************/
+
+NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size)
+{
+ SEC_DESC *sd = 0;
+ SEC_ACL *dacl = 0;
+ SEC_ACE *ace = 0;
+ NTSTATUS status;
+
+ *sd_size = 0;
+
+ if (!ctx || !psd[0] || !sid || !sd_size)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid);
+
+ if (!NT_STATUS_IS_OK(status))
+ return status;
+
+ if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid,
+ psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ *psd = sd;
+ sd = 0;
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Comparison function to sort non-inherited first.
+*******************************************************************/
+
+static int nt_ace_inherit_comp( SEC_ACE *a1, SEC_ACE *a2)
+{
+ int a1_inh = a1->flags & SEC_ACE_FLAG_INHERITED_ACE;
+ int a2_inh = a2->flags & SEC_ACE_FLAG_INHERITED_ACE;
+
+ if (a1_inh == a2_inh)
+ return 0;
+
+ if (!a1_inh && a2_inh)
+ return -1;
+ return 1;
+}
+
+/*******************************************************************
+ Comparison function to apply the order explained below in a group.
+*******************************************************************/
+
+static int nt_ace_canon_comp( SEC_ACE *a1, SEC_ACE *a2)
+{
+ if ((a1->type == SEC_ACE_TYPE_ACCESS_DENIED) &&
+ (a2->type != SEC_ACE_TYPE_ACCESS_DENIED))
+ return -1;
+
+ if ((a2->type == SEC_ACE_TYPE_ACCESS_DENIED) &&
+ (a1->type != SEC_ACE_TYPE_ACCESS_DENIED))
+ return 1;
+
+ /* Both access denied or access allowed. */
+
+ /* 1. ACEs that apply to the object itself */
+
+ if (!(a1->flags & SEC_ACE_FLAG_INHERIT_ONLY) &&
+ (a2->flags & SEC_ACE_FLAG_INHERIT_ONLY))
+ return -1;
+ else if (!(a2->flags & SEC_ACE_FLAG_INHERIT_ONLY) &&
+ (a1->flags & SEC_ACE_FLAG_INHERIT_ONLY))
+ return 1;
+
+ /* 2. ACEs that apply to a subobject of the object, such as
+ * a property set or property. */
+
+ if (a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) &&
+ !(a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)))
+ return -1;
+ else if (a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) &&
+ !(a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)))
+ return 1;
+
+ return 0;
+}
+
+/*******************************************************************
+ Functions to convert a SEC_DESC ACE DACL list into canonical order.
+ JRA.
+
+--- from http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/order_of_aces_in_a_dacl.asp
+
+The following describes the preferred order:
+
+ To ensure that noninherited ACEs have precedence over inherited ACEs,
+ place all noninherited ACEs in a group before any inherited ACEs.
+ This ordering ensures, for example, that a noninherited access-denied ACE
+ is enforced regardless of any inherited ACE that allows access.
+
+ Within the groups of noninherited ACEs and inherited ACEs, order ACEs according to ACE type, as the following shows:
+ 1. Access-denied ACEs that apply to the object itself
+ 2. Access-denied ACEs that apply to a subobject of the object, such as a property set or property
+ 3. Access-allowed ACEs that apply to the object itself
+ 4. Access-allowed ACEs that apply to a subobject of the object"
+
+********************************************************************/
+
+void dacl_sort_into_canonical_order(SEC_ACE *srclist, unsigned int num_aces)
+{
+ unsigned int i;
+
+ if (!srclist || num_aces == 0)
+ return;
+
+ /* Sort so that non-inherited ACE's come first. */
+ qsort( srclist, num_aces, sizeof(srclist[0]), QSORT_CAST nt_ace_inherit_comp);
+
+ /* Find the boundary between non-inherited ACEs. */
+ for (i = 0; i < num_aces; i++ ) {
+ SEC_ACE *curr_ace = &srclist[i];
+
+ if (curr_ace->flags & SEC_ACE_FLAG_INHERITED_ACE)
+ break;
+ }
+
+ /* i now points at entry number of the first inherited ACE. */
+
+ /* Sort the non-inherited ACEs. */
+ if (i)
+ qsort( srclist, i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp);
+
+ /* Now sort the inherited ACEs. */
+ if (num_aces - i)
+ qsort( &srclist[i], num_aces - i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp);
+}
diff --git a/source/rpc_parse/parse_spoolss.c b/source/rpc_parse/parse_spoolss.c
index 65f16414a0a..7ca9bccab46 100644
--- a/source/rpc_parse/parse_spoolss.c
+++ b/source/rpc_parse/parse_spoolss.c
@@ -916,12 +916,12 @@ BOOL make_spoolss_q_open_printer_ex(SPOOL_Q_OPEN_PRINTER_EX *q_u,
{
DEBUG(5,("make_spoolss_q_open_printer_ex\n"));
q_u->printername_ptr = (printername!=NULL)?1:0;
- init_unistr2(&q_u->printername, printername, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->printername, printername, strlen(printername)+1);
q_u->printer_default.datatype_ptr = 0;
/*
q_u->printer_default.datatype_ptr = (datatype!=NULL)?1:0;
- init_unistr2(&q_u->printer_default.datatype, datatype, UNI_FLAGS_NONE);
+ init_unistr2(&q_u->printer_default.datatype, datatype, strlen(datatype));
*/
q_u->printer_default.devmode_cont.size=0;
q_u->printer_default.devmode_cont.devmode_ptr=0;
@@ -937,8 +937,8 @@ BOOL make_spoolss_q_open_printer_ex(SPOOL_Q_OPEN_PRINTER_EX *q_u,
q_u->user_ctr.user1.major=2;
q_u->user_ctr.user1.minor=0;
q_u->user_ctr.user1.processor=0;
- init_unistr2(&q_u->user_ctr.user1.client_name, clientname, UNI_STR_TERMINATE);
- init_unistr2(&q_u->user_ctr.user1.user_name, user_name, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->user_ctr.user1.client_name, clientname, strlen(clientname)+1);
+ init_unistr2(&q_u->user_ctr.user1.user_name, user_name, strlen(user_name)+1);
return True;
}
@@ -963,7 +963,7 @@ BOOL make_spoolss_q_addprinterex(
ZERO_STRUCTP(q_u);
q_u->server_name_ptr = (srv_name!=NULL)?1:0;
- init_unistr2(&q_u->server_name, srv_name, UNI_FLAGS_NONE);
+ init_unistr2(&q_u->server_name, srv_name, strlen(srv_name));
q_u->level = level;
@@ -991,8 +991,8 @@ BOOL make_spoolss_q_addprinterex(
q_u->user_ctr.user1.major=2;
q_u->user_ctr.user1.minor=0;
q_u->user_ctr.user1.processor=0;
- init_unistr2(&q_u->user_ctr.user1.client_name, clientname, UNI_STR_TERMINATE);
- init_unistr2(&q_u->user_ctr.user1.user_name, user_name, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->user_ctr.user1.client_name, clientname, strlen(clientname)+1);
+ init_unistr2(&q_u->user_ctr.user1.user_name, user_name, strlen(user_name)+1);
q_u->user_ctr.user1.size=q_u->user_ctr.user1.user_name.uni_str_len +
q_u->user_ctr.user1.client_name.uni_str_len + 2;
@@ -1187,13 +1187,15 @@ BOOL make_spoolss_q_deleteprinterdriver(
/* these must be NULL terminated or else NT4 will
complain about invalid parameters --jerry */
- init_unistr2(&q_u->server, server, UNI_STR_TERMINATE);
- init_unistr2(&q_u->arch, arch, UNI_STR_TERMINATE);
- init_unistr2(&q_u->driver, driver, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->server, server, strlen(server)+1);
+ init_unistr2(&q_u->arch, arch, strlen(arch)+1);
+ init_unistr2(&q_u->driver, driver, strlen(driver)+1);
+
return True;
}
+
/*******************************************************************
* make a structure.
********************************************************************/
@@ -1207,7 +1209,7 @@ BOOL make_spoolss_q_getprinterdata(SPOOL_Q_GETPRINTERDATA *q_u,
DEBUG(5,("make_spoolss_q_getprinterdata\n"));
q_u->handle = *handle;
- init_unistr2(&q_u->valuename, valuename, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->valuename, valuename, strlen(valuename) + 1);
q_u->size = size;
return True;
@@ -1227,8 +1229,8 @@ BOOL make_spoolss_q_getprinterdataex(SPOOL_Q_GETPRINTERDATAEX *q_u,
DEBUG(5,("make_spoolss_q_getprinterdataex\n"));
q_u->handle = *handle;
- init_unistr2(&q_u->valuename, valuename, UNI_STR_TERMINATE);
- init_unistr2(&q_u->keyname, keyname, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->valuename, valuename, strlen(valuename) + 1);
+ init_unistr2(&q_u->keyname, keyname, strlen(keyname) + 1);
q_u->size = size;
return True;
@@ -5315,7 +5317,7 @@ BOOL smb_io_unibuffer(const char *desc, UNISTR2 *buffer, prs_struct *ps, int dep
{
if (buffer==NULL) return False;
- buffer->offset=0;
+ buffer->undoc=0;
buffer->uni_str_len=buffer->uni_max_len;
if(!prs_uint32("buffer_size", ps, depth, &buffer->uni_max_len))
@@ -5372,7 +5374,7 @@ BOOL make_spoolss_q_addprinterdriver(TALLOC_CTX *mem_ctx,
DEBUG(5,("make_spoolss_q_addprinterdriver\n"));
q_u->server_name_ptr = (srv_name!=NULL)?1:0;
- init_unistr2(&q_u->server_name, srv_name, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->server_name, srv_name, strlen(srv_name)+1);
q_u->level = level;
@@ -6160,7 +6162,7 @@ BOOL make_spoolss_q_enumprinterdataex(SPOOL_Q_ENUMPRINTERDATAEX *q_u,
uint32 size)
{
memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
- init_unistr2(&q_u->key, key, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->key, key, strlen(key)+1);
q_u->size = size;
return True;
@@ -6173,7 +6175,7 @@ BOOL make_spoolss_q_setprinterdata(SPOOL_Q_SETPRINTERDATA *q_u, const POLICY_HND
{
memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
q_u->type = data_type;
- init_unistr2(&q_u->value, value, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->value, value, strlen(value)+1);
q_u->max_len = q_u->real_len = data_size;
q_u->data = (unsigned char *)data;
@@ -6189,8 +6191,8 @@ BOOL make_spoolss_q_setprinterdataex(SPOOL_Q_SETPRINTERDATAEX *q_u, const POLICY
{
memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
q_u->type = data_type;
- init_unistr2(&q_u->value, value, UNI_STR_TERMINATE);
- init_unistr2(&q_u->key, key, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->value, value, strlen(value)+1);
+ init_unistr2(&q_u->key, key, strlen(key)+1);
q_u->max_len = q_u->real_len = data_size;
q_u->data = (unsigned char *)data;
@@ -6587,7 +6589,7 @@ BOOL make_spoolss_q_replyopenprinter(SPOOL_Q_REPLYOPENPRINTER *q_u,
if (q_u == NULL)
return False;
- init_unistr2(&q_u->string, string, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->string, string, strlen(string)+1);
q_u->printer=printer;
q_u->type=type;
@@ -7090,7 +7092,7 @@ BOOL make_spoolss_q_enumprinterkey(SPOOL_Q_ENUMPRINTERKEY *q_u,
DEBUG(5,("make_spoolss_q_enumprinterkey\n"));
memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
- init_unistr2(&q_u->key, key, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->key, key, strlen(key)+1);
q_u->size = size;
return True;
@@ -7159,7 +7161,7 @@ BOOL make_spoolss_q_deleteprinterkey(SPOOL_Q_DELETEPRINTERKEY *q_u,
DEBUG(5,("make_spoolss_q_deleteprinterkey\n"));
memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
- init_unistr2(&q_u->keyname, keyname, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->keyname, keyname, strlen(keyname)+1);
return True;
}
@@ -7380,8 +7382,8 @@ BOOL make_spoolss_q_getprintprocessordirectory(SPOOL_Q_GETPRINTPROCESSORDIRECTOR
{
DEBUG(5,("make_spoolss_q_getprintprocessordirectory\n"));
- init_unistr2(&q_u->name, name, UNI_STR_TERMINATE);
- init_unistr2(&q_u->environment, environment, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->name, name, strlen(name)+1);
+ init_unistr2(&q_u->environment, environment, strlen(environment)+1);
q_u->level = level;
@@ -7507,7 +7509,7 @@ BOOL make_spoolss_q_setform(SPOOL_Q_SETFORM *q_u, POLICY_HND *handle,
q_u->level = level;
q_u->level2 = level;
memcpy(&q_u->form, form, sizeof(FORM));
- init_unistr2(&q_u->name, form_name, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->name, form_name, strlen(form_name) + 1);
return True;
}
@@ -7520,7 +7522,7 @@ BOOL make_spoolss_q_deleteform(SPOOL_Q_DELETEFORM *q_u, POLICY_HND *handle,
const char *form)
{
memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
- init_unistr2(&q_u->name, form, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->name, form, strlen(form) + 1);
return True;
}
@@ -7534,7 +7536,7 @@ BOOL make_spoolss_q_getform(SPOOL_Q_GETFORM *q_u, POLICY_HND *handle,
{
memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
q_u->level = level;
- init_unistr2(&q_u->formname, formname, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->formname, formname, strlen(formname) + 1);
q_u->buffer=buffer;
q_u->offered=offered;
@@ -7640,9 +7642,17 @@ BOOL make_spoolss_q_startdocprinter(SPOOL_Q_STARTDOCPRINTER *q_u,
ctr->docinfo.doc_info_1.p_outputfile = outputfile ? 1 : 0;
ctr->docinfo.doc_info_1.p_datatype = datatype ? 1 : 0;
- init_unistr2(&ctr->docinfo.doc_info_1.docname, docname, UNI_STR_TERMINATE);
- init_unistr2(&ctr->docinfo.doc_info_1.outputfile, outputfile, UNI_STR_TERMINATE);
- init_unistr2(&ctr->docinfo.doc_info_1.datatype, datatype, UNI_STR_TERMINATE);
+ if (docname)
+ init_unistr2(&ctr->docinfo.doc_info_1.docname, docname,
+ strlen(docname) + 1);
+
+ if (outputfile)
+ init_unistr2(&ctr->docinfo.doc_info_1.outputfile, outputfile,
+ strlen(outputfile) + 1);
+
+ if (datatype)
+ init_unistr2(&ctr->docinfo.doc_info_1.datatype, datatype,
+ strlen(datatype) + 1);
break;
case 2:
@@ -7691,7 +7701,7 @@ BOOL make_spoolss_q_deleteprinterdata(SPOOL_Q_DELETEPRINTERDATA *q_u,
POLICY_HND *handle, char *valuename)
{
memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
- init_unistr2(&q_u->valuename, valuename, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->valuename, valuename, strlen(valuename) + 1);
return True;
}
@@ -7705,8 +7715,8 @@ BOOL make_spoolss_q_deleteprinterdataex(SPOOL_Q_DELETEPRINTERDATAEX *q_u,
char *value)
{
memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
- init_unistr2(&q_u->valuename, value, UNI_STR_TERMINATE);
- init_unistr2(&q_u->keyname, key, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->valuename, value, strlen(value) + 1);
+ init_unistr2(&q_u->keyname, key, strlen(key) + 1);
return True;
}
@@ -7726,7 +7736,8 @@ BOOL make_spoolss_q_rffpcnex(SPOOL_Q_RFFPCNEX *q_u, POLICY_HND *handle,
q_u->localmachine_ptr = 1;
- init_unistr2(&q_u->localmachine, localmachine, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->localmachine, localmachine,
+ strlen(localmachine) + 1);
q_u->printerlocal = printerlocal;
diff --git a/source/rpc_parse/parse_srv.c b/source/rpc_parse/parse_srv.c
index 6349fc16325..bbb5193ddcd 100644
--- a/source/rpc_parse/parse_srv.c
+++ b/source/rpc_parse/parse_srv.c
@@ -36,7 +36,8 @@ void init_srv_share_info0_str(SH_INFO_0_STR *sh0, const char *net_name)
{
DEBUG(5,("init_srv_share_info0_str\n"));
- init_unistr2(&sh0->uni_netname, net_name, UNI_STR_TERMINATE);
+ if(net_name)
+ init_unistr2(&sh0->uni_netname, net_name, strlen(net_name)+1);
}
/*******************************************************************
@@ -100,8 +101,10 @@ void init_srv_share_info1_str(SH_INFO_1_STR *sh1, const char *net_name, const ch
{
DEBUG(5,("init_srv_share_info1_str\n"));
- init_unistr2(&sh1->uni_netname, net_name, UNI_STR_TERMINATE);
- init_unistr2(&sh1->uni_remark, remark, UNI_STR_TERMINATE);
+ if(net_name)
+ init_unistr2(&sh1->uni_netname, net_name, strlen(net_name)+1);
+ if(remark)
+ init_unistr2(&sh1->uni_remark, remark, strlen(remark)+1);
}
/*******************************************************************
@@ -181,10 +184,14 @@ void init_srv_share_info2_str(SH_INFO_2_STR *sh2,
{
DEBUG(5,("init_srv_share_info2_str\n"));
- init_unistr2(&sh2->uni_netname, net_name, UNI_STR_TERMINATE);
- init_unistr2(&sh2->uni_remark, remark, UNI_STR_TERMINATE);
- init_unistr2(&sh2->uni_path, path, UNI_STR_TERMINATE);
- init_unistr2(&sh2->uni_passwd, passwd, UNI_STR_TERMINATE);
+ if (net_name)
+ init_unistr2(&sh2->uni_netname, net_name, strlen(net_name)+1);
+ if (remark)
+ init_unistr2(&sh2->uni_remark, remark, strlen(remark)+1);
+ if (path)
+ init_unistr2(&sh2->uni_path, path, strlen(path)+1);
+ if (passwd)
+ init_unistr2(&sh2->uni_passwd, passwd, strlen(passwd)+1);
}
/*******************************************************************
@@ -289,8 +296,10 @@ void init_srv_share_info501_str(SH_INFO_501_STR *sh501,
{
DEBUG(5,("init_srv_share_info501_str\n"));
- init_unistr2(&sh501->uni_netname, net_name, UNI_STR_TERMINATE);
- init_unistr2(&sh501->uni_remark, remark, UNI_STR_TERMINATE);
+ if(net_name)
+ init_unistr2(&sh501->uni_netname, net_name, strlen(net_name)+1);
+ if(remark)
+ init_unistr2(&sh501->uni_remark, remark, strlen(remark)+1);
}
/*******************************************************************
@@ -437,13 +446,17 @@ void init_srv_share_info502_str(SH_INFO_502_STR *sh502str,
{
DEBUG(5,("init_srv_share_info502_str\n"));
- init_unistr2(&sh502str->uni_netname, net_name, UNI_STR_TERMINATE);
- init_unistr2(&sh502str->uni_remark, remark, UNI_STR_TERMINATE);
- init_unistr2(&sh502str->uni_path, path, UNI_STR_TERMINATE);
- init_unistr2(&sh502str->uni_passwd, passwd, UNI_STR_TERMINATE);
- sh502str->sd = psd;
+ if(net_name)
+ init_unistr2(&sh502str->uni_netname, net_name, strlen(net_name)+1);
+ if(remark)
+ init_unistr2(&sh502str->uni_remark, remark, strlen(remark)+1);
+ if(path)
+ init_unistr2(&sh502str->uni_path, path, strlen(path)+1);
+ if(passwd)
+ init_unistr2(&sh502str->uni_passwd, passwd, strlen(passwd)+1);
+ sh502str->sd = psd;
sh502str->reserved = 0;
- sh502str->sd_size = sd_size;
+ sh502str->sd_size = sd_size;
}
/*******************************************************************
@@ -538,7 +551,8 @@ void init_srv_share_info1004_str(SH_INFO_1004_STR *sh1004, const char *remark)
{
DEBUG(5,("init_srv_share_info1004_str\n"));
- init_unistr2(&sh1004->uni_remark, remark, UNI_STR_TERMINATE);
+ if(remark)
+ init_unistr2(&sh1004->uni_remark, remark, strlen(remark)+1);
}
/*******************************************************************
@@ -645,7 +659,8 @@ void init_srv_share_info1007_str(SH_INFO_1007_STR *sh1007, const char *alternate
{
DEBUG(5,("init_srv_share_info1007_str\n"));
- init_unistr2(&sh1007->uni_AlternateDirectoryName, alternate_directory_name, UNI_STR_TERMINATE);
+ if(alternate_directory_name)
+ init_unistr2(&sh1007->uni_AlternateDirectoryName, alternate_directory_name, strlen(alternate_directory_name)+1);
}
/*******************************************************************
@@ -1459,7 +1474,7 @@ void init_srv_q_net_share_add(SRV_Q_NET_SHARE_ADD *q, const char *srvname,
const char *path, const char *passwd)
{
q->ptr_srv_name = 1;
- init_unistr2(&q->uni_srv_name, srvname, UNI_STR_TERMINATE);
+ init_unistr2(&q->uni_srv_name, srvname, strlen(srvname) +1);
q->info.switch_value = q->info_level = 2;
q->info.ptr_share_ctr = 1;
@@ -1510,8 +1525,8 @@ void init_srv_q_net_share_del(SRV_Q_NET_SHARE_DEL *del, const char *srvname,
const char *sharename)
{
del->ptr_srv_name = 1;
- init_unistr2(&del->uni_srv_name, srvname, UNI_STR_TERMINATE);
- init_unistr2(&del->uni_share_name, sharename, UNI_STR_TERMINATE);
+ init_unistr2(&del->uni_srv_name, srvname, strlen(srvname) +1 );
+ init_unistr2(&del->uni_share_name, sharename, strlen(sharename) + 1);
}
/*******************************************************************
@@ -1574,7 +1589,7 @@ void init_srv_sess_info0_str(SESS_INFO_0_STR *ss0, const char *name)
{
DEBUG(5,("init_srv_sess_info0_str\n"));
- init_unistr2(&ss0->uni_name, name, UNI_STR_TERMINATE);
+ init_unistr2(&ss0->uni_name, name, strlen(name)+1);
}
/*******************************************************************
@@ -1688,8 +1703,8 @@ void init_srv_sess_info1_str(SESS_INFO_1_STR *ss1, const char *name, const char
{
DEBUG(5,("init_srv_sess_info1_str\n"));
- init_unistr2(&ss1->uni_name, name, UNI_STR_TERMINATE);
- init_unistr2(&ss1->uni_user, user, UNI_STR_TERMINATE);
+ init_unistr2(&ss1->uni_name, name, strlen(name)+1);
+ init_unistr2(&ss1->uni_user, user, strlen(user)+1);
}
/*******************************************************************
@@ -2060,8 +2075,8 @@ void init_srv_conn_info1_str(CONN_INFO_1_STR *ss1, const char *usr_name, const c
{
DEBUG(5,("init_srv_conn_info1_str\n"));
- init_unistr2(&ss1->uni_usr_name, usr_name, UNI_STR_TERMINATE);
- init_unistr2(&ss1->uni_net_name, net_name, UNI_STR_TERMINATE);
+ init_unistr2(&ss1->uni_usr_name, usr_name, strlen(usr_name)+1);
+ init_unistr2(&ss1->uni_net_name, net_name, strlen(net_name)+1);
}
/*******************************************************************
@@ -2350,8 +2365,8 @@ void init_srv_file_info3_str(FILE_INFO_3_STR *fi3, const char *user_name, const
{
DEBUG(5,("init_srv_file_info3_str\n"));
- init_unistr2(&fi3->uni_path_name, path_name, UNI_STR_TERMINATE);
- init_unistr2(&fi3->uni_user_name, user_name, UNI_STR_TERMINATE);
+ init_unistr2(&fi3->uni_path_name, path_name, strlen(path_name)+1);
+ init_unistr2(&fi3->uni_user_name, user_name, strlen(user_name)+1);
}
/*******************************************************************
@@ -2613,7 +2628,7 @@ void init_srv_q_net_file_close(SRV_Q_NET_FILE_CLOSE *q_n, const char *server,
uint32 file_id)
{
q_n->ptr_srv_name = 1;
- init_unistr2(&q_n->uni_srv_name, server, UNI_STR_TERMINATE);
+ init_unistr2(&q_n->uni_srv_name, server, strlen(server) + 1);
q_n->file_id = file_id;
}
@@ -3571,5 +3586,6 @@ BOOL srv_io_r_net_file_set_secdesc(const char *desc, SRV_R_NET_FILE_SET_SECDESC
void init_srv_q_net_remote_tod(SRV_Q_NET_REMOTE_TOD *q_u, const char *server)
{
q_u->ptr_srv_name = 1;
- init_unistr2(&q_u->uni_srv_name, server, UNI_STR_TERMINATE);
+ init_unistr2(&q_u->uni_srv_name, server, strlen(server) + 1);
}
+
diff --git a/source/rpc_server/srv_dfs_nt.c b/source/rpc_server/srv_dfs_nt.c
index 751cb6e6425..3470ad99b45 100644
--- a/source/rpc_server/srv_dfs_nt.c
+++ b/source/rpc_server/srv_dfs_nt.c
@@ -198,7 +198,7 @@ static BOOL init_reply_dfs_info_1(struct junction_map* j, DFS_INFO_1* dfs1, int
slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(),
j[i].service_name, j[i].volume_name);
DEBUG(5,("init_reply_dfs_info_1: %d) initing entrypath: %s\n",i,str));
- init_unistr2(&dfs1[i].entrypath,str,UNI_STR_TERMINATE);
+ init_unistr2(&dfs1[i].entrypath,str,strlen(str)+1);
}
return True;
}
@@ -212,7 +212,7 @@ static BOOL init_reply_dfs_info_2(struct junction_map* j, DFS_INFO_2* dfs2, int
dfs2[i].ptr_entrypath = 1;
slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(),
j[i].service_name, j[i].volume_name);
- init_unistr2(&dfs2[i].entrypath, str, UNI_STR_TERMINATE);
+ init_unistr2(&dfs2[i].entrypath, str, strlen(str)+1);
dfs2[i].ptr_comment = 0;
dfs2[i].state = 1; /* set up state of dfs junction as OK */
dfs2[i].num_storages = j[i].referral_count;
@@ -234,9 +234,9 @@ static BOOL init_reply_dfs_info_3(TALLOC_CTX *ctx, struct junction_map* j, DFS_I
slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(),
j[i].service_name, j[i].volume_name);
- init_unistr2(&dfs3[i].entrypath, str, UNI_STR_TERMINATE);
+ init_unistr2(&dfs3[i].entrypath, str, strlen(str)+1);
dfs3[i].ptr_comment = 1;
- init_unistr2(&dfs3[i].comment, "", UNI_STR_TERMINATE);
+ init_unistr2(&dfs3[i].comment, "", 1);
dfs3[i].state = 1;
dfs3[i].num_storages = dfs3[i].num_storage_infos = j[i].referral_count;
dfs3[i].ptr_storages = 1;
@@ -267,8 +267,8 @@ static BOOL init_reply_dfs_info_3(TALLOC_CTX *ctx, struct junction_map* j, DFS_I
*p = '\0';
DEBUG(5,("storage %d: %s.%s\n",ii,path,p+1));
stor->state = 2; /* set all storages as ONLINE */
- init_unistr2(&stor->servername, path, UNI_STR_TERMINATE);
- init_unistr2(&stor->sharename, p+1, UNI_STR_TERMINATE);
+ init_unistr2(&stor->servername, path, strlen(path)+1);
+ init_unistr2(&stor->sharename, p+1, strlen(p+1)+1);
stor->ptr_servername = stor->ptr_sharename = 1;
}
}
diff --git a/source/rpc_server/srv_lsa.c b/source/rpc_server/srv_lsa.c
index 5d6c1551c91..138fb1d7ef9 100644
--- a/source/rpc_server/srv_lsa.c
+++ b/source/rpc_server/srv_lsa.c
@@ -443,7 +443,7 @@ static BOOL api_lsa_enum_privsaccount(pipes_struct *p)
return False;
}
- r_u.status = _lsa_enum_privsaccount(p, rdata, &q_u, &r_u);
+ r_u.status = _lsa_enum_privsaccount(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!lsa_io_r_enum_privsaccount("", &r_u, rdata, 0)) {
diff --git a/source/rpc_server/srv_lsa_ds_nt.c b/source/rpc_server/srv_lsa_ds_nt.c
index 97e9dc361d9..37540a9668c 100644
--- a/source/rpc_server/srv_lsa_ds_nt.c
+++ b/source/rpc_server/srv_lsa_ds_nt.c
@@ -77,12 +77,12 @@ static NTSTATUS fill_dsrole_dominfo_basic(TALLOC_CTX *ctx, DSROLE_PRIMARY_DOMAIN
basic->netbios_ptr = 1;
netbios_domain = get_global_sam_name();
- init_unistr2( &basic->netbios_domain, netbios_domain, UNI_FLAGS_NONE);
+ init_unistr2( &basic->netbios_domain, netbios_domain, strlen(netbios_domain) );
basic->dnsname_ptr = 1;
- init_unistr2( &basic->dns_domain, dnsdomain, UNI_FLAGS_NONE);
+ init_unistr2( &basic->dns_domain, dnsdomain, strlen(dnsdomain) );
basic->forestname_ptr = 1;
- init_unistr2( &basic->forest_domain, dnsdomain, UNI_FLAGS_NONE);
+ init_unistr2( &basic->forest_domain, dnsdomain, strlen(dnsdomain) );
/* fill in some additional fields if we are a member of an AD domain */
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index 0a8ad404cb3..330dd727efd 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -61,12 +61,7 @@ Init dom_query
static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_sid)
{
- d_q->buffer_dom_name = (dom_name != NULL) ? 1 : 0; /* domain buffer pointer */
- d_q->buffer_dom_sid = (dom_sid != NULL) ? 1 : 0; /* domain sid pointer */
-
- /* this string is supposed to be non-null terminated. */
- /* But the maxlen in this UNISTR2 must include the terminating null. */
- init_unistr2(&d_q->uni_domain_name, dom_name, UNI_MAXLEN_TERMINATE);
+ int domlen = (dom_name != NULL) ? strlen(dom_name) : 0;
/*
* I'm not sure why this really odd combination of length
@@ -76,15 +71,14 @@ static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_si
* a domain with both odd and even length names... JRA.
*/
- /*
- * IMPORTANT NOTE !!!!
- * The two fields below probably are reversed in meaning, ie.
- * the first field is probably the str_len, the second the max
- * len. Both are measured in bytes anyway.
- */
+ d_q->uni_dom_str_len = domlen ? ((domlen + 1) * 2) : 0;
+ d_q->uni_dom_max_len = domlen * 2;
+ d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */
+ d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */
- d_q->uni_dom_str_len = d_q->uni_domain_name.uni_max_len * 2;
- d_q->uni_dom_max_len = d_q->uni_domain_name.uni_str_len * 2;
+ /* this string is supposed to be character short */
+ init_unistr2(&d_q->uni_domain_name, dom_name, domlen);
+ d_q->uni_domain_name.uni_max_len++;
if (dom_sid != NULL)
init_dom_sid2(&d_q->dom_sid, dom_sid);
@@ -97,6 +91,7 @@ static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_si
static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
{
int num = 0;
+ int len;
if (dom_name != NULL) {
for (num = 0; num < ref->num_ref_doms_1; num++) {
@@ -119,11 +114,14 @@ static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
ref->max_entries = MAX_REF_DOMAINS;
ref->num_ref_doms_2 = num+1;
- ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
+ len = (dom_name != NULL) ? strlen(dom_name) : 0;
+ if(dom_name != NULL && len == 0)
+ len = 1;
- init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, UNI_FLAGS_NONE);
- init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, &ref->ref_dom[num].uni_dom_name);
+ init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, len);
+ ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
+ init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, len);
init_dom_sid2(&ref->ref_dom[num].ref_dom, dom_sid );
return num;
@@ -336,7 +334,7 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if((*sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, &adm_sid, NULL, NULL, psa, sd_size)) == NULL)
+ if((*sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION, &adm_sid, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
@@ -351,22 +349,25 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name,
GUID *dom_guid, DOM_SID *dom_sid)
{
if (nb_name && *nb_name) {
- init_unistr2(&r_l->uni_nb_dom_name, nb_name, UNI_FLAGS_NONE);
- init_uni_hdr(&r_l->hdr_nb_dom_name, &r_l->uni_nb_dom_name);
+ init_uni_hdr(&r_l->hdr_nb_dom_name, strlen(nb_name));
+ init_unistr2(&r_l->uni_nb_dom_name, nb_name,
+ strlen(nb_name));
r_l->hdr_nb_dom_name.uni_max_len += 2;
r_l->uni_nb_dom_name.uni_max_len += 1;
}
if (dns_name && *dns_name) {
- init_unistr2(&r_l->uni_dns_dom_name, dns_name, UNI_FLAGS_NONE);
- init_uni_hdr(&r_l->hdr_dns_dom_name, &r_l->uni_dns_dom_name);
+ init_uni_hdr(&r_l->hdr_dns_dom_name, strlen(dns_name));
+ init_unistr2(&r_l->uni_dns_dom_name, dns_name,
+ strlen(dns_name));
r_l->hdr_dns_dom_name.uni_max_len += 2;
r_l->uni_dns_dom_name.uni_max_len += 1;
}
if (forest_name && *forest_name) {
- init_unistr2(&r_l->uni_forest_name, forest_name, UNI_FLAGS_NONE);
- init_uni_hdr(&r_l->hdr_forest_name, &r_l->uni_forest_name);
+ init_uni_hdr(&r_l->hdr_forest_name, strlen(forest_name));
+ init_unistr2(&r_l->uni_forest_name, forest_name,
+ strlen(forest_name));
r_l->hdr_forest_name.uni_max_len += 2;
r_l->uni_forest_name.uni_max_len += 1;
}
@@ -773,13 +774,13 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV
for (i = 0; i < PRIV_ALL_INDEX; i++, entry++) {
if( i<enum_context) {
- init_unistr2(&entry->name, NULL, UNI_FLAGS_NONE);
- init_uni_hdr(&entry->hdr_name, &entry->name);
+ init_uni_hdr(&entry->hdr_name, 0);
+ init_unistr2(&entry->name, NULL, 0 );
entry->luid_low = 0;
entry->luid_high = 0;
} else {
- init_unistr2(&entry->name, privs[i+1].priv, UNI_FLAGS_NONE);
- init_uni_hdr(&entry->hdr_name, &entry->name);
+ init_uni_hdr(&entry->hdr_name, strlen(privs[i+1].priv));
+ init_unistr2(&entry->name, privs[i+1].priv, strlen(privs[i+1].priv) );
entry->luid_low = privs[i+1].se_priv;
entry->luid_high = 0;
}
@@ -821,8 +822,8 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L
if (privs[i].se_priv!=SE_PRIV_ALL) {
DEBUG(10,(": %s\n", privs[i].description));
- init_unistr2(&r_u->desc, privs[i].description, UNI_FLAGS_NONE);
- init_uni_hdr(&r_u->hdr_desc, &r_u->desc);
+ init_uni_hdr(&r_u->hdr_desc, strlen(privs[i].description));
+ init_unistr2(&r_u->desc, privs[i].description, strlen(privs[i].description) );
r_u->ptr_info=0xdeadbeef;
r_u->lang_id=q_u->lang_id;
@@ -889,6 +890,7 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU
NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA_R_UNK_GET_CONNUSER *r_u)
{
fstring username, domname;
+ int ulen, dlen;
user_struct *vuser = get_valid_user_struct(p->vuid);
if (vuser == NULL)
@@ -897,15 +899,18 @@ NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA
fstrcpy(username, vuser->user.smb_name);
fstrcpy(domname, vuser->user.domain);
+ ulen = strlen(username) + 1;
+ dlen = strlen(domname) + 1;
+
+ init_uni_hdr(&r_u->hdr_user_name, ulen);
r_u->ptr_user_name = 1;
- init_unistr2(&r_u->uni2_user_name, username, UNI_STR_TERMINATE);
- init_uni_hdr(&r_u->hdr_user_name, &r_u->uni2_user_name);
+ init_unistr2(&r_u->uni2_user_name, username, ulen);
r_u->unk1 = 1;
+ init_uni_hdr(&r_u->hdr_dom_name, dlen);
r_u->ptr_dom_name = 1;
- init_unistr2(&r_u->uni2_dom_name, domname, UNI_STR_TERMINATE);
- init_uni_hdr(&r_u->hdr_dom_name, &r_u->uni2_dom_name);
+ init_unistr2(&r_u->uni2_dom_name, domname, dlen);
r_u->status = NT_STATUS_OK;
@@ -955,7 +960,7 @@ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENAC
For a given SID, enumerate all the privilege this account has.
***************************************************************************/
-NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVSACCOUNT *q_u, LSA_R_ENUMPRIVSACCOUNT *r_u)
+NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LSA_R_ENUMPRIVSACCOUNT *r_u)
{
struct lsa_info *info=NULL;
GROUP_MAP map;
@@ -971,29 +976,29 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVS
return NT_STATUS_NO_SUCH_GROUP;
#if 0 /* privileges currently not implemented! */
- DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set->count));
- if (map.priv_set->count!=0) {
+ DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set.count));
+ if (map.priv_set.count!=0) {
- set=(LUID_ATTR *)talloc(map.priv_set->mem_ctx, map.priv_set.count*sizeof(LUID_ATTR));
+ set=(LUID_ATTR *)talloc(p->mem_ctx, map.priv_set.count*sizeof(LUID_ATTR));
if (set == NULL) {
- destroy_privilege(&map.priv_set);
+ free_privilege(&map.priv_set);
return NT_STATUS_NO_MEMORY;
}
- for (i = 0; i < map.priv_set.count; i++) {
- set[i].luid.low = map.priv_set->set[i].luid.low;
- set[i].luid.high = map.priv_set->set[i].luid.high;
- set[i].attr = map.priv_set->set[i].attr;
+ for (i=0; i<map.priv_set.count; i++) {
+ set[i].luid.low=map.priv_set.set[i].luid.low;
+ set[i].luid.high=map.priv_set.set[i].luid.high;
+ set[i].attr=map.priv_set.set[i].attr;
DEBUG(10,("_lsa_enum_privsaccount: priv %d: %d:%d:%d\n", i,
set[i].luid.high, set[i].luid.low, set[i].attr));
}
}
- init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, set, map.priv_set->count, 0);
- destroy_privilege(&map.priv_set);
+ init_lsa_r_enum_privsaccount(r_u, set, map.priv_set.count, 0);
+ free_privilege(&map.priv_set);
#endif
- init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, set, 0, 0);
+ init_lsa_r_enum_privsaccount(r_u, set, 0, 0);
return r_u->status;
}
@@ -1059,11 +1064,11 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA
NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u)
{
#if 0
- struct lsa_info *info = NULL;
+ struct lsa_info *info=NULL;
GROUP_MAP map;
- int i = 0;
- LUID_ATTR *luid_attr = NULL;
- PRIVILEGE_SET *set = NULL;
+ int i=0;
+ LUID_ATTR *luid_attr=NULL;
+ PRIVILEGE_SET *set=NULL;
#endif
r_u->status = NT_STATUS_OK;
@@ -1076,24 +1081,24 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
if (!pdb_getgrsid(&map, info->sid))
return NT_STATUS_NO_SUCH_GROUP;
- set = &q_u->set;
+ set=&q_u->set;
- for (i = 0; i < set->count; i++) {
- luid_attr = &set->set[i];
+ for (i=0; i<set->count; i++) {
+ luid_attr=&set->set[i];
/* check if the privilege is already there */
- if (check_priv_in_privilege(map.priv_set, *luid_attr)){
- destroy_privilege(&map.priv_set);
+ if (check_priv_in_privilege(&map.priv_set, *luid_attr)){
+ free_privilege(&map.priv_set);
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
- add_privilege(map.priv_set, *luid_attr);
+ add_privilege(&map.priv_set, *luid_attr);
}
if(!pdb_update_group_mapping_entry(&map))
return NT_STATUS_NO_SUCH_GROUP;
- destroy_privilege(&map.priv_set);
+ free_privilege(&map.priv_set);
#endif
return r_u->status;
@@ -1106,11 +1111,11 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEPRIVS *r_u)
{
#if 0
- struct lsa_info *info = NULL;
+ struct lsa_info *info=NULL;
GROUP_MAP map;
int i=0;
- LUID_ATTR *luid_attr = NULL;
- PRIVILEGE_SET *set = NULL;
+ LUID_ATTR *luid_attr=NULL;
+ PRIVILEGE_SET *set=NULL;
#endif
r_u->status = NT_STATUS_OK;
@@ -1123,37 +1128,37 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP
if (!pdb_getgrsid(&map, info->sid))
return NT_STATUS_NO_SUCH_GROUP;
- if (q_u->allrights != 0) {
+ if (q_u->allrights!=0) {
/* log it and return, until I see one myself don't do anything */
DEBUG(5,("_lsa_removeprivs: trying to remove all privileges ?\n"));
return NT_STATUS_OK;
}
- if (q_u->ptr == 0) {
+ if (q_u->ptr==0) {
/* log it and return, until I see one myself don't do anything */
DEBUG(5,("_lsa_removeprivs: no privileges to remove ?\n"));
return NT_STATUS_OK;
}
- set = &q_u->set;
+ set=&q_u->set;
- for (i = 0; i < set->count; i++) {
- luid_attr = &set->set[i];
+ for (i=0; i<set->count; i++) {
+ luid_attr=&set->set[i];
/* if we don't have the privilege, we're trying to remove, give up */
/* what else can we do ??? JFM. */
- if (!check_priv_in_privilege(map.priv_set, *luid_attr)){
- destroy_privilege(&map.priv_set);
+ if (!check_priv_in_privilege(&map.priv_set, *luid_attr)){
+ free_privilege(&map.priv_set);
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
- remove_privilege(map.priv_set, *luid_attr);
+ remove_privilege(&map.priv_set, *luid_attr);
}
if(!pdb_update_group_mapping_entry(&map))
return NT_STATUS_NO_SUCH_GROUP;
- destroy_privilege(&map.priv_set);
+ free_privilege(&map.priv_set);
#endif
return r_u->status;
}
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index 96261c665f7..d1fb587d748 100644
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -254,19 +254,18 @@ BOOL create_next_pdu(pipes_struct *p)
}
if (p->netsec_auth_validated) {
- int auth_type, auth_level;
char *data;
RPC_HDR_AUTH auth_info;
+ static const uchar netsec_sig[8] = NETSEC_SIGNATURE;
+ static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 };
RPC_AUTH_NETSEC_CHK verf;
prs_struct rverf;
prs_struct rauth;
data = prs_data_p(&outgoing_pdu) + data_pos;
- /* Check it's the type of reply we were expecting to decode */
- get_auth_type_level(p->netsec_auth.auth_flags, &auth_type, &auth_level);
- init_rpc_hdr_auth(&auth_info, auth_type, auth_level,
+ init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL,
RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
@@ -278,8 +277,10 @@ BOOL create_next_pdu(pipes_struct *p)
prs_init(&rverf, 0, p->mem_ctx, MARSHALL);
prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
+ init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes, nullbytes, nullbytes);
+
netsec_encode(&p->netsec_auth,
- p->netsec_auth.auth_flags,
+ AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL,
SENDER_IS_ACCEPTOR,
&verf, data, data_len);
@@ -1336,19 +1337,10 @@ BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in)
return False;
}
- if (auth_info.auth_type != NETSEC_AUTH_TYPE) {
- DEBUG(0,("Invalid auth info %d on schannel\n",
- auth_info.auth_type));
- return False;
- }
-
- if (auth_info.auth_level == RPC_PIPE_AUTH_SEAL_LEVEL) {
- p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL;
- } else if (auth_info.auth_level == RPC_PIPE_AUTH_SIGN_LEVEL) {
- p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN;
- } else {
- DEBUG(0,("Invalid auth level %d on schannel\n",
- auth_info.auth_level));
+ if ((auth_info.auth_type != NETSEC_AUTH_TYPE) ||
+ (auth_info.auth_level != RPC_PIPE_AUTH_SEAL_LEVEL)) {
+ DEBUG(0,("Invalid auth info %d or level %d on schannel\n",
+ auth_info.auth_type, auth_info.auth_level));
return False;
}
@@ -1358,7 +1350,7 @@ BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in)
}
if (!netsec_decode(&p->netsec_auth,
- p->netsec_auth.auth_flags,
+ AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL,
SENDER_IS_INITIATOR,
&netsec_chk,
prs_data_p(rpc_in)+old_offset, data_len)) {
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 71e5bc7d70b..261d641ab10 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -467,7 +467,7 @@ static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
@@ -510,7 +510,7 @@ static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 4, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
@@ -549,7 +549,7 @@ static NTSTATUS samr_make_grp_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
@@ -588,7 +588,7 @@ static NTSTATUS samr_make_ali_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
@@ -719,7 +719,7 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UN
for (i = 0; i < num_entries; i++) {
pwd = &disp_user_info[i+start_idx];
temp_name = pdb_get_username(pwd);
- init_unistr2(&uni_temp_name, temp_name, UNI_STR_TERMINATE);
+ init_unistr2(&uni_temp_name, temp_name, strlen(temp_name)+1);
user_sid = pdb_get_user_sid(pwd);
if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
@@ -731,7 +731,7 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UN
return NT_STATUS_UNSUCCESSFUL;
}
- init_sam_entry(&sam[i], &uni_temp_name, user_rid);
+ init_sam_entry(&sam[i], uni_temp_name.uni_str_len, user_rid);
copy_unistr2(&uni_name[i], &uni_temp_name);
}
@@ -865,8 +865,10 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNIST
/*
* JRA. I think this should include the null. TNG does not.
*/
- init_unistr2(&uni_name[i], grp[i].name, UNI_STR_TERMINATE);
- init_sam_entry(&sam[i], &uni_name[i], grp[i].rid);
+ int len = strlen(grp[i].name)+1;
+
+ init_sam_entry(&sam[i], len, grp[i].rid);
+ init_unistr2(&uni_name[i], grp[i].name, len);
}
*sam_pp = sam;
@@ -1578,9 +1580,10 @@ static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names, fstring nam
}
for (i = 0; i < num_names; i++) {
- DEBUG(10, ("names[%d]:%s\n", i, names[i] ? names[i] : ""));
- init_unistr2(&uni_name[i], names[i], UNI_FLAGS_NONE);
- init_uni_hdr(&hdr_name[i], &uni_name[i]);
+ int len = names[i] != NULL ? strlen(names[i]) : 0;
+ DEBUG(10, ("names[%d]:%s\n", i, names[i]));
+ init_uni_hdr(&hdr_name[i], len);
+ init_unistr2(&uni_name[i], names[i], len);
}
*pp_uni_name = uni_name;
@@ -2567,8 +2570,10 @@ static BOOL make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam,
return False;
for (i = 0; i < num_sam_entries; i++) {
- init_unistr2(&uni_name[i], doms[i], UNI_FLAGS_NONE);
- init_sam_entry(&sam[i], &uni_name[i], 0);
+ int len = doms[i] != NULL ? strlen(doms[i]) : 0;
+
+ init_sam_entry(&sam[i], len, 0);
+ init_unistr2(&uni_name[i], doms[i], len);
}
*pp_sam = sam;
diff --git a/source/rpc_server/srv_samr_util.c b/source/rpc_server/srv_samr_util.c
index db6649073e9..b81c4418114 100644
--- a/source/rpc_server/srv_samr_util.c
+++ b/source/rpc_server/srv_samr_util.c
@@ -189,7 +189,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
}
- DEBUG(10,("INFO_21 UNKNOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
+ DEBUG(10,("INFO_21 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
if (from->unknown_3 != pdb_get_unknown_3(to)) {
pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED);
}
@@ -208,17 +208,12 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
/* Fix me: only update if it changes --metze */
pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
- DEBUG(10,("INFO_21 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
- if (from->bad_password_count != pdb_get_bad_password_count(to)) {
- pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
+ DEBUG(10,("INFO_21 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
+ if (from->unknown_5 != pdb_get_unknown_5(to)) {
+ pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
}
- DEBUG(10,("INFO_21 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
- if (from->logon_count != pdb_get_logon_count(to)) {
- pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
- }
-
- DEBUG(10,("INFO_21 UNKNOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
+ DEBUG(10,("INFO_21 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
if (from->unknown_6 != pdb_get_unknown_6(to)) {
pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED);
}
@@ -418,14 +413,9 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
/* Fix me: only update if it changes --metze */
pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
- DEBUG(10,("INFO_23 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
- if (from->bad_password_count != pdb_get_bad_password_count(to)) {
- pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
- }
-
- DEBUG(10,("INFO_23 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
- if (from->logon_count != pdb_get_logon_count(to)) {
- pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
+ DEBUG(10,("INFO_23 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
+ if (from->unknown_5 != pdb_get_unknown_5(to)) {
+ pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
}
DEBUG(10,("INFO_23 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c
index f2fb02176b5..7159527a7d8 100644
--- a/source/rpc_server/srv_spoolss_nt.c
+++ b/source/rpc_server/srv_spoolss_nt.c
@@ -690,7 +690,7 @@ static void notify_string(struct spoolss_notify_msg *msg,
/* The length of the message includes the trailing \0 */
- init_unistr2(&unistr, msg->notify.data, UNI_STR_TERMINATE);
+ init_unistr2(&unistr, msg->notify.data, msg->len);
data->notify_data.data.length = msg->len * 2;
data->notify_data.data.string = (uint16 *)talloc(mem_ctx, msg->len * 2);
@@ -1803,7 +1803,7 @@ Can't find printer handle we created for printer %s\n", name ));
&& (RA_WIN2K == get_remote_arch()) )
{
DEBUG(10,("_spoolss_open_printer_ex: Enabling LAN/WAN hack for Win2k clients.\n"));
- sys_usleep( 500000 );
+ usleep( 500000 );
}
return WERR_OK;
@@ -6121,7 +6121,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
*/
if (!strequal(printer->info_2->comment, old_printer->info_2->comment)) {
- init_unistr2( &buffer, printer->info_2->comment, UNI_STR_TERMINATE);
+ init_unistr2( &buffer, printer->info_2->comment, strlen(printer->info_2->comment)+1 );
set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "description",
REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
@@ -6129,7 +6129,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
}
if (!strequal(printer->info_2->sharename, old_printer->info_2->sharename)) {
- init_unistr2( &buffer, printer->info_2->sharename, UNI_STR_TERMINATE);
+ init_unistr2( &buffer, printer->info_2->sharename, strlen(printer->info_2->sharename)+1 );
set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "printerName",
REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "shareName",
@@ -6139,7 +6139,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
}
if (!strequal(printer->info_2->portname, old_printer->info_2->portname)) {
- init_unistr2( &buffer, printer->info_2->portname, UNI_STR_TERMINATE);
+ init_unistr2( &buffer, printer->info_2->portname, strlen(printer->info_2->portname)+1 );
set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "portName",
REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
@@ -6147,7 +6147,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
}
if (!strequal(printer->info_2->location, old_printer->info_2->location)) {
- init_unistr2( &buffer, printer->info_2->location, UNI_STR_TERMINATE);
+ init_unistr2( &buffer, printer->info_2->location, strlen(printer->info_2->location)+1 );
set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "location",
REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
@@ -6157,7 +6157,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
/* here we need to update some more DsSpooler keys */
/* uNCName, serverName, shortServerName */
- init_unistr2( &buffer, global_myname(), UNI_STR_TERMINATE);
+ init_unistr2( &buffer, global_myname(), strlen(global_myname())+1 );
set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "serverName",
REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "shortServerName",
@@ -6165,7 +6165,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
slprintf( asc_buffer, sizeof(asc_buffer)-1, "\\\\%s\\%s",
global_myname(), printer->info_2->sharename );
- init_unistr2( &buffer, asc_buffer, UNI_STR_TERMINATE);
+ init_unistr2( &buffer, asc_buffer, strlen(asc_buffer)+1 );
set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "uNCName",
REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
diff --git a/source/rpc_server/srv_srvsvc_nt.c b/source/rpc_server/srv_srvsvc_nt.c
index 4d1cf9bddcb..ea66a7d38b4 100644
--- a/source/rpc_server/srv_srvsvc_nt.c
+++ b/source/rpc_server/srv_srvsvc_nt.c
@@ -184,7 +184,7 @@ static SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, int snum, size_t *
init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
- psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, psize);
+ psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, psize);
}
if (!psd) {
diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c
index 34c6fc35abd..722d66621a6 100644
--- a/source/rpcclient/cmd_samr.c
+++ b/source/rpcclient/cmd_samr.c
@@ -85,8 +85,7 @@ static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
printf("\tunknown_3:\t0x%08x\n", usr->unknown_3); /* 0x00ff ffff */
printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
- printf("\tbad_password_count:\t0x%08x\n", usr->bad_password_count);
- printf("\tlogon_count:\t0x%08x\n", usr->logon_count);
+ printf("\tunknown_5:\t0x%08x\n", usr->unknown_5); /* 0x0002 0000 */
printf("\tpadding1[0..7]...\n");
diff --git a/source/rpcclient/cmd_spoolss.c b/source/rpcclient/cmd_spoolss.c
index 05bfb2a0dcc..61e100c03bb 100644
--- a/source/rpcclient/cmd_spoolss.c
+++ b/source/rpcclient/cmd_spoolss.c
@@ -1568,7 +1568,7 @@ static WERROR cmd_spoolss_addform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
form.right = 20;
form.bottom = 30;
- init_unistr2(&form.name, argv[2], UNI_STR_TERMINATE);
+ init_unistr2(&form.name, argv[2], strlen(argv[2]) + 1);
/* Add the form */
@@ -1627,7 +1627,7 @@ static WERROR cmd_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
form.right = 2000;
form.bottom = 3000;
- init_unistr2(&form.name, argv[2], UNI_STR_TERMINATE);
+ init_unistr2(&form.name, argv[2], strlen(argv[2]) + 1);
/* Set the form */
diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c
index 773441a27cc..515489292bc 100644
--- a/source/rpcclient/rpcclient.c
+++ b/source/rpcclient/rpcclient.c
@@ -352,33 +352,38 @@ static NTSTATUS cmd_none(struct cli_state *cli, TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-static NTSTATUS setup_schannel(struct cli_state *cli, int pipe_auth_flags,
- int argc, const char **argv)
+static NTSTATUS cmd_schannel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
{
NTSTATUS ret;
- static uchar zeros[16];
uchar trust_password[16];
uint32 sec_channel_type;
+ static uchar zeros[16];
+
if (argc == 2) {
strhex_to_str((char *)cli->auth_info.sess_key,
strlen(argv[1]),
argv[1]);
memcpy(cli->sess_key, cli->auth_info.sess_key, sizeof(cli->sess_key));
- cli->pipe_auth_flags = pipe_auth_flags;
+ cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
+ cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
+ cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
+
return NT_STATUS_OK;
}
/* Cleanup */
if ((memcmp(cli->auth_info.sess_key, zeros, sizeof(cli->auth_info.sess_key)) != 0)) {
- if (cli->pipe_auth_flags == pipe_auth_flags) {
+ if (cli->pipe_auth_flags == (AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL)) {
/* already in this mode nothing to do */
return NT_STATUS_OK;
} else {
- /* schannel is setup, just need to use it again with new flags */
- cli->pipe_auth_flags = pipe_auth_flags;
-
+ /* schannel is setup, just need to use it again */
+ cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
+ cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
+ cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
if (cli->nt_pipe_fnum != 0)
cli_nt_session_close(cli);
return NT_STATUS_OK;
@@ -388,13 +393,17 @@ static NTSTATUS setup_schannel(struct cli_state *cli, int pipe_auth_flags,
if (cli->nt_pipe_fnum != 0)
cli_nt_session_close(cli);
+ cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
+ cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
+ cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
+
if (!secrets_fetch_trust_account_password(lp_workgroup(),
trust_password,
NULL, &sec_channel_type)) {
return NT_STATUS_UNSUCCESSFUL;
}
- ret = cli_nt_setup_netsec(cli, sec_channel_type, pipe_auth_flags, trust_password);
+ ret = cli_nt_setup_netsec(cli, sec_channel_type, trust_password);
if (NT_STATUS_IS_OK(ret)) {
char *hex_session_key;
hex_encode(cli->auth_info.sess_key,
@@ -406,24 +415,6 @@ static NTSTATUS setup_schannel(struct cli_state *cli, int pipe_auth_flags,
return ret;
}
-
-static NTSTATUS cmd_schannel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
- int argc, const char **argv)
-{
- d_printf("Setting schannel - sign and seal\n");
- return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL,
- argc, argv);
-}
-
-static NTSTATUS cmd_schannel_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx,
- int argc, const char **argv)
-{
- d_printf("Setting schannel - sign only\n");
- return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN,
- argc, argv);
-}
-
-
/* Built in rpcclient commands */
static struct cmd_set rpcclient_commands[] = {
@@ -439,7 +430,6 @@ static struct cmd_set rpcclient_commands[] = {
{ "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, -1, "Force RPC pipe connections to be signed", "" },
{ "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, -1, "Force RPC pipe connections to be sealed", "" },
{ "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, -1, "Force RPC pipe connections to be sealed with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
- { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, -1, "Force RPC pipe connections to be signed (not sealed) with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
{ "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, -1, "Force RPC pipe connections to have no special properties", "" },
{ NULL }
@@ -532,7 +522,9 @@ static NTSTATUS do_cmd(struct cli_state *cli,
/* some of the DsXXX commands use the netlogon pipe */
if (lp_client_schannel() && (cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ /* The 7 here seems to be required to get Win2k not to downgrade us
+ to NT4. Actually, anything other than 1ff would seem to do... */
+ uint32 neg_flags = 0x000001ff;
uint32 sec_channel_type;
if (!secrets_fetch_trust_account_password(lp_workgroup(),
diff --git a/source/sam/account.c b/source/sam/account.c
deleted file mode 100644
index b8336146cda..00000000000
--- a/source/sam/account.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Jeremy Allison 1996-2001
- Copyright (C) Luke Kenneth Casson Leighton 1996-1998
- Copyright (C) Gerald (Jerry) Carter 2000-2001
- Copyright (C) Andrew Bartlett 2001-2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/************************************************************
- Fill the SAM_ACCOUNT_HANDLE with default values.
- ***********************************************************/
-
-static void sam_fill_default_account(SAM_ACCOUNT_HANDLE *account)
-{
- ZERO_STRUCT(account->private); /* Don't touch the talloc context */
-
- /* Don't change these timestamp settings without a good reason.
- They are important for NT member server compatibility. */
-
- /* FIXME: We should actually call get_nt_time_max() or sthng
- * here */
- unix_to_nt_time(&(account->private.logoff_time),get_time_t_max());
- unix_to_nt_time(&(account->private.kickoff_time),get_time_t_max());
- unix_to_nt_time(&(account->private.pass_must_change_time),get_time_t_max());
- account->private.unknown_1 = 0x00ffffff; /* don't know */
- account->private.logon_divs = 168; /* hours per week */
- account->private.hours_len = 21; /* 21 times 8 bits = 168 */
- memset(account->private.hours, 0xff, account->private.hours_len); /* available at all hours */
- account->private.unknown_2 = 0x00000000; /* don't know */
- account->private.unknown_3 = 0x000004ec; /* don't know */
-}
-
-static void destroy_sam_talloc(SAM_ACCOUNT_HANDLE **account)
-{
- if (*account) {
- data_blob_clear_free(&((*account)->private.lm_pw));
- data_blob_clear_free(&((*account)->private.nt_pw));
- if((*account)->private.plaintext_pw!=NULL)
- memset((*account)->private.plaintext_pw,'\0',strlen((*account)->private.plaintext_pw));
-
- talloc_destroy((*account)->mem_ctx);
- *account = NULL;
- }
-}
-
-
-/**********************************************************************
- Alloc memory and initialises a SAM_ACCOUNT_HANDLE on supplied mem_ctx.
-***********************************************************************/
-
-NTSTATUS sam_init_account_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT_HANDLE **account)
-{
- SMB_ASSERT(*account != NULL);
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_account_talloc: mem_ctx was NULL!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *account=(SAM_ACCOUNT_HANDLE *)talloc(mem_ctx, sizeof(SAM_ACCOUNT_HANDLE));
-
- if (*account==NULL) {
- DEBUG(0,("sam_init_account_talloc: error while allocating memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*account)->mem_ctx = mem_ctx;
-
- (*account)->free_fn = NULL;
-
- sam_fill_default_account(*account);
-
- return NT_STATUS_OK;
-}
-
-
-/*************************************************************
- Alloc memory and initialises a struct sam_passwd.
- ************************************************************/
-
-NTSTATUS sam_init_account(SAM_ACCOUNT_HANDLE **account)
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS nt_status;
-
- mem_ctx = talloc_init("sam internal SAM_ACCOUNT_HANDLE allocation");
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_account: error while doing talloc_init()\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_init_account_talloc(mem_ctx, account))) {
- talloc_destroy(mem_ctx);
- return nt_status;
- }
-
- (*account)->free_fn = destroy_sam_talloc;
-
- return NT_STATUS_OK;
-}
-
-/**
- * Free the contents of the SAM_ACCOUNT_HANDLE, but not the structure.
- *
- * Also wipes the LM and NT hashes and plaintext password from
- * memory.
- *
- * @param account SAM_ACCOUNT_HANDLE to free members of.
- **/
-
-static void sam_free_account_contents(SAM_ACCOUNT_HANDLE *account)
-{
-
- /* Kill off sensitive data. Free()ed by the
- talloc mechinism */
-
- data_blob_clear_free(&(account->private.lm_pw));
- data_blob_clear_free(&(account->private.nt_pw));
- if (account->private.plaintext_pw)
- memset(account->private.plaintext_pw,'\0',strlen(account->private.plaintext_pw));
-}
-
-
-/************************************************************
- Reset the SAM_ACCOUNT_HANDLE and free the NT/LM hashes.
- ***********************************************************/
-
-NTSTATUS sam_reset_sam(SAM_ACCOUNT_HANDLE *account)
-{
- SMB_ASSERT(account != NULL);
-
- sam_free_account_contents(account);
-
- sam_fill_default_account(account);
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Free the SAM_ACCOUNT_HANDLE and the member pointers.
- ***********************************************************/
-
-NTSTATUS sam_free_account(SAM_ACCOUNT_HANDLE **account)
-{
- SMB_ASSERT(*account != NULL);
-
- sam_free_account_contents(*account);
-
- if ((*account)->free_fn) {
- (*account)->free_fn(account);
- }
-
- return NT_STATUS_OK;
-}
-
-
-/**********************************************************
- Encode the account control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
-{
- static fstring acct_str;
- size_t i = 0;
-
- acct_str[i++] = '[';
-
- if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
- if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
- if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
- if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
- if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
- if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
- if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
- if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
- if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
- if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
- if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
-
- for ( ; i < length - 2 ; i++ )
- acct_str[i] = ' ';
-
- i = length - 2;
- acct_str[i++] = ']';
- acct_str[i++] = '\0';
-
- return acct_str;
-}
-
-/**********************************************************
- Decode the account control bits from a string.
- **********************************************************/
-
-uint16 sam_decode_acct_ctrl(const char *p)
-{
- uint16 acct_ctrl = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[')
- return 0;
-
- for (p++; *p && !finished; p++) {
- switch (*p) {
- case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
- case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
- case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
- case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ }
- case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ }
- case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ }
- case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ }
- case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ }
- case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ }
- case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ }
- case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
- }
- }
-
- return acct_ctrl;
-}
-
-/*************************************************************
- Routine to set 32 hex password characters from a 16 byte array.
-**************************************************************/
-
-void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl)
-{
- if (pwd != NULL) {
- int i;
- for (i = 0; i < 16; i++)
- slprintf(&p[i*2], 3, "%02X", pwd[i]);
- } else {
- if (acct_ctrl & ACB_PWNOTREQ)
- safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
- else
- safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
- }
-}
-
-/*************************************************************
- Routine to get the 32 hex characters and turn them
- into a 16 byte array.
-**************************************************************/
-
-BOOL sam_gethexpwd(const char *p, unsigned char *pwd)
-{
- int i;
- unsigned char lonybble, hinybble;
- char *hexchars = "0123456789ABCDEF";
- char *p1, *p2;
-
- if (!p)
- return (False);
-
- for (i = 0; i < 32; i += 2) {
- hinybble = toupper(p[i]);
- lonybble = toupper(p[i + 1]);
-
- p1 = strchr(hexchars, hinybble);
- p2 = strchr(hexchars, lonybble);
-
- if (!p1 || !p2)
- return (False);
-
- hinybble = PTR_DIFF(p1, hexchars);
- lonybble = PTR_DIFF(p2, hexchars);
-
- pwd[i / 2] = (hinybble << 4) | lonybble;
- }
- return (True);
-}
diff --git a/source/sam/group.c b/source/sam/group.c
deleted file mode 100644
index 101e3dd7ce1..00000000000
--- a/source/sam/group.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM_GROUP_HANDLE /SAM_GROUP_ENUM helpers
-
- Copyright (C) Stefan (metze) Metzmacher 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/************************************************************
- Fill the SAM_GROUP_HANDLE with default values.
- ***********************************************************/
-
-static void sam_fill_default_group(SAM_GROUP_HANDLE *group)
-{
- ZERO_STRUCT(group->private); /* Don't touch the talloc context */
-
-}
-
-static void destroy_sam_group_handle_talloc(SAM_GROUP_HANDLE **group)
-{
- if (*group) {
-
- talloc_destroy((*group)->mem_ctx);
- *group = NULL;
- }
-}
-
-
-/**********************************************************************
- Alloc memory and initialises a SAM_GROUP_HANDLE on supplied mem_ctx.
-***********************************************************************/
-
-NTSTATUS sam_init_group_talloc(TALLOC_CTX *mem_ctx, SAM_GROUP_HANDLE **group)
-{
- SMB_ASSERT(*group != NULL);
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_group_talloc: mem_ctx was NULL!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *group=(SAM_GROUP_HANDLE *)talloc(mem_ctx, sizeof(SAM_GROUP_HANDLE));
-
- if (*group==NULL) {
- DEBUG(0,("sam_init_group_talloc: error while allocating memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*group)->mem_ctx = mem_ctx;
-
- (*group)->free_fn = NULL;
-
- sam_fill_default_group(*group);
-
- return NT_STATUS_OK;
-}
-
-
-/*************************************************************
- Alloc memory and initialises a struct SAM_GROUP_HANDLE.
- ************************************************************/
-
-NTSTATUS sam_init_group(SAM_GROUP_HANDLE **group)
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS nt_status;
-
- mem_ctx = talloc_init("sam internal SAM_GROUP_HANDLE allocation");
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_group: error while doing talloc_init()\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_init_group_talloc(mem_ctx, group))) {
- talloc_destroy(mem_ctx);
- return nt_status;
- }
-
- (*group)->free_fn = destroy_sam_group_handle_talloc;
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Reset the SAM_GROUP_HANDLE.
- ***********************************************************/
-
-NTSTATUS sam_reset_group(SAM_GROUP_HANDLE *group)
-{
- SMB_ASSERT(group != NULL);
-
- sam_fill_default_group(group);
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Free the SAM_GROUP_HANDLE and the member pointers.
- ***********************************************************/
-
-NTSTATUS sam_free_group(SAM_ACCOUNT_HANDLE **group)
-{
- SMB_ASSERT(*group != NULL);
-
- if ((*group)->free_fn) {
- (*group)->free_fn(group);
- }
-
- return NT_STATUS_OK;
-}
-
-
-/**********************************************************
- Encode the group control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *sam_encode_acct_ctrl(uint16 group_ctrl, size_t length)
-{
- static fstring group_str;
- size_t i = 0;
-
- group_str[i++] = '[';
-
- if (group_ctrl & GCB_LOCAL_GROUP ) group_str[i++] = 'L';
- if (group_ctrl & GCB_GLOBAL_GROUP ) group_str[i++] = 'G';
-
- for ( ; i < length - 2 ; i++ )
- group_str[i] = ' ';
-
- i = length - 2;
- group_str[i++] = ']';
- group_str[i++] = '\0';
-
- return group_str;
-}
-
-/**********************************************************
- Decode the group control bits from a string.
- **********************************************************/
-
-uint16 sam_decode_group_ctrl(const char *p)
-{
- uint16 group_ctrl = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[')
- return 0;
-
- for (p++; *p && !finished; p++) {
- switch (*p) {
- case 'L': { group_ctrl |= GCB_LOCAL_GROUP; break; /* 'L'ocal Aliases Group. */ }
- case 'G': { group_ctrl |= GCB_GLOBAL_GROUP; break; /* 'G'lobal Domain Group. */ }
-
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
- }
- }
-
- return group_ctrl;
-}
-
diff --git a/source/sam/gumm_tdb.c b/source/sam/gumm_tdb.c
deleted file mode 100644
index 5da2407faac..00000000000
--- a/source/sam/gumm_tdb.c
+++ /dev/null
@@ -1,1196 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * SMB parameters and setup
- * Copyright (C) Andrew Tridgell 1992-1998
- * Copyright (C) Simo Sorce 2000-2002
- * Copyright (C) Gerald Carter 2000
- * Copyright (C) Jeremy Allison 2001
- * Copyright (C) Andrew Bartlett 2002
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-#include "tdbsam2.h"
-#include "tdbsam2_parse_info.h"
-
-static int tdbgumm_debug_level = DBGC_ALL;
-#undef DBGC_CLASS
-#define DBGC_CLASS tdbgumm_debug_level
-
-#define TDBSAM_VERSION 20021215
-#define TDB_FILE_NAME "tdbsam2.tdb"
-#define NAMEPREFIX "NAME_"
-#define SIDPREFIX "SID_"
-#define PRIVILEGEPREFIX "PRIV_"
-
-#define TDB_FORMAT_STRING "ddB"
-
-#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", FUNCTION_MACRO)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0)
-
-struct tdbsam2_enum_objs {
- uint32 type;
- fstring dom_sid;
- TDB_CONTEXT *db;
- TDB_DATA key;
- struct tdbsam2_enum_objs *next;
-};
-
-union tdbsam2_data {
- struct tdbsam2_domain_data *domain;
- struct tdbsam2_user_data *user;
- struct tdbsam2_group_data *group;
-};
-
-struct tdbsam2_object {
- uint32 type;
- uint32 version;
- union tdbsam2_data data;
-};
-
-static TDB_CONTEXT *tdbsam2_db;
-
-struct tdbsam2_enum_objs **teo_handlers;
-
-static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size)
-{
-
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- int iret;
- char *obj_data;
- int data_size = 0;
- int len;
-
- len = tdb_unpack (buffer, size, TDB_FORMAT_STRING,
- &(object->version),
- &(object->type),
- &data_size, &obj_data);
-
- if (len == -1)
- goto done;
-
- /* version is checked inside this function so that backward compatibility code can be
- called eventually.
- this way we can easily handle database format upgrades */
- if (object->version != TDBSAM_VERSION) {
- DEBUG(3,("init_tdbsam2_object_from_buffer: Error, db object has wrong tdbsam version!\n"));
- goto done;
- }
-
- /* be sure the string is terminated before trying to parse it */
- if (obj_data[data_size - 1] != '\0')
- obj_data[data_size - 1] = '\0';
-
- switch (object->type) {
- case GUMS_OBJ_DOMAIN:
- object->data.domain = (struct tdbsam2_domain_data *)talloc(mem_ctx, sizeof(struct tdbsam2_domain_data));
- TALLOC_CHECK(object->data.domain, ret, done);
- memset(object->data.domain, 0, sizeof(struct tdbsam2_domain_data));
-
- iret = gen_parse(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), obj_data);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- object->data.group = (struct tdbsam2_group_data *)talloc(mem_ctx, sizeof(struct tdbsam2_group_data));
- TALLOC_CHECK(object->data.group, ret, done);
- memset(object->data.group, 0, sizeof(struct tdbsam2_group_data));
-
- iret = gen_parse(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), obj_data);
- break;
- case GUMS_OBJ_NORMAL_USER:
- object->data.user = (struct tdbsam2_user_data *)talloc(mem_ctx, sizeof(struct tdbsam2_user_data));
- TALLOC_CHECK(object->data.user, ret, done);
- memset(object->data.user, 0, sizeof(struct tdbsam2_user_data));
-
- iret = gen_parse(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), obj_data);
- break;
- default:
- DEBUG(3,("init_tdbsam2_object_from_buffer: Error, wrong object type number!\n"));
- goto done;
- }
-
- if (iret != 0) {
- DEBUG(0,("init_tdbsam2_object_from_buffer: Fatal Error! Unable to parse object!\n"));
- DEBUG(0,("init_tdbsam2_object_from_buffer: DB Corrupted ?"));
- goto done;
- }
-
- ret = NT_STATUS_OK;
-done:
- SAFE_FREE(obj_data);
- return ret;
-}
-
-static NTSTATUS init_buffer_from_tdbsam2_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, struct tdbsam2_object *object)
-{
-
- NTSTATUS ret;
- char *buf1 = NULL;
- size_t buflen;
-
- if (!buffer)
- return NT_STATUS_INVALID_PARAMETER;
-
- switch (object->type) {
- case GUMS_OBJ_DOMAIN:
- buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), 0);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), 0);
- break;
- case GUMS_OBJ_NORMAL_USER:
- buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), 0);
- break;
- default:
- DEBUG(3,("init_buffer_from_tdbsam2_object: Error, wrong object type number!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (buf1 == NULL) {
- DEBUG(0, ("init_buffer_from_tdbsam2_object: Fatal Error! Unable to dump object!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- buflen = tdb_pack(NULL, 0, TDB_FORMAT_STRING,
- TDBSAM_VERSION,
- object->type,
- strlen(buf1) + 1, buf1);
-
- *buffer = talloc(mem_ctx, buflen);
- TALLOC_CHECK(*buffer, ret, done);
-
- *len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING,
- TDBSAM_VERSION,
- object->type,
- strlen(buf1) + 1, buf1);
-
- if (*len != buflen) {
- DEBUG(0, ("init_tdb_data_from_tdbsam2_object: somthing odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n",
- buflen, *len));
- *buffer = NULL;
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ret = NT_STATUS_OK;
-done:
- return ret;
-}
-
-static NTSTATUS opentdb(void)
-{
- if (!tdbsam2_db) {
- pstring tdbfile;
- get_private_directory(tdbfile);
- pstrcat(tdbfile, "/");
- pstrcat(tdbfile, TDB_FILE_NAME);
-
- tdbsam2_db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
- if (!tdbsam2_db)
- {
- DEBUG(0, ("opentdb: Unable to open database (%s)!\n", tdbfile));
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS get_object_by_sid(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const DOM_SID *sid)
-{
- NTSTATUS ret;
- TDB_DATA data, key;
- fstring keystr;
-
- if (!obj || !mem_ctx || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- return ret;
- }
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid));
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdbsam2_db, key);
- if (!data.dptr) {
- DEBUG(5, ("get_object_by_sid: Error fetching database, domain entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
- SAFE_FREE(data.dptr);
-
- return NT_STATUS_OK;
-
-}
-
-static NTSTATUS get_object_by_name(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const char* name)
-{
-
- NTSTATUS ret;
- TDB_DATA data, key;
- fstring keystr;
- fstring objname;
- DOM_SID sid;
- char *obj_sidstr;
- int obj_version, obj_type, obj_sidstr_len, len;
-
- if (!obj || !mem_ctx || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- return ret;
- }
-
- fstrcpy(objname, name);
- strlower(objname);
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname);
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdbsam2_db, key);
- if (!data.dptr) {
- DEBUG(5, ("get_object_by_name: Error fetching database, domain entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING,
- &obj_version,
- &obj_type,
- &obj_sidstr_len, &obj_sidstr);
-
- SAFE_FREE(data.dptr);
-
- if (len == -1 || obj_version != TDBSAM_VERSION || obj_sidstr_len <= 0) {
- DEBUG(5, ("get_object_by_name: Error unpacking database object!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!string_to_sid(&sid, obj_sidstr)) {
- DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n"));
- SAFE_FREE(obj_sidstr);
- return NT_STATUS_UNSUCCESSFUL;
- }
- SAFE_FREE(obj_sidstr);
-
- return get_object_by_sid(mem_ctx, obj, &sid);
-}
-
-static NTSTATUS store_object(TALLOC_CTX *mem_ctx, struct tdbsam2_object *object, BOOL new_obj)
-{
-
- NTSTATUS ret;
- TDB_DATA data, key, key2;
- fstring keystr;
- fstring namestr;
- int flag, r;
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- return ret;
- }
-
- if (new_obj) {
- flag = TDB_INSERT;
- } else {
- flag = TDB_MODIFY;
- }
-
- ret = init_buffer_from_tdbsam2_object(&(data.dptr), &(data.dsize), mem_ctx, object);
- if (NT_STATUS_IS_ERR(ret))
- return ret;
-
- switch (object->type) {
- case GUMS_OBJ_DOMAIN:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.domain->dom_sid));
- slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.domain->name);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.group->group_sid));
- slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.group->name);
- break;
- case GUMS_OBJ_NORMAL_USER:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.user->user_sid));
- slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.user->name);
- break;
- default:
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- if ((r = tdb_store(tdbsam2_db, key, data, flag)) != TDB_SUCCESS) {
- DEBUG(0, ("store_object: Unable to modify SAM!\n"));
- DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
- if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
-
- key2.dptr = namestr;
- key2.dsize = strlen(namestr) + 1;
-
- if ((r = tdb_store(tdbsam2_db, key2, key, flag)) != TDB_SUCCESS) {
- DEBUG(0, ("store_object: Unable to modify SAM!\n"));
- DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
- if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
-/* TODO: update the general database counter */
-/* TODO: update this entry counter too */
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID **sid)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- DOM_SID *dom_sid = get_global_sam_sid();
- uint32 new_rid;
-
-/* TODO: LOCK DOMAIN OBJECT */
- ret = get_object_by_sid(mem_ctx, &obj, dom_sid);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("get_next_sid: unable to get root Domain object!\n"));
- ret = NT_STATUS_INTERNAL_DB_ERROR;
- goto error;
- }
-
- new_rid = obj.data.domain->next_rid;
-
- /* Increment the RID Counter */
- obj.data.domain->next_rid++;
-
- /* Store back Domain object */
- ret = store_object(mem_ctx, &obj, False);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("get_next_sid: unable to update root Domain object!\n"));
- ret = NT_STATUS_INTERNAL_DB_ERROR;
- goto error;
- }
-/* TODO: UNLOCK DOMAIN OBJECT */
-
- *sid = sid_dup_talloc(mem_ctx, dom_sid);
- TALLOC_CHECK(*sid, ret, error);
-
- if (!sid_append_rid(*sid, new_rid)) {
- DEBUG(0, ("get_next_sid: unable to build new SID !?!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto error;
- }
-
- return NT_STATUS_OK;
-
-error:
- return ret;
-}
-
-static NTSTATUS user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata)
-{
- NTSTATUS ret;
-
- if (!object || !userdata) {
- DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* userdata->xcounter */
- /* userdata->sec_desc */
-
- SET_OR_FAIL(gums_set_object_sid(*object, userdata->user_sid), error);
- SET_OR_FAIL(gums_set_object_name(*object, userdata->name), error);
-
- SET_OR_FAIL(gums_set_user_pri_group(*object, userdata->group_sid), error);
-
- if (userdata->description)
- SET_OR_FAIL(gums_set_object_description(*object, userdata->description), error);
-
- if (userdata->full_name)
- SET_OR_FAIL(gums_set_user_fullname(*object, userdata->full_name), error);
-
- if (userdata->home_dir)
- SET_OR_FAIL(gums_set_user_homedir(*object, userdata->home_dir), error);
-
- if (userdata->dir_drive)
- SET_OR_FAIL(gums_set_user_dir_drive(*object, userdata->dir_drive), error);
-
- if (userdata->logon_script)
- SET_OR_FAIL(gums_set_user_logon_script(*object, userdata->logon_script), error);
-
- if (userdata->profile_path)
- SET_OR_FAIL(gums_set_user_profile_path(*object, userdata->profile_path), error);
-
- if (userdata->workstations)
- SET_OR_FAIL(gums_set_user_workstations(*object, userdata->workstations), error);
-
- if (userdata->unknown_str)
- SET_OR_FAIL(gums_set_user_unknown_str(*object, userdata->unknown_str), error);
-
- if (userdata->munged_dial)
- SET_OR_FAIL(gums_set_user_munged_dial(*object, userdata->munged_dial), error);
-
- SET_OR_FAIL(gums_set_user_logon_divs(*object, userdata->logon_divs), error);
- SET_OR_FAIL(gums_set_user_hours_len(*object, userdata->hours_len), error);
-
- if (userdata->hours)
- SET_OR_FAIL(gums_set_user_hours(*object, userdata->hours), error);
-
- SET_OR_FAIL(gums_set_user_unknown_3(*object, userdata->unknown_3), error);
- SET_OR_FAIL(gums_set_user_unknown_5(*object, userdata->unknown_5), error);
- SET_OR_FAIL(gums_set_user_unknown_6(*object, userdata->unknown_6), error);
-
- SET_OR_FAIL(gums_set_user_logon_time(*object, *(userdata->logon_time)), error);
- SET_OR_FAIL(gums_set_user_logoff_time(*object, *(userdata->logoff_time)), error);
- SET_OR_FAIL(gums_set_user_kickoff_time(*object, *(userdata->kickoff_time)), error);
- SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, *(userdata->pass_last_set_time)), error);
- SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, *(userdata->pass_can_change_time)), error);
- SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, *(userdata->pass_must_change_time)), error);
-
- ret = NT_STATUS_OK;
- return ret;
-
-error:
- talloc_destroy((*object)->mem_ctx);
- *object = NULL;
- return ret;
-}
-
-static NTSTATUS group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata)
-{
- NTSTATUS ret;
-
- if (!object || !groupdata) {
- DEBUG(0, ("tdbsam2_group_data_to_gums_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* groupdata->xcounter */
- /* groupdata->sec_desc */
-
- SET_OR_FAIL(gums_set_object_sid(*object, groupdata->group_sid), error);
- SET_OR_FAIL(gums_set_object_name(*object, groupdata->name), error);
-
- if (groupdata->description)
- SET_OR_FAIL(gums_set_object_description(*object, groupdata->description), error);
-
- if (groupdata->count)
- SET_OR_FAIL(gums_set_group_members(*object, groupdata->count, groupdata->members), error);
-
- ret = NT_STATUS_OK;
- return ret;
-
-error:
- talloc_destroy((*object)->mem_ctx);
- *object = NULL;
- return ret;
-}
-
-static NTSTATUS domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata)
-{
-
- NTSTATUS ret;
-
- if (!object || !*object || !domdata) {
- DEBUG(0, ("tdbsam2_domain_data_to_gums_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* domdata->xcounter */
- /* domdata->sec_desc */
-
- SET_OR_FAIL(gums_set_object_sid(*object, domdata->dom_sid), error);
- SET_OR_FAIL(gums_set_object_name(*object, domdata->name), error);
-
- if (domdata->description)
- SET_OR_FAIL(gums_set_object_description(*object, domdata->description), error);
-
- ret = NT_STATUS_OK;
- return ret;
-
-error:
- talloc_destroy((*object)->mem_ctx);
- *object = NULL;
- return ret;
-}
-
-static NTSTATUS data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data)
-{
-
- NTSTATUS ret;
-
- if (!object || !data) {
- DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL structure pointers are accepted here!\n"));
- ret = NT_STATUS_INVALID_PARAMETER;
- goto done;
- }
-
- ret = gums_create_object(object, data->type);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(5, ("tdbsam2_user_data_to_gums_object: error creating gums object!\n"));
- goto done;
- }
-
- switch (data->type) {
- case GUMS_OBJ_DOMAIN:
- ret = domain_data_to_gums_object(object, data->data.domain);
- break;
-
- case GUMS_OBJ_NORMAL_USER:
- ret = user_data_to_gums_object(object, data->data.user);
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- ret = group_data_to_gums_object(object, data->data.group);
- break;
-
- default:
- ret = NT_STATUS_UNSUCCESSFUL;
- }
-
-done:
- return ret;
-}
-
-
-/* GUMM object functions */
-
-static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name)
-{
-
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- fstring domname;
-
- if (!sid || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- mem_ctx = talloc_init("tdbsam2_get_domain_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- goto done;
- }
-
- fstrcpy(domname, name);
- strlower(domname);
-
- ret = get_object_by_name(mem_ctx, &obj, domname);
-
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n"));
- goto done;
- }
-
- if (obj.type != GUMS_OBJ_DOMAIN) {
- DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- sid_copy(sid, obj.data.domain->dom_sid);
-
- ret = NT_STATUS_OK;
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_set_domain_sid (const DOM_SID *sid, const char *name)
-{
-
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- fstring domname;
-
- if (!sid || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- mem_ctx = talloc_init("tdbsam2_set_domain_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (tdbsam2_db == NULL) {
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- goto done;
- }
- }
-
- fstrcpy(domname, name);
- strlower(domname);
-
-/* TODO: we need to lock this entry until updated! */
-
- ret = get_object_by_name(mem_ctx, &obj, domname);
-
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n"));
- goto done;
- }
-
- if (obj.type != GUMS_OBJ_DOMAIN) {
- DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- sid_copy(obj.data.domain->dom_sid, sid);
-
- ret = store_object(mem_ctx, &obj, False);
-
-done:
-/* TODO: unlock here */
- if (mem_ctx) talloc_destroy(mem_ctx);
- return ret;
-}
-
-/* TODO */
- NTSTATUS (*get_sequence_number) (void);
-
-
-extern DOM_SID global_sid_NULL;
-
-static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type)
-{
-
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- NTTIME zero_time = {0,0};
- const char *defpw = "NOPASSWORDXXXXXX";
- uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255};
-
- if (!sid || !name) {
- DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_new_object");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- obj.type = obj_type;
- obj.version = TDBSAM_VERSION;
-
- switch (obj_type) {
- case GUMS_OBJ_NORMAL_USER:
- obj.data.user = (struct tdbsam2_user_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_user_data));
- TALLOC_CHECK(obj.data.user, ret, done);
-
- get_next_sid(mem_ctx, &(obj.data.user->user_sid));
- TALLOC_CHECK(obj.data.user->user_sid, ret, done);
- sid_copy(sid, obj.data.user->user_sid);
-
- obj.data.user->name = talloc_strdup(mem_ctx, name);
- TALLOC_CHECK(obj.data.user, ret, done);
-
- obj.data.user->xcounter = 1;
- /*obj.data.user->sec_desc*/
- obj.data.user->description = "";
- obj.data.user->group_sid = &global_sid_NULL;
- obj.data.user->logon_time = &zero_time;
- obj.data.user->logoff_time = &zero_time;
- obj.data.user->kickoff_time = &zero_time;
- obj.data.user->pass_last_set_time = &zero_time;
- obj.data.user->pass_can_change_time = &zero_time;
- obj.data.user->pass_must_change_time = &zero_time;
-
- obj.data.user->full_name = "";
- obj.data.user->home_dir = "";
- obj.data.user->dir_drive = "";
- obj.data.user->logon_script = "";
- obj.data.user->profile_path = "";
- obj.data.user->workstations = "";
- obj.data.user->unknown_str = "";
- obj.data.user->munged_dial = "";
-
- obj.data.user->lm_pw_ptr = defpw;
- obj.data.user->nt_pw_ptr = defpw;
-
- obj.data.user->logon_divs = 168;
- obj.data.user->hours_len = 21;
- obj.data.user->hours = &defhours;
-
- obj.data.user->unknown_3 = 0x00ffffff;
- obj.data.user->unknown_5 = 0x00020000;
- obj.data.user->unknown_6 = 0x000004ec;
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- obj.data.group = (struct tdbsam2_group_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_group_data));
- TALLOC_CHECK(obj.data.group, ret, done);
-
- get_next_sid(mem_ctx, &(obj.data.group->group_sid));
- TALLOC_CHECK(obj.data.group->group_sid, ret, done);
- sid_copy(sid, obj.data.group->group_sid);
-
- obj.data.group->name = talloc_strdup(mem_ctx, name);
- TALLOC_CHECK(obj.data.group, ret, done);
-
- obj.data.group->xcounter = 1;
- /*obj.data.group->sec_desc*/
- obj.data.group->description = "";
-
- break;
-
- case GUMS_OBJ_DOMAIN:
-
- /* FIXME: should we check against global_sam_sid to make it impossible
- to store more than one domain ? */
-
- obj.data.domain = (struct tdbsam2_domain_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_domain_data));
- TALLOC_CHECK(obj.data.domain, ret, done);
-
- obj.data.domain->dom_sid = sid_dup_talloc(mem_ctx, get_global_sam_sid());
- TALLOC_CHECK(obj.data.domain->dom_sid, ret, done);
- sid_copy(sid, obj.data.domain->dom_sid);
-
- obj.data.domain->name = talloc_strdup(mem_ctx, name);
- TALLOC_CHECK(obj.data.domain, ret, done);
-
- obj.data.domain->xcounter = 1;
- /*obj.data.domain->sec_desc*/
- obj.data.domain->next_rid = 0x3e9;
- obj.data.domain->description = "";
-
- ret = NT_STATUS_OK;
- break;
-
- default:
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ret = store_object(mem_ctx, &obj, True);
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- TDB_DATA data, key;
- fstring keystr;
-
- if (!sid) {
- DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_delete_object");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_delete_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (tdbsam2_db == NULL) {
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- goto done;
- }
- }
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid));
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdbsam2_db, key);
- if (!data.dptr) {
- DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
- DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- switch (obj.type) {
- case GUMS_OBJ_DOMAIN:
- /* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.domain->name);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.group->name);
- break;
- case GUMS_OBJ_NORMAL_USER:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.user->name);
- break;
- default:
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
- DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
-/* TODO: update the general database counter */
-
-done:
- SAFE_FREE(data.dptr);
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
-
- if (!object || !sid) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_get_object_from_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = get_object_by_sid(mem_ctx, &obj, sid);
- if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n"));
- goto done;
- }
-
- ret = data_to_gums_object(object, &obj);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n"));
- goto done;
- }
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *name, const int obj_type)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
-
- if (!object || !name) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_get_object_from_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = get_object_by_name(mem_ctx, &obj, name);
- if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n"));
- goto done;
- }
-
- ret = data_to_gums_object(object, &obj);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n"));
- goto done;
- }
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
- /* This function is used to get the list of all objects changed since base_time, it is
- used to support PDC<->BDC synchronization */
- NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
-
-static NTSTATUS tdbsam2_enumerate_objects_start(void *handle, const DOM_SID *sid, const int obj_type)
-{
- struct tdbsam2_enum_objs *teo, *t;
- pstring tdbfile;
-
- teo = (struct tdbsam2_enum_objs *)calloc(1, sizeof(struct tdbsam2_enum_objs));
- if (!teo) {
- DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- teo->type = obj_type;
- if (sid) {
- sid_to_string(teo->dom_sid, sid);
- }
-
- get_private_directory(tdbfile);
- pstrcat(tdbfile, "/");
- pstrcat(tdbfile, TDB_FILE_NAME);
-
- teo->db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDONLY, 0600);
- if (!teo->db)
- {
- DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", tdbfile));
- SAFE_FREE(teo);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!teo_handlers) {
- *teo_handlers = teo;
- } else {
- t = *teo_handlers;
- while (t->next) {
- t = t->next;
- }
- t->next = teo;
- }
-
- handle = teo;
-
- teo->key = tdb_firstkey(teo->db);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle)
-{
- NTSTATUS ret;
- TALLOC_CTX *mem_ctx;
- TDB_DATA data;
- struct tdbsam2_enum_objs *teo;
- struct tdbsam2_object obj;
- const char *prefix = SIDPREFIX;
- const int preflen = strlen(prefix);
-
- if (!object || !handle) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- teo = (struct tdbsam2_enum_objs *)handle;
-
- mem_ctx = talloc_init("tdbsam2_enumerate_objects_get_next");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- while ((teo->key.dsize != 0)) {
- int len, version, type, size;
- char *ptr;
-
- if (strncmp(teo->key.dptr, prefix, preflen)) {
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
-
- if (teo->dom_sid) {
- if (strncmp(&(teo->key.dptr[preflen]), teo->dom_sid, strlen(teo->dom_sid))) {
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
- }
-
- data = tdb_fetch(teo->db, teo->key);
- if (!data.dptr) {
- DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db)));
- DEBUGADD(5, (" Key: %s\n", teo->key.dptr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING,
- &version,
- &type,
- &size, &ptr);
-
- if (len == -1) {
- DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- SAFE_FREE(ptr);
-
- if (teo->type && type != teo->type) {
- SAFE_FREE(data.dptr);
- data.dsize = 0;
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
-
- break;
- }
-
- if (data.dsize != 0) {
- if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- SAFE_FREE(data.dptr);
- }
-
- ret = data_to_gums_object(object, &obj);
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle)
-{
- struct tdbsam2_enum_objs *teo, *t, *p;
-
- teo = (struct tdbsam2_enum_objs *)handle;
-
- if (*teo_handlers == teo) {
- *teo_handlers = teo->next;
- } else {
- t = *teo_handlers;
- while (t != teo) {
- p = t;
- t = t->next;
- if (t == NULL) {
- DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
- p = t->next;
- }
-
- tdb_close(teo->db);
- SAFE_FREE(teo);
-
- return NT_STATUS_OK;
-}
-
- /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
- Never use this function to update an object in the database, use set_object_values() */
- NTSTATUS (*set_object) (const GUMS_OBJECT *object);
-
- /* set object values function */
- NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
-
- /* Group related functions */
- NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
-
- NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid);
-
- NTSTATUS (*lock_sid) (const DOM_SID *sid);
- NTSTATUS (*unlock_sid) (const DOM_SID *sid);
-
- /* privileges related functions */
-
- NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv);
- NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid);
- /* warning!: set_privilege will overwrite a prior existing privilege if such exist */
- NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
-
-
-int gumm_init(GUMS_FUNCTIONS **storage)
-{
- tdbsam2_db = NULL;
- teo_handlers = 0;
-
- return 0;
-}
-
-#if 0
-int main(int argc, char *argv[])
-{
- NTSTATUS ret;
- DOM_SID dsid;
-
- if (argc < 2) {
- printf ("not enough arguments!\n");
- exit(0);
- }
-
- if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
- fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE);
- exit(1);
- }
-
- ret = tdbsam2_new_object(&dsid, "_domain_", GUMS_OBJ_DOMAIN);
- if (NT_STATUS_IS_OK(ret)) {
- printf ("_domain_ created, sid=%s\n", sid_string_static(&dsid));
- } else {
- printf ("_domain_ creation error n. 0x%08x\n", ret.v);
- }
- ret = tdbsam2_new_object(&dsid, argv[1], GUMS_OBJ_NORMAL_USER);
- if (NT_STATUS_IS_OK(ret)) {
- printf ("%s user created, sid=%s\n", argv[1], sid_string_static(&dsid));
- } else {
- printf ("%s user creation error n. 0x%08x\n", argv[1], ret.v);
- }
-
- exit(0);
-}
-#endif
diff --git a/source/sam/gums.c b/source/sam/gums.c
deleted file mode 100644
index a1187406377..00000000000
--- a/source/sam/gums.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Grops and Users Management System initializations.
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/*#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_GUMS*/
-
-#define GMV_MAJOR 0
-#define GMV_MINOR 1
-
-#define PRIV_NONE 0
-#define PRIV_CREATE_TOKEN 1
-#define PRIV_ASSIGNPRIMARYTOKEN 2
-#define PRIV_LOCK_MEMORY 3
-#define PRIV_INCREASE_QUOTA 4
-#define PRIV_MACHINE_ACCOUNT 5
-#define PRIV_TCB 6
-#define PRIV_SECURITY 7
-#define PRIV_TAKE_OWNERSHIP 8
-#define PRIV_LOAD_DRIVER 9
-#define PRIV_SYSTEM_PROFILE 10
-#define PRIV_SYSTEMTIME 11
-#define PRIV_PROF_SINGLE_PROCESS 12
-#define PRIV_INC_BASE_PRIORITY 13
-#define PRIV_CREATE_PAGEFILE 14
-#define PRIV_CREATE_PERMANENT 15
-#define PRIV_BACKUP 16
-#define PRIV_RESTORE 17
-#define PRIV_SHUTDOWN 18
-#define PRIV_DEBUG 19
-#define PRIV_AUDIT 20
-#define PRIV_SYSTEM_ENVIRONMENT 21
-#define PRIV_CHANGE_NOTIFY 22
-#define PRIV_REMOTE_SHUTDOWN 23
-#define PRIV_UNDOCK 24
-#define PRIV_SYNC_AGENT 25
-#define PRIV_ENABLE_DELEGATION 26
-#define PRIV_ALL 255
-
-
-GUMS_FUNCTIONS *gums_storage;
-static void *dl_handle;
-
-static PRIVS gums_privs[] = {
- {PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */
- {PRIV_CREATE_TOKEN, "SeCreateToken", "Create Token"},
- {PRIV_ASSIGNPRIMARYTOKEN, "SeAssignPrimaryToken", "Assign Primary Token"},
- {PRIV_LOCK_MEMORY, "SeLockMemory", "Lock Memory"},
- {PRIV_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota Privilege"},
- {PRIV_MACHINE_ACCOUNT, "SeMachineAccount", "Machine Account"},
- {PRIV_TCB, "SeTCB", "TCB"},
- {PRIV_SECURITY, "SeSecurityPrivilege", "Security Privilege"},
- {PRIV_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"},
- {PRIV_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"},
- {PRIV_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"},
- {PRIV_SYSTEMTIME, "SeSystemtimePrivilege", "System Time"},
- {PRIV_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"},
- {PRIV_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"},
- {PRIV_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"},
- {PRIV_CREATE_PERMANENT, "SeCreatePermanent", "Create Permanent"},
- {PRIV_BACKUP, "SeBackupPrivilege", "Backup Privilege"},
- {PRIV_RESTORE, "SeRestorePrivilege", "Restore Privilege"},
- {PRIV_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"},
- {PRIV_DEBUG, "SeDebugPrivilege", "Debug Privilege"},
- {PRIV_AUDIT, "SeAudit", "Audit"},
- {PRIV_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"},
- {PRIV_CHANGE_NOTIFY, "SeChangeNotify", "Change Notify"},
- {PRIV_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"},
- {PRIV_UNDOCK, "SeUndock", "Undock"},
- {PRIV_SYNC_AGENT, "SeSynchronizationAgent", "Synchronization Agent"},
- {PRIV_ENABLE_DELEGATION, "SeEnableDelegation", "Enable Delegation"},
- {PRIV_ALL, "SaAllPrivs", "All Privileges"}
-};
-
-NTSTATUS gums_init(const char *module_name)
-{
- int (*module_version)(int);
- NTSTATUS (*module_init)();
-/* gums_module_init module_init;*/
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(5, ("Opening gums module %s\n", module_name));
- dl_handle = sys_dlopen(module_name, RTLD_NOW);
- if (!dl_handle) {
- DEBUG(0, ("ERROR: Failed to load gums module %s, error: %s\n", module_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- module_version = sys_dlsym(dl_handle, "gumm_version");
- if (!module_version) {
- DEBUG(0, ("ERROR: Failed to find gums module version!\n"));
- goto error;
- }
-
- if (module_version(GMV_MAJOR) != GUMS_VERSION_MAJOR) {
- DEBUG(0, ("ERROR: Module's major version does not match gums version!\n"));
- goto error;
- }
-
- if (module_version(GMV_MINOR) != GUMS_VERSION_MINOR) {
- DEBUG(1, ("WARNING: Module's minor version does not match gums version!\n"));
- }
-
- module_init = sys_dlsym(dl_handle, "gumm_init");
- if (!module_init) {
- DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
- goto error;
- }
-
- DEBUG(5, ("Initializing module %s\n", module_name));
-
- ret = module_init(&gums_storage);
- goto done;
-
-error:
- ret = NT_STATUS_UNSUCCESSFUL;
- sys_dlclose(dl_handle);
-
-done:
- return ret;
-}
-
-NTSTATUS gums_unload(void)
-{
- NTSTATUS ret;
- NTSTATUS (*module_finalize)();
-
- if (!dl_handle)
- return NT_STATUS_UNSUCCESSFUL;
-
- module_finalize = sys_dlsym(dl_handle, "gumm_finalize");
- if (!module_finalize) {
- DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(5, ("Finalizing module"));
-
- ret = module_finalize();
- sys_dlclose(dl_handle);
-
- return ret;
-}
diff --git a/source/sam/gums_api.c b/source/sam/gums_api.c
deleted file mode 100644
index 2e5dcd143a8..00000000000
--- a/source/sam/gums_api.c
+++ /dev/null
@@ -1,1470 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- GUMS structures
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-
-/*******************************************************************
- Create a SEC_ACL structure.
-********************************************************************/
-
-static SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list)
-{
- SEC_ACL *dst;
- int i;
-
- if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL)
- return NULL;
-
- dst->revision = revision;
- dst->num_aces = num_aces;
- dst->size = SEC_ACL_HEADER_SIZE;
-
- /* Now we need to return a non-NULL address for the ace list even
- if the number of aces required is zero. This is because there
- is a distinct difference between a NULL ace and an ace with zero
- entries in it. This is achieved by checking that num_aces is a
- positive number. */
-
- if ((num_aces) &&
- ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces))
- == NULL)) {
- return NULL;
- }
-
- for (i = 0; i < num_aces; i++) {
- dst->ace[i] = ace_list[i]; /* Structure copy. */
- dst->size += ace_list[i].size;
- }
-
- return dst;
-}
-
-
-
-/*******************************************************************
- Duplicate a SEC_ACL structure.
-********************************************************************/
-
-static SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src)
-{
- if(src == NULL)
- return NULL;
-
- return make_sec_acl(ctx, src->revision, src->num_aces, src->ace);
-}
-
-
-
-/*******************************************************************
- Creates a SEC_DESC structure
-********************************************************************/
-
-static SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision,
- DOM_SID *owner_sid, DOM_SID *grp_sid,
- SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
-{
- SEC_DESC *dst;
- uint32 offset = 0;
- uint32 offset_sid = SEC_DESC_HEADER_SIZE;
- uint32 offset_acl = 0;
-
- *sd_size = 0;
-
- if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL)
- return NULL;
-
- dst->revision = revision;
- dst->type = SEC_DESC_SELF_RELATIVE;
-
- if (sacl) dst->type |= SEC_DESC_SACL_PRESENT;
- if (dacl) dst->type |= SEC_DESC_DACL_PRESENT;
-
- dst->off_owner_sid = 0;
- dst->off_grp_sid = 0;
- dst->off_sacl = 0;
- dst->off_dacl = 0;
-
- if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL))
- goto error_exit;
-
- if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
- goto error_exit;
-
- if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL))
- goto error_exit;
-
- if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL))
- goto error_exit;
-
- offset = 0;
-
- /*
- * Work out the linearization sizes.
- */
- if (dst->owner_sid != NULL) {
-
- if (offset == 0)
- offset = SEC_DESC_HEADER_SIZE;
-
- offset += sid_size(dst->owner_sid);
- }
-
- if (dst->grp_sid != NULL) {
-
- if (offset == 0)
- offset = SEC_DESC_HEADER_SIZE;
-
- offset += sid_size(dst->grp_sid);
- }
-
- if (dst->sacl != NULL) {
-
- offset_acl = SEC_DESC_HEADER_SIZE;
-
- dst->off_sacl = offset_acl;
- offset_acl += dst->sacl->size;
- offset += dst->sacl->size;
- offset_sid += dst->sacl->size;
- }
-
- if (dst->dacl != NULL) {
-
- if (offset_acl == 0)
- offset_acl = SEC_DESC_HEADER_SIZE;
-
- dst->off_dacl = offset_acl;
- offset_acl += dst->dacl->size;
- offset += dst->dacl->size;
- offset_sid += dst->dacl->size;
- }
-
- *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset);
-
- if (dst->owner_sid != NULL)
- dst->off_owner_sid = offset_sid;
-
- /* sid_size() returns 0 if the sid is NULL so this is ok */
-
- if (dst->grp_sid != NULL)
- dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid);
-
- return dst;
-
-error_exit:
-
- *sd_size = 0;
- return NULL;
-}
-
-/*******************************************************************
- Duplicate a SEC_DESC structure.
-********************************************************************/
-
-static SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
-{
- size_t dummy;
-
- if(src == NULL)
- return NULL;
-
- return make_sec_desc( ctx, src->revision,
- src->owner_sid, src->grp_sid, src->sacl,
- src->dacl, &dummy);
-}
-
-
-
-
-
-
-
-extern GUMS_FUNCTIONS *gums_storage;
-
-/* Functions to get/set info from a GUMS object */
-
-NTSTATUS gums_get_object_type(uint32 *type, const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *type = obj->type;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
-{
- TALLOC_CTX *mem_ctx = talloc_init("gums_create_object");
- GUMS_OBJECT *go;
- NTSTATUS ret;
-
- go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT));
- go->mem_ctx = mem_ctx;
- go->type = type;
- go->version = GUMS_OBJECT_VERSION;
-
- switch(type) {
- case GUMS_OBJ_DOMAIN:
- break;
-
-/*
- case GUMS_OBJ_WORKSTATION_TRUST:
- case GUMS_OBJ_SERVER_TRUST:
- case GUMS_OBJ_DOMAIN_TRUST:
-*/
- case GUMS_OBJ_NORMAL_USER:
- go->data.user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER));
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- go->data.group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP));
- break;
-
- default:
- /* TODO: throw error */
- ret = NT_STATUS_OBJECT_TYPE_MISMATCH;
- goto error;
- }
-
- if (!(go->data.user)) {
- ret = NT_STATUS_NO_MEMORY;
- DEBUG(0, ("gums_create_object: Out of memory!\n"));
- goto error;
- }
-
- *obj = go;
- return NT_STATUS_OK;
-
-error:
- talloc_destroy(go->mem_ctx);
- *obj = NULL;
- return ret;
-}
-
-NTSTATUS gums_get_object_seq_num(uint32 *version, const GUMS_OBJECT *obj)
-{
- if (!version || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *version = obj->version;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 version)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->version = version;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_sec_desc(SEC_DESC **sec_desc, const GUMS_OBJECT *obj)
-{
- if (!sec_desc || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *sec_desc = obj->sec_desc;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc)
-{
- if (!obj || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc);
- if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_sid(DOM_SID **sid, const GUMS_OBJECT *obj)
-{
- if (!sid || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *sid = obj->sid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid)
-{
- if (!obj || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_name(char **name, const GUMS_OBJECT *obj)
-{
- if (!name || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *name = obj->name;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name)
-{
- if (!obj || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->name = (char *)talloc_strdup(obj->mem_ctx, name);
- if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_description(char **description, const GUMS_OBJECT *obj)
-{
- if (!description || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *description = obj->description;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_description(GUMS_OBJECT *obj, const char *description)
-{
- if (!obj || !description)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->description = (char *)talloc_strdup(obj->mem_ctx, description);
- if (!(obj->description)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-/* User specific functions */
-
-/*
-NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj)
-{
- if (!priv_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- *priv_set = obj->priv_set;
- return NT_STATUS_OK;
-}
-*/
-
-NTSTATUS gums_get_domain_next_rid(uint32 *rid, const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_DOMAIN)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *rid = obj->data.domain->next_rid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_DOMAIN)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.domain->next_rid = rid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj)
-{
- if (!sid || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *sid = obj->data.user->group_sid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid)
-{
- if (!obj || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->group_sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->data.user->group_sid)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj)
-{
- if (!nt_pwd || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *nt_pwd = &(obj->data.user->nt_pw);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd)
-{
- if (!obj || nt_pwd.length != NT_HASH_LEN)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj)
-{
- if (!lm_pwd || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *lm_pwd = &(obj->data.user->lm_pw);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd)
-{
- if (!obj || lm_pwd.length != LM_HASH_LEN)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_fullname(char **fullname, const GUMS_OBJECT *obj)
-{
- if (!fullname || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *fullname = obj->data.user->full_name;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname)
-{
- if (!obj || !fullname)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname);
- if (!(obj->data.user->full_name)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_homedir(char **homedir, const GUMS_OBJECT *obj)
-{
- if (!homedir || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *homedir = obj->data.user->home_dir;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir)
-{
- if (!obj || !homedir)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir);
- if (!(obj->data.user->home_dir)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_dir_drive(char **dirdrive, const GUMS_OBJECT *obj)
-{
- if (!dirdrive || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *dirdrive = obj->data.user->dir_drive;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive)
-{
- if (!obj || !dir_drive)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive);
- if (!(obj->data.user->dir_drive)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_script(char **logon_script, const GUMS_OBJECT *obj)
-{
- if (!logon_script || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logon_script = obj->data.user->logon_script;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script)
-{
- if (!obj || !logon_script)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script);
- if (!(obj->data.user->logon_script)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_profile_path(char **profile_path, const GUMS_OBJECT *obj)
-{
- if (!profile_path || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *profile_path = obj->data.user->profile_path;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path)
-{
- if (!obj || !profile_path)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path);
- if (!(obj->data.user->profile_path)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_workstations(char **workstations, const GUMS_OBJECT *obj)
-{
- if (!workstations || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *workstations = obj->data.user->workstations;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations)
-{
- if (!obj || !workstations)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations);
- if (!(obj->data.user->workstations)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_str(char **unknown_str, const GUMS_OBJECT *obj)
-{
- if (!unknown_str || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_str = obj->data.user->unknown_str;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str)
-{
- if (!obj || !unknown_str)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str);
- if (!(obj->data.user->unknown_str)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_munged_dial(char **munged_dial, const GUMS_OBJECT *obj)
-{
- if (!munged_dial || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *munged_dial = obj->data.user->munged_dial;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial)
-{
- if (!obj || !munged_dial)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial);
- if (!(obj->data.user->munged_dial)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_time(NTTIME *logon_time, const GUMS_OBJECT *obj)
-{
- if (!logon_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logon_time = obj->data.user->logon_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logon_time = logon_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logoff_time(NTTIME *logoff_time, const GUMS_OBJECT *obj)
-{
- if (!logoff_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logoff_time = obj->data.user->logoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logoff_time = logoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_kickoff_time(NTTIME *kickoff_time, const GUMS_OBJECT *obj)
-{
- if (!kickoff_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *kickoff_time = obj->data.user->kickoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->kickoff_time = kickoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_last_set_time(NTTIME *pass_last_set_time, const GUMS_OBJECT *obj)
-{
- if (!pass_last_set_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *pass_last_set_time = obj->data.user->pass_last_set_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->pass_last_set_time = pass_last_set_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_can_change_time(NTTIME *pass_can_change_time, const GUMS_OBJECT *obj)
-{
- if (!pass_can_change_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *pass_can_change_time = obj->data.user->pass_can_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->pass_can_change_time = pass_can_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_must_change_time(NTTIME *pass_must_change_time, const GUMS_OBJECT *obj)
-{
- if (!pass_must_change_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *pass_must_change_time = obj->data.user->pass_must_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_change_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->pass_must_change_time = pass_must_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_divs(uint16 *logon_divs, const GUMS_OBJECT *obj)
-{
- if (!logon_divs || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logon_divs = obj->data.user->logon_divs;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs)
-{
- if (!obj || !logon_divs)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logon_divs = logon_divs;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_hours_len(uint32 *hours_len, const GUMS_OBJECT *obj)
-{
- if (!hours_len || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *hours_len = obj->data.user->hours_len;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_hours_len(GUMS_OBJECT *obj, uint32 hours_len)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->hours_len = hours_len;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_hours(uint8 **hours, const GUMS_OBJECT *obj)
-{
- if (!hours || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *hours = obj->data.user->hours;
- return NT_STATUS_OK;
-}
-
-/* WARNING: always set hours_len before hours */
-NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, const uint8 *hours)
-{
- if (!obj || !hours)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- if (obj->data.user->hours_len == 0)
- DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n"));
-
- obj->data.user->hours = (uint8 *)talloc_memdup(obj->mem_ctx, hours, obj->data.user->hours_len);
- if (!(obj->data.user->hours) & (obj->data.user->hours_len != 0)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_3(uint32 *unknown_3, const GUMS_OBJECT *obj)
-{
- if (!unknown_3 || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_3 = obj->data.user->unknown_3;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_3 = unknown_3;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_5(uint32 *unknown_5, const GUMS_OBJECT *obj)
-{
- if (!unknown_5 || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_5 = obj->data.user->unknown_5;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_5(GUMS_OBJECT *obj, uint32 unknown_5)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_5 = unknown_5;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_6(uint32 *unknown_6, const GUMS_OBJECT *obj)
-{
- if (!unknown_6 || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_6 = obj->data.user->unknown_6;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_6 = unknown_6;
- return NT_STATUS_OK;
-}
-
-/* Group specific functions */
-
-NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJECT *obj)
-{
- if (!count || !members || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *count = obj->data.group->count;
- *members = *(obj->data.group->members);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID **members)
-{
- uint32 n;
-
- if (!obj || !members || !members)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.group->count = count;
- n = 0;
- do {
- obj->data.group->members[n] = sid_dup_talloc(obj->mem_ctx, members[n]);
- if (!(obj->data.group->members[n])) return NT_STATUS_NO_MEMORY;
- n++;
- } while (n < count);
- return NT_STATUS_OK;
-}
-
-/* data_store set functions */
-
-NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, TALLOC_CTX *ctx, DOM_SID *sid, uint32 type)
-{
- TALLOC_CTX *mem_ctx;
- GUMS_COMMIT_SET *set;
-
- mem_ctx = talloc_init("commit_set");
- if (mem_ctx == NULL)
- return NT_STATUS_NO_MEMORY;
- set = (GUMS_COMMIT_SET *)talloc(mem_ctx, sizeof(GUMS_COMMIT_SET));
- if (set == NULL) {
- talloc_destroy(mem_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
- set->mem_ctx = mem_ctx;
- set->type = type;
- sid_copy(&(set->sid), sid);
- set->count = 0;
- set->data = NULL;
- *com_set = set;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc)
-{
- GUMS_DATA_SET *data_set;
- SEC_DESC *new_sec_desc;
-
- if (!mem_ctx || !com_set || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_SEC_DESC;
- new_sec_desc = dup_sec_desc(mem_ctx, sec_desc);
- if (new_sec_desc == NULL)
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_sec_desc;
-
- return NT_STATUS_OK;
-}
-
-/*
-NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
-{
- GUMS_DATA_SET *data_set;
- LUID_ATTR *new_priv;
-
- if (!mem_ctx || !com_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_ADD_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
-{
- GUMS_DATA_SET *data_set;
- LUID_ATTR *new_priv;
-
- if (!mem_ctx || !com_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_DEL_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set)
-{
- GUMS_DATA_SET *data_set;
- PRIVILEGE_SET *new_priv_set;
-
- if (!mem_ctx || !com_set || !priv_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv_set;
-
- return NT_STATUS_OK;
-}
-*/
-
-NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str)
-{
- GUMS_DATA_SET *data_set;
- char *new_str;
-
- if (!mem_ctx || !com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = type;
- new_str = talloc_strdup(mem_ctx, str);
- if (new_str == NULL)
- return NT_STATUS_NO_MEMORY;
-
- (char *)(data_set->data) = new_str;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name)
-{
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, name);
-}
-
-NTSTATUS gums_cs_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc)
-{
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc);
-}
-
-NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name);
-}
-
-NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir);
-}
-
-NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive);
-}
-
-NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script);
-}
-
-NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path);
-}
-
-NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks);
-}
-
-NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str);
-}
-
-NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial);
-}
-
-NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime)
-{
- GUMS_DATA_SET *data_set;
- NTTIME *new_time;
-
- if (!mem_ctx || !com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = type;
- new_time = talloc(mem_ctx, sizeof(NTTIME));
- if (new_time == NULL)
- return NT_STATUS_NO_MEMORY;
-
- new_time->low = nttime->low;
- new_time->high = nttime->high;
- (char *)(data_set->data) = new_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logon_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time);
-}
-
-NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
-}
-
-NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
-}
-
-NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time);
-}
-
-NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time);
-}
-
-NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time);
-}
-
-NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_ADD_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
-}
-
-NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
-}
-
-NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_DEL_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set)
-{
- return gums_storage->set_object_values(&(set->sid), set->count, set->data);
-}
-
-NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set)
-{
- talloc_destroy((*com_set)->mem_ctx);
- *com_set = NULL;
-
- return NT_STATUS_OK;
-}
-
diff --git a/source/sam/gums_helper.c b/source/sam/gums_helper.c
deleted file mode 100644
index c22e6cf7ff8..00000000000
--- a/source/sam/gums_helper.c
+++ /dev/null
@@ -1,610 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- GUMS backends helper functions
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-extern GUMS_FUNCTIONS *gums_storage;
-
-extern DOM_SID global_sid_World;
-extern DOM_SID global_sid_Builtin_Administrators;
-extern DOM_SID global_sid_Builtin_Power_Users;
-extern DOM_SID global_sid_Builtin_Account_Operators;
-extern DOM_SID global_sid_Builtin_Server_Operators;
-extern DOM_SID global_sid_Builtin_Print_Operators;
-extern DOM_SID global_sid_Builtin_Backup_Operators;
-extern DOM_SID global_sid_Builtin_Replicator;
-extern DOM_SID global_sid_Builtin_Users;
-extern DOM_SID global_sid_Builtin_Guests;
-
-
-/* defines */
-
-#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0)
-
-/****************************************************************************
- Check if a user is a mapped group.
-
- This function will check if the group SID is mapped onto a
- system managed gid or onto a winbind manged sid.
- In the first case it will be threated like a mapped group
- and the backend should take the member list with a getgrgid
- and ignore any user that have been possibly set into the group
- object.
-
- In the second case, the group is a fully SAM managed group
- served back to the system through winbind. In this case the
- members of a Local group are "unrolled" to cope with the fact
- that unix cannot contain groups inside groups.
- The backend MUST never call any getgr* / getpw* function or
- loops with winbind may happen.
- ****************************************************************************/
-
-#if 0
-NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
-{
- NTSTATUS result;
- gid_t id;
-
- /* look if mapping exist, do not make idmap alloc an uid if SID is not found */
- result = idmap_get_gid_from_sid(&id, sid, False);
- if (NT_STATUS_IS_OK(result)) {
- *mapped = gid_is_in_winbind_range(id);
- } else {
- *mapped = False;
- }
-
- return result;
-}
-#endif
-
-/****************************************************************************
- duplicate alloc luid_attr
- ****************************************************************************/
-NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la)
-{
- *new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR));
- if (*new_la == NULL) {
- DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*new_la)->luid.high = old_la.luid.high;
- (*new_la)->luid.low = old_la.luid.low;
- (*new_la)->attr = old_la.attr;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- initialise a privilege list
- ****************************************************************************/
-void gums_init_privilege(PRIVILEGE_SET *priv_set)
-{
- priv_set->count=0;
- priv_set->control=0;
- priv_set->set=NULL;
-}
-
-/****************************************************************************
- add a privilege to a privilege array
- ****************************************************************************/
-NTSTATUS gums_add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
-
- /* check if the privilege is not already in the list */
- if (gums_check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* we can allocate memory to add the new privilege */
-
- new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- new_set[priv_set->count].luid.high=set.luid.high;
- new_set[priv_set->count].luid.low=set.luid.low;
- new_set[priv_set->count].attr=set.attr;
-
- priv_set->count++;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- add all the privileges to a privilege array
- ****************************************************************************/
-NTSTATUS gums_add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
-{
- NTSTATUS result = NT_STATUS_OK;
- LUID_ATTR set;
-
- set.attr=0;
- set.luid.high=0;
-
- set.luid.low=SE_PRIV_ADD_USERS;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_ADD_MACHINES;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_PRINT_OPERATOR;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
-done:
- return result;
-}
-
-/****************************************************************************
- check if the privilege list is empty
- ****************************************************************************/
-BOOL gums_check_empty_privilege(PRIVILEGE_SET *priv_set)
-{
- return (priv_set->count == 0);
-}
-
-/****************************************************************************
- check if the privilege is in the privilege list
- ****************************************************************************/
-BOOL gums_check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
-{
- int i;
-
- /* if the list is empty, obviously we can't have it */
- if (gums_check_empty_privilege(priv_set))
- return False;
-
- for (i=0; i<priv_set->count; i++) {
- LUID_ATTR *cur_set;
-
- cur_set=&priv_set->set[i];
- /* check only the low and high part. Checking the attr field has no meaning */
- if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) )
- return True;
- }
-
- return False;
-}
-
-/****************************************************************************
- remove a privilege from a privilege array
- ****************************************************************************/
-NTSTATUS gums_remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i,j;
-
- /* check if the privilege is in the list */
- if (!gums_check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* special case if it's the only privilege in the list */
- if (priv_set->count==1) {
- gums_init_privilege(priv_set);
- return NT_STATUS_OK;
- }
-
- /*
- * the privilege is there, create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0, j=0; i<priv_set->count; i++) {
- if ((old_set[i].luid.low == set.luid.low) &&
- (old_set[i].luid.high == set.luid.high)) {
- continue;
- }
-
- new_set[j].luid.low = old_set[i].luid.low;
- new_set[j].luid.high = old_set[i].luid.high;
- new_set[j].attr = old_set[i].attr;
-
- j++;
- }
-
- if (j != priv_set->count - 1) {
- DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n"));
- DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- /* ok everything is fine */
-
- priv_set->count--;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- duplicates a privilege array
- ****************************************************************************/
-NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i;
-
- *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET));
- gums_init_privilege(*new_priv_set);
-
- /* special case if there are no privileges in the list */
- if (priv_set->count == 0) {
- return NT_STATUS_OK;
- }
-
- /*
- * create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i < priv_set->count; i++) {
-
- new_set[i].luid.low = old_set[i].luid.low;
- new_set[i].luid.high = old_set[i].luid.high;
- new_set[i].attr = old_set[i].attr;
- }
-
- (*new_priv_set)->count = priv_set->count;
- (*new_priv_set)->control = priv_set->control;
- (*new_priv_set)->set = new_set;
-
- return NT_STATUS_OK;
-}
-
-#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013
-#define ALIAS_DEFAULT_DACL_SA_RIGHTS \
- (READ_CONTROL_ACCESS | \
- SA_RIGHT_ALIAS_LOOKUP_INFO | \
- SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */
-
-#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */
-
-
-#if 0
-NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx)
-{
- DOM_SID *world = &global_sid_World;
- DOM_SID *admins = &global_sid_Builtin_Administrators;
- SEC_ACCESS sa;
- SEC_ACE sacl_ace;
- SEC_ACE dacl_aces[2];
- SEC_ACL *sacl = NULL;
- SEC_ACL *dacl = NULL;
- size_t psize;
-
- init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS);
- init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG);
-
- sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace);
- if (!sacl) {
- DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
- init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS);
- init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
-
- dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces);
- if (!sacl) {
- DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize);
- if (!(*sec_desc)) {
- DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask)
-{
- NTSTATUS result;
- SEC_ACE *new_aces;
- unsigned num_aces;
- int i;
-
- num_aces = sec_desc->dacl->num_aces + 1;
- result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask);
- if (NT_STATUS_IS_OK(result)) {
- sec_desc->dacl->ace = new_aces;
- sec_desc->dacl->num_aces = num_aces;
- sec_desc->dacl->size = SEC_ACL_HEADER_SIZE;
- for (i = 0; i < num_aces; i++) {
- sec_desc->dacl->size += sec_desc->dacl->ace[i].size;
- }
- }
- return result;
-}
-
-NTSTATUS gums_init_builtin_groups(void)
-{
- NTSTATUS result;
- GUMS_OBJECT g_obj;
- GUMS_GROUP *g_grp;
- GUMS_PRIVILEGE g_priv;
-
- /* Build the well known Builtin Local Groups */
- g_obj.type = GUMS_OBJ_GROUP;
- g_obj.version = 1;
- g_obj.seq_num = 0;
- g_obj.mem_ctx = talloc_init("gums_init_backend_acct");
- if (g_obj.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- /* Administrators * /
-
- /* alloc group structure */
- g_obj.data.group = (GUMS_GROUP *)talloc(g_obj.mem_ctx, sizeof(GUMS_GROUP));
- ALLOC_CHECK("gums_init_backend", g_obj.data.group, result, done);
-
- /* make admins sid */
- g_grp = (GUMS_GROUP *)g_obj.data.group;
- sid_copy(g_obj.sid, &global_sid_Builtin_Administrators);
-
- /* make security descriptor */
- result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx);
- NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done);
-
- /* make privilege set */
- /* From BDC join trace:
- SeSecurityPrivilege
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
- SeTakeOwnershipPrivilege
- SeDebugPrivilege
- SeSystemEnvironmentPrivilege
- SeSystemProfilePrivilege
- SeProfileSingleProcessPrivilege
- SeIncreaseBasePriorityPrivilege
- SeLocalDriverPrivilege
- SeCreatePagefilePrivilege
- SeIncreaseQuotaPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* numebr of group members */
- g_grp->count = 0;
- g_grp->members = NULL;
-
- /* store Administrators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Power Users */
- /* Domain Controllers Does NOT have power Users */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users);
-
- /* make privilege set */
- /* SE_PRIV_??? */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
-/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Power Users group */
- result = gums_storage->set_object(&g_obj);
-
- /* Account Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Account Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Server Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Server Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Print Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Print Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Backup Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Backup Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Replicator */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Replicator);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Replicator group */
- result = gums_storage->set_object(&g_obj);
-
- /* Users */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Users);
-
- /* add ACE to sec dsec dacl */
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Users group */
- result = gums_storage->set_object(&g_obj);
-
- /* Guests */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Guests);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Guests group */
- result = gums_storage->set_object(&g_obj);
-
- /* set default privileges */
- g_priv.type = GUMS_OBJ_GROUP;
- g_priv.version = 1;
- g_priv.seq_num = 0;
- g_priv.mem_ctx = talloc_init("gums_init_backend_priv");
- if (g_priv.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
-
-
-done:
- talloc_destroy(g_obj.mem_ctx);
- talloc_destroy(g_priv.mem_ctx);
- return result;
-}
-#endif
-
diff --git a/source/sam/interface.c b/source/sam/interface.c
deleted file mode 100644
index 51ae561999c..00000000000
--- a/source/sam/interface.c
+++ /dev/null
@@ -1,1338 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Kai Krger 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-extern DOM_SID global_sid_Builtin;
-
-/** List of various built-in sam modules */
-
-const struct sam_init_function_entry builtin_sam_init_functions[] = {
- { "plugin", sam_init_plugin },
-#ifdef HAVE_LDAP
- { "ads", sam_init_ads },
-#endif
- { "skel", sam_init_skel },
- { NULL, NULL}
-};
-
-
-static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid)
-{
- SAM_METHODS *tmp_methods;
-
- DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__));
-
- /* invalid sam_context specified */
- SAM_ASSERT(context && context->methods);
-
- tmp_methods = context->methods;
-
- while (tmp_methods) {
- if (sid_equal(domainsid, &(tmp_methods->domain_sid)))
- {
- (*sam_method) = tmp_methods;
- return NT_STATUS_OK;
- }
- tmp_methods = tmp_methods->next;
- }
-
- DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid)));
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname)
-{
- SAM_METHODS *tmp_methods;
-
- DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__));
-
- /* invalid sam_context specified */
- SAM_ASSERT(context && context->methods);
-
- tmp_methods = context->methods;
-
- while (tmp_methods) {
- if (strequal(domainname, tmp_methods->domain_name))
- {
- (*sam_method) = tmp_methods;
- return NT_STATUS_OK;
- }
- tmp_methods = tmp_methods->next;
- }
-
- DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname));
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods)
-{
- *methods = talloc(mem_ctx, sizeof(SAM_METHODS));
-
- if (!*methods) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*methods);
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Free and cleanup a sam context, any associated data and anything
- that the attached modules might have associated.
- *******************************************************************/
-
-void free_sam_context(SAM_CONTEXT **context)
-{
- SAM_METHODS *sam_selected = (*context)->methods;
-
- while (sam_selected) {
- if (sam_selected->free_private_data) {
- sam_selected->free_private_data(&(sam_selected->private_data));
- }
- sam_selected = sam_selected->next;
- }
-
- talloc_destroy((*context)->mem_ctx);
- *context = NULL;
-}
-
-/******************************************************************
- Make a backend_entry from scratch
- *******************************************************************/
-
-static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string)
-{
- char *tmp = NULL;
- char *tmp_string = sam_backend_string;
-
- DEBUG(5,("make_backend_entry: %d\n", __LINE__));
-
- SAM_ASSERT(sam_backend_string && backend_entry);
-
- backend_entry->module_name = sam_backend_string;
-
- DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name));
-
- if ((tmp = strrchr(tmp_string, '|')) != NULL) {
- DEBUGADD(20,("a domain name has been specified\n"));
- *tmp = 0;
- backend_entry->domain_name = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if ((tmp = strchr(tmp_string, ':')) != NULL) {
- DEBUG(20,("options for the backend have been specified\n"));
- *tmp = 0;
- backend_entry->module_params = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if (backend_entry->domain_name == NULL) {
- DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n",
- backend_entry->module_name, lp_workgroup()));
- backend_entry->domain_name = smb_xstrdup(lp_workgroup());
- }
-
- if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) {
- DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name));
-
- if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) {
- DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n",
- backend_entry->domain_name));
- DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__));
- ZERO_STRUCTP(backend_entry->domain_sid);
- }
-
- DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n",
- backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid)));
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- create sam_methods struct based on sam_backend_entry
- *****************************************************************/
-
-static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- SAM_METHODS *methods;
- int i;
-
- DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__));
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) {
- return nt_status;
- }
-
- methods = *methods_ptr;
- methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name);
- methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name);
- sid_copy(&methods->domain_sid, backend_entry->domain_sid);
- methods->parent = context;
-
- DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name));
- for (i = 0; builtin_sam_init_functions[i].module_name; i++)
- {
- if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name))
- {
- DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i));
- DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid)));
- nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params);
- if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name));
- } else {
- DEBUG(2,("sam backend %s did not correctly init (error was %s)\n",
- backend_entry->module_name, nt_errstr(nt_status)));
- }
- return nt_status;
- }
- }
-
- DEBUG(2,("could not find backend %s\n", backend_entry->module_name));
-
- return NT_STATUS_INVALID_PARAMETER;
-}
-
-static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context)
-{
- SAM_BACKEND_ENTRY entry;
- DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */
- SAM_METHODS *methods, *tmpmethods;
- NTSTATUS ntstatus;
-
- DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__));
-
- /* Make sure domain lp_workgroup() is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n",
- lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND));
-
- SAM_ASSERT(global_sam_sid);
-
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = lp_workgroup();
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, global_sam_sid);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
-
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup()));
- return ntstatus;
- }
-
- /* Make sure the BUILTIN domain is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n",
- SAM_DEFAULT_BACKEND));
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = "BUILTIN";
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, &global_sid_Builtin);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n"));
- return ntstatus;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends)
-{
- int i, j;
-
- DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__));
-
- for (i = 0; i < *nBackends; i++) {
- for (j = i + 1; j < *nBackends; j++) {
- if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) {
- DEBUG(0,("two backend modules claim the same domain %s\n",
- sid_string_static((*backend_entries)[j].domain_sid)));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param)
-{
- int i = 0, j = 0;
- SAM_METHODS *curmethods, *tmpmethods;
- int nBackends = 0;
- SAM_BACKEND_ENTRY *backends = NULL;
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__));
-
- if (!sam_backends_param) {
- DEBUG(1, ("no SAM backeds specified!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) {
- DEBUG(4,("make_sam_context failed\n"));
- return nt_status;
- }
-
- while (sam_backends_param[nBackends])
- nBackends++;
-
- DEBUG(6,("There are %d domains listed with their backends\n", nBackends));
-
- if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) {
- DEBUG(0,("make_sam_context_list: failed to allocate backends\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- memset(backends, '\0', sizeof(*backends)*nBackends);
-
- for (i = 0; i < nBackends; i++) {
- DEBUG(8,("processing %s\n",sam_backends_param[i]));
- if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) {
- DEBUG(4,("make_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- }
-
- if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) {
- DEBUG(4,("check_duplicate_backend_entries failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
-
- for (i = 0; i < nBackends; i++) {
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- DLIST_ADD_END((*context)->methods, curmethods, tmpmethods);
- }
-
- for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid);
-
- SAFE_FREE(backends);
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Make a sam_context from scratch.
- *******************************************************************/
-
-NTSTATUS make_sam_context(SAM_CONTEXT **context)
-{
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init("sam_context internal allocation context");
-
- if (!mem_ctx) {
- DEBUG(0, ("make_sam_context: talloc init failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- *context = talloc(mem_ctx, sizeof(**context));
- if (!*context) {
- DEBUG(0, ("make_sam_context: talloc failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*context);
-
- (*context)->mem_ctx = mem_ctx;
-
- (*context)->free_fn = free_sam_context;
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Return an already initialised sam_context, to facilitate backward
- compatibility (see functions below).
- *******************************************************************/
-
-static struct sam_context *sam_get_static_context(BOOL reload)
-{
- static SAM_CONTEXT *sam_context = NULL;
-
- if ((sam_context) && (reload)) {
- sam_context->free_fn(&sam_context);
- sam_context = NULL;
- }
-
- if (!sam_context) {
- if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
- DEBUG(4,("make_sam_context_list failed\n"));
- return NULL;
- }
-
- /* Make sure the required domains (default domain, builtin) are available */
- if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) {
- DEBUG(4,("sam_context_check_default_backends failed\n"));
- return NULL;
- }
- }
-
- return sam_context;
-}
-
-/***************************************************************
- Initialize the static context (at smbd startup etc).
-
- If uninitialised, context will auto-init on first use.
- ***************************************************************/
-
-BOOL initialize_sam(BOOL reload)
-{
- return (sam_get_static_context(reload) != NULL);
-}
-
-
-/**************************************************************
- External API. This is what the rest of the world calls...
-***************************************************************/
-
-/******************************************************************
- sam_* functions are used to link the external SAM interface
- with the internal backends. These functions lookup the appropriate
- backends for the domain and pass on to the function in sam_methods
- in the selected backend
-
- When the context parmater is NULL, the default is used.
- *******************************************************************/
-
-#define SAM_SETUP_CONTEXT if (!context) \
- context = sam_get_static_context(False);\
- if (!context) {\
- return NT_STATUS_UNSUCCESSFUL; \
- }\
-
-
-
-NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_sec_desc) {
- DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) {
- DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_set_sec_desc) {
- DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) {
- DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_lookup_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_lookup_name) {
- DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) {
- DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n",
- tmp_methods->domain_name, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
- DOM_SID domainsid;
-
- DEBUG(5,("sam_lookup_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- sid_copy(&domainsid, sid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_lookup_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_lookup_sid) {
- DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) {
- DEBUG(4,("sam_lookup_name for %s in backend %s failed\n",
- sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_domain: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid domain specified */
- SAM_ASSERT(domain && domain->current_sam_methods);
-
- tmp_methods = domain->current_sam_methods;
-
- if (!tmp_methods->sam_update_domain) {
- DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){
- DEBUG(4,("sam_update_domain in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SEC_DESC *sd;
- size_t sd_size;
- uint32 acc_granted;
- int i = 0;
-
- DEBUG(5,("sam_enum_domains: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters specified */
- SAM_ASSERT(domain_count && domains && domain_names);
-
- if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
- DEBUG(4,("samr_make_sam_obj_sd failed\n"));
- return nt_status;
- }
-
- if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_enum_domains: ACCESS DENIED\n"));
- return nt_status;
- }
-
- tmp_methods= context->methods;
- *domain_count = 0;
-
- while (tmp_methods) {
- (*domain_count)++;
- tmp_methods= tmp_methods->next;
- }
-
- DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count)));
-
- tmp_methods = context->methods;
-
- if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n"));
- SAFE_FREE((*domains));
- return NT_STATUS_NO_MEMORY;
- }
-
- while (tmp_methods) {
- DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid)));
- sid_copy(domains[i],&tmp_methods->domain_sid);
- *domain_names[i] = smb_xstrdup(tmp_methods->domain_name);
- i++;
- tmp_methods= tmp_methods->next;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SEC_DESC *sd;
- size_t sd_size;
- uint32 acc_granted;
-
- DEBUG(5,("sam_lookup_domain: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid paramters */
- SAM_ASSERT(access_token && domain && domainsid);
-
- if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
- DEBUG(4,("samr_make_sam_obj_sd failed\n"));
- return nt_status;
- }
-
- if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n"));
- return nt_status;
- }
-
- tmp_methods= context->methods;
-
- while (tmp_methods) {
- if (strcmp(domain, tmp_methods->domain_name) == 0) {
- (*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy((*domainsid), &tmp_methods->domain_sid);
- return NT_STATUS_OK;
- }
- tmp_methods= tmp_methods->next;
- }
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-
-NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && domain);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_domain_handle) {
- DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) {
- DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n",
- sid_string_static(domainsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_create_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(access_token && domainsid && account_name && account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_create_account) {
- DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) {
- DEBUG(4,("sam_create_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- DOM_SID domainsid;
- const DOM_SID *accountsid;
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_add_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) {
- DEBUG(0,("Can't get account SID\n"));
- return nt_status;
- }
-
- sid_copy(&domainsid, accountsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_add_account) {
- DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){
- DEBUG(4,("sam_add_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid account specified */
- SAM_ASSERT(account && account->current_sam_methods);
-
- tmp_methods = account->current_sam_methods;
-
- if (!tmp_methods->sam_update_account) {
- DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){
- DEBUG(4,("sam_update_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_delete_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid account specified */
- SAM_ASSERT(account && account->current_sam_methods);
-
- tmp_methods = account->current_sam_methods;
-
- if (!tmp_methods->sam_delete_account) {
- DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){
- DEBUG(4,("sam_delete_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_enum_accounts: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && account_count && accounts);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) {
- DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n",
- tmp_methods->domain_name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- DOM_SID domainsid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && accountsid && account);
-
- sid_copy(&domainsid, accountsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_account_by_sid) {
- DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) {
- DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n",
- sid_string_static(accountsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_account_by_name) {
- DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) {
- DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n",
- domain, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_create_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && group_name && group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_create_group) {
- DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) {
- DEBUG(4,("sam_create_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- DOM_SID domainsid;
- const DOM_SID *groupsid;
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_add_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) {
- DEBUG(0,("Can't get group SID\n"));
- return nt_status;
- }
-
- sid_copy(&domainsid, groupsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_add_group) {
- DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){
- DEBUG(4,("sam_add_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_update_group) {
- DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){
- DEBUG(4,("sam_update_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_delete_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_delete_group) {
- DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){
- DEBUG(4,("sam_delete_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_enum_groups: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && groups_count && groups);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) {
- DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n",
- tmp_methods->domain_name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
- DOM_SID domainsid;
-
- DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && groupsid && group);
-
- sid_copy(&domainsid, groupsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_group_by_sid) {
- DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) {
- DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n",
- sid_string_static(groupsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_group_by_name) {
- DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) {
- DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n",
- domain, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group or member specified */
- SAM_ASSERT(group && group->current_sam_methods && member);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_add_member_to_group) {
- DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) {
- DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-
-}
-
-NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group or member specified */
- SAM_ASSERT(group && group->current_sam_methods && member);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_delete_member_from_group) {
- DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) {
- DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods && members_count && members);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_enum_groupmembers) {
- DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) {
- DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- uint32 tmp_group_count;
- SAM_GROUP_ENUM *tmp_groups;
-
- DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid sam_context specified */
- SAM_ASSERT(access_token && sids && context && context->methods);
-
- *group_count = 0;
-
- *groups = NULL;
-
- tmp_methods= context->methods;
-
- while (tmp_methods) {
- DEBUG(5,("getting groups from domain \n"));
- if (!tmp_methods->sam_get_groups_of_sid) {
- DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n"));
- SAFE_FREE(*groups);
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) {
- DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname));
- SAFE_FREE(*groups);
- return nt_status;
- }
-
- *groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM));
-
- memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count);
-
- SAFE_FREE(tmp_groups);
-
- *group_count += tmp_group_count;
-
- tmp_methods = tmp_methods->next;
- }
-
- return NT_STATUS_OK;
-}
-
-
diff --git a/source/script/genstruct.pl b/source/script/genstruct.pl
deleted file mode 100755
index a6abd718c95..00000000000
--- a/source/script/genstruct.pl
+++ /dev/null
@@ -1,299 +0,0 @@
-#!/usr/bin/perl -w
-# a simple system for generating C parse info
-# this can be used to write generic C structer load/save routines
-# Copyright 2002 Andrew Tridgell <genstruct@tridgell.net>
-# released under the GNU General Public License v2 or later
-
-use strict;
-
-my(%enum_done) = ();
-my(%struct_done) = ();
-
-###################################################
-# general handler
-sub handle_general($$$$$$$$)
-{
- my($name) = shift;
- my($ptr_count) = shift;
- my($size) = shift;
- my($element) = shift;
- my($flags) = shift;
- my($dump_fn) = shift;
- my($parse_fn) = shift;
- my($tflags) = shift;
- my($array_len) = 0;
- my($dynamic_len) = "NULL";
-
- # handle arrays, currently treat multidimensional arrays as 1 dimensional
- while ($element =~ /(.*)\[(.*?)\]$/) {
- $element = $1;
- if ($array_len == 0) {
- $array_len = $2;
- } else {
- $array_len = "$2 * $array_len";
- }
- }
-
- if ($flags =~ /_LEN\((\w*?)\)/) {
- $dynamic_len = "\"$1\"";
- }
-
- if ($flags =~ /_NULLTERM/) {
- $tflags = "FLAG_NULLTERM";
- }
-
- print OFILE "{\"$element\", $ptr_count, $size, offsetof(struct $name, $element), $array_len, $dynamic_len, $tflags, $dump_fn, $parse_fn},\n";
-}
-
-
-####################################################
-# parse one element
-sub parse_one($$$$)
-{
- my($name) = shift;
- my($type) = shift;
- my($element) = shift;
- my($flags) = shift;
- my($ptr_count) = 0;
- my($size) = "sizeof($type)";
- my($tflags) = "0";
-
- # enums get the FLAG_ALWAYS flag
- if ($type =~ /^enum /) {
- $tflags = "FLAG_ALWAYS";
- }
-
-
- # make the pointer part of the base type
- while ($element =~ /^\*(.*)/) {
- $ptr_count++;
- $element = $1;
- }
-
- # convert spaces to _
- $type =~ s/ /_/g;
-
- my($dump_fn) = "gen_dump_$type";
- my($parse_fn) = "gen_parse_$type";
-
- handle_general($name, $ptr_count, $size, $element, $flags, $dump_fn, $parse_fn, $tflags);
-}
-
-####################################################
-# parse one element
-sub parse_element($$$)
-{
- my($name) = shift;
- my($element) = shift;
- my($flags) = shift;
- my($type);
- my($data);
-
- # pull the base type
- if ($element =~ /^struct (\S*) (.*)/) {
- $type = "struct $1";
- $data = $2;
- } elsif ($element =~ /^enum (\S*) (.*)/) {
- $type = "enum $1";
- $data = $2;
- } elsif ($element =~ /^unsigned (\S*) (.*)/) {
- $type = "unsigned $1";
- $data = $2;
- } elsif ($element =~ /^(\S*) (.*)/) {
- $type = $1;
- $data = $2;
- } else {
- die "Can't parse element '$element'";
- }
-
- # handle comma separated lists
- while ($data =~ /(\S*),[\s]?(.*)/) {
- parse_one($name, $type, $1, $flags);
- $data = $2;
- }
- parse_one($name, $type, $data, $flags);
-}
-
-
-my($first_struct) = 1;
-
-####################################################
-# parse the elements of one structure
-sub parse_elements($$)
-{
- my($name) = shift;
- my($elements) = shift;
-
- if ($first_struct) {
- $first_struct = 0;
- print "Parsing structs: $name";
- } else {
- print ", $name";
- }
-
- print OFILE "int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *, const char *, unsigned);\n";
- print OFILE "int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *, const char *);\n";
-
- print OFILE "static const struct parse_struct pinfo_" . $name . "[] = {\n";
-
-
- while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?$(.*)/msi) {
- my($element) = $1;
- my($flags) = $2;
- $elements = $3;
- parse_element($name, $element, $flags);
- }
-
- print OFILE "{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};\n";
-
- print OFILE "
-int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) {
- return gen_dump_struct(mem_ctx, pinfo_$name, p, ptr, indent);
-}
-int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *ptr, const char *str) {
- return gen_parse_struct(mem_ctx, pinfo_$name, ptr, str);
-}
-
-";
-}
-
-my($first_enum) = 1;
-
-####################################################
-# parse out the enum declarations
-sub parse_enum_elements($$)
-{
- my($name) = shift;
- my($elements) = shift;
-
- if ($first_enum) {
- $first_enum = 0;
- print "Parsing enums: $name";
- } else {
- print ", $name";
- }
-
- print OFILE "static const struct enum_struct einfo_" . $name . "[] = {\n";
-
- my(@enums) = split(/,/s, $elements);
- for (my($i)=0; $i <= $#{@enums}; $i++) {
- my($enum) = $enums[$i];
- if ($enum =~ /\s*(\w*)/) {
- my($e) = $1;
- print OFILE "{\"$e\", $e},\n";
- }
- }
-
- print OFILE "{NULL, 0}};\n";
-
- print OFILE "
-int gen_dump_enum_$name(struct parse_string *p, const char *ptr, unsigned indent) {
- return gen_dump_enum(einfo_$name, p, ptr, indent);
-}
-
-int gen_parse_enum_$name(char *ptr, const char *str) {
- return gen_parse_enum(einfo_$name, ptr, str);
-}
-
-";
-}
-
-####################################################
-# parse out the enum declarations
-sub parse_enums($)
-{
- my($data) = shift;
-
- while ($data =~ /^GENSTRUCT\s+enum\s+(\w*?)\s*{(.*?)}\s*;(.*)/ms) {
- my($name) = $1;
- my($elements) = $2;
- $data = $3;
-
- if (!defined($enum_done{$name})) {
- $enum_done{$name} = 1;
- parse_enum_elements($name, $elements);
- }
- }
-
- if (! $first_enum) {
- print "\n";
- }
-}
-
-####################################################
-# parse all the structures
-sub parse_structs($)
-{
- my($data) = shift;
-
- # parse into structures
- while ($data =~ /^GENSTRUCT\s+struct\s+(\w+?)\s*{\s*(.*?)\s*}\s*;(.*)/ms) {
- my($name) = $1;
- my($elements) = $2;
- $data = $3;
- if (!defined($struct_done{$name})) {
- $struct_done{$name} = 1;
- parse_elements($name, $elements);
- }
- }
-
- if (! $first_struct) {
- print "\n";
- } else {
- print "No GENSTRUCT structures found?\n";
- }
-}
-
-
-####################################################
-# parse a header file, generating a dumper structure
-sub parse_data($)
-{
- my($data) = shift;
-
- # collapse spaces
- $data =~ s/[\t ]+/ /sg;
- $data =~ s/\s*\n\s+/\n/sg;
- # strip debug lines
- $data =~ s/^\#.*?\n//smg;
-
- parse_enums($data);
- parse_structs($data);
-}
-
-
-#########################################
-# display help text
-sub ShowHelp()
-{
- print "
-generator for C structure dumpers
-Copyright Andrew Tridgell <genstruct\@tridgell.net>
-
-Sample usage:
- genstruct -o output.h gcc -E -O2 -g test.h
-
-Options:
- --help this help page
- -o OUTPUT place output in OUTPUT
-";
- exit(0);
-}
-
-########################################
-# main program
-if ($ARGV[0] ne "-o" || $#ARGV < 2) {
- ShowHelp();
-}
-
-shift;
-my($opt_ofile)=shift;
-
-print "creating $opt_ofile\n";
-
-open(OFILE, ">$opt_ofile") || die "can't open $opt_ofile";
-
-print OFILE "/* This is an automatically generated file - DO NOT EDIT! */\n\n";
-
-parse_data(`@ARGV -DGENSTRUCT=GENSTRUCT`);
-exit(0);
diff --git a/source/script/installbin.sh b/source/script/installbin.sh
index f9fd5298c09..c2f34082dd9 100755
--- a/source/script/installbin.sh
+++ b/source/script/installbin.sh
@@ -1,12 +1,10 @@
#!/bin/sh
INSTALLPERMS=$1
-DESTDIR=$2
-BASEDIR=`echo $3 | sed 's/\/\//\//g'`
-BINDIR=`echo $4 | sed 's/\/\//\//g'`
-LIBDIR=`echo $5 | sed 's/\/\//\//g'`
-VARDIR=`echo $6 | sed 's/\/\//\//g'`
-shift
+BASEDIR=$2
+BINDIR=$3
+LIBDIR=$4
+VARDIR=$5
shift
shift
shift
@@ -25,10 +23,7 @@ for p in $*; do
# this is a special case, mount needs this in a specific location
if [ $p2 = smbmount ]; then
- if [ ! -d $DESTDIR/sbin ]; then
- mkdir $DESTDIR/sbin
- fi
- ln -sf $BINDIR/$p2 $DESTDIR/sbin/mount.smbfs
+ ln -sf $BINDIR/$p2 /sbin/mount.smbfs
fi
done
diff --git a/source/script/installdat.sh b/source/script/installdat.sh
index 4a5b1de5dc8..7ff88ac788e 100755
--- a/source/script/installdat.sh
+++ b/source/script/installdat.sh
@@ -1,7 +1,7 @@
#!/bin/sh
#fist version March 2002, Herb Lewis
-DATDIR=`echo $1 | sed 's/\/\//\//g'`
+DATDIR=$1
SRCDIR=$2/
echo Installing dat files in $DATDIR
diff --git a/source/script/installdirs.sh b/source/script/installdirs.sh
index 1db46b82ff2..9557b86d3bc 100755
--- a/source/script/installdirs.sh
+++ b/source/script/installdirs.sh
@@ -1,13 +1,11 @@
#!/bin/sh
while ( test -n "$1" ); do
-
- DIRNAME=`echo $1 | sed 's/\/\//\//g'`
- if [ ! -d $DIRNAME ]; then
- mkdir -p $DIRNAME
+ if [ ! -d $1 ]; then
+ mkdir -p $1
fi
- if [ ! -d $DIRNAME ]; then
+ if [ ! -d $1 ]; then
echo Failed to make directory $1
exit 1
fi
diff --git a/source/script/installman.sh b/source/script/installman.sh
index c7a8f450951..5b6bba69edb 100755
--- a/source/script/installman.sh
+++ b/source/script/installman.sh
@@ -5,7 +5,7 @@
# modified to accomodate international man pages (inspired
# by Japanese edition's approach)
-MANDIR=`echo $1 | sed 's/\/\//\//g'`
+MANDIR=$1
SRCDIR=$2/
langs=$3
diff --git a/source/script/installmodules.sh b/source/script/installmodules.sh
index f7c74733381..c80da763688 100755
--- a/source/script/installmodules.sh
+++ b/source/script/installmodules.sh
@@ -1,8 +1,8 @@
#!/bin/sh
INSTALLPERMS=$1
-BASEDIR=`echo $2 | sed 's/\/\//\//g'`
-LIBDIR=`echo $3 | sed 's/\/\//\//g'`
+BASEDIR=$2
+LIBDIR=$3
shift
shift
shift
diff --git a/source/script/installmsg.sh b/source/script/installmsg.sh
index 5a41fe1ca8d..30ad404aa0d 100644
--- a/source/script/installmsg.sh
+++ b/source/script/installmsg.sh
@@ -2,7 +2,7 @@
# first version (Sept 2003) written by Shiro Yamada <shiro@miraclelinux.com>
# based on the first verion (March 2002) of installdat.sh written by Herb Lewis
-MSGDIR=`echo $1 | sed 's/\/\//\//g'`
+MSGDIR=$1
SRCDIR=$2/
echo Installing msg files in $MSGDIR
diff --git a/source/script/installscripts.sh b/source/script/installscripts.sh
index 81608c3682c..bff5423e7cb 100755
--- a/source/script/installscripts.sh
+++ b/source/script/installscripts.sh
@@ -3,7 +3,7 @@
# 5 July 96 Dan.Shearer@UniSA.Edu.Au Don't hardcode script names, get from Make
INSTALLPERMS=$1
-BINDIR=`echo $2 | sed 's/\/\//\//g'`
+BINDIR=$2
shift
shift
diff --git a/source/script/installswat.sh b/source/script/installswat.sh
index 7841a2a7b50..bd2f8da2348 100755
--- a/source/script/installswat.sh
+++ b/source/script/installswat.sh
@@ -1,7 +1,7 @@
#!/bin/sh
#first version March 1998, Andrew Tridgell
-SWATDIR=`echo $1 | sed 's/\/\//\//g'`
+SWATDIR=$1
SRCDIR=$2/
BOOKDIR=$SWATDIR/using_samba
diff --git a/source/script/mkproto.awk b/source/script/mkproto.awk
index 3835ea3af37..b6e911699eb 100644
--- a/source/script/mkproto.awk
+++ b/source/script/mkproto.awk
@@ -120,7 +120,7 @@ END {
gotstart = 1;
}
- if( $0 ~ /^ADS_STRUCT|^ADS_STATUS|^DATA_BLOB|^ASN1_DATA|^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum.*\(|^NT_USER_TOKEN|^SAM_ACCOUNT|^NTTIME/ ) {
+ if( $0 ~ /^ADS_STRUCT|^ADS_STATUS|^DATA_BLOB|^ASN1_DATA|^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum.*\(|^NT_USER_TOKEN|^SAM_ACCOUNT/ ) {
gotstart = 1;
}
diff --git a/source/script/uninstallbin.sh b/source/script/uninstallbin.sh
index 5de936fccfd..a8bbdea7afd 100755
--- a/source/script/uninstallbin.sh
+++ b/source/script/uninstallbin.sh
@@ -2,10 +2,10 @@
#4 July 96 Dan.Shearer@UniSA.edu.au
INSTALLPERMS=$1
-BASEDIR=`echo $2 | sed 's/\/\//\//g'`
-BINDIR=`echo $3 | sed 's/\/\//\//g'`
-LIBDIR=`echo $4 | sed 's/\/\//\//g'`
-VARDIR=`echo $5 | sed 's/\/\//\//g'`
+BASEDIR=$2
+BINDIR=$3
+LIBDIR=$4
+VARDIR=$5
shift
shift
shift
diff --git a/source/script/uninstallman.sh b/source/script/uninstallman.sh
index 0fea11cd1b2..3126709831f 100755
--- a/source/script/uninstallman.sh
+++ b/source/script/uninstallman.sh
@@ -6,7 +6,7 @@
# by Japanese edition's approach)
-MANDIR=`echo $1 | sed 's/\/\//\//g'`
+MANDIR=$1
SRCDIR=$2
langs=$3
diff --git a/source/script/uninstallmodules.sh b/source/script/uninstallmodules.sh
index ac83af3dc90..30582a39fac 100755
--- a/source/script/uninstallmodules.sh
+++ b/source/script/uninstallmodules.sh
@@ -2,8 +2,8 @@
#4 July 96 Dan.Shearer@UniSA.edu.au
INSTALLPERMS=$1
-BASEDIR=`echo $2 | sed 's/\/\//\//g'`
-LIBDIR=`echo $3 | sed 's/\/\//\//g'`
+BASEDIR=$2
+LIBDIR=$3
shift
shift
shift
diff --git a/source/script/uninstallscripts.sh b/source/script/uninstallscripts.sh
index cf7fd719993..13104acedd8 100755
--- a/source/script/uninstallscripts.sh
+++ b/source/script/uninstallscripts.sh
@@ -2,7 +2,7 @@
# 5 July 96 Dan.Shearer@UniSA.Edu.Au - almost identical to uninstallbin.sh
INSTALLPERMS=$1
-BINDIR=`echo $2 | sed 's/\/\//\//g'`
+BINDIR=$2
shift
shift
diff --git a/source/smbd/blocking.c b/source/smbd/blocking.c
index 5c6ddbc6b7e..8fa2a6494e3 100644
--- a/source/smbd/blocking.c
+++ b/source/smbd/blocking.c
@@ -91,7 +91,6 @@ BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout,
{
static BOOL set_lock_msg;
blocking_lock_record *blr;
- BOOL my_lock_ctx = False;
NTSTATUS status;
if(in_chained_smb() ) {
@@ -128,7 +127,7 @@ BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout,
/* Add a pending lock record for this. */
status = brl_lock(blr->fsp->dev, blr->fsp->inode, blr->fsp->fnum,
lock_pid, sys_getpid(), blr->fsp->conn->cnum,
- offset, count, PENDING_LOCK, &my_lock_ctx);
+ offset, count, PENDING_LOCK);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("push_blocking_lock_request: failed to add PENDING_LOCK record.\n"));
@@ -303,7 +302,6 @@ static BOOL process_lockread(blocking_lock_record *blr)
NTSTATUS status;
connection_struct *conn = conn_find(SVAL(inbuf,smb_tid));
files_struct *fsp = blr->fsp;
- BOOL my_lock_ctx = False;
numtoread = SVAL(inbuf,smb_vwv1);
startpos = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv2);
@@ -311,7 +309,8 @@ static BOOL process_lockread(blocking_lock_record *blr)
numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
data = smb_buf(outbuf) + 3;
- status = do_lock_spin( fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)numtoread, startpos, READ_LOCK, &my_lock_ctx);
+ status = do_lock_spin( fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)numtoread,
+ startpos, READ_LOCK);
if (NT_STATUS_V(status)) {
if (!NT_STATUS_EQUAL(status,NT_STATUS_LOCK_NOT_GRANTED) &&
!NT_STATUS_EQUAL(status,NT_STATUS_FILE_LOCK_CONFLICT)) {
@@ -372,13 +371,13 @@ static BOOL process_lock(blocking_lock_record *blr)
NTSTATUS status;
connection_struct *conn = conn_find(SVAL(inbuf,smb_tid));
files_struct *fsp = blr->fsp;
- BOOL my_lock_ctx = False;
count = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1);
offset = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
errno = 0;
- status = do_lock_spin(fsp, conn, SVAL(inbuf,smb_pid), count, offset, WRITE_LOCK, &my_lock_ctx);
+ status = do_lock_spin(fsp, conn, SVAL(inbuf,smb_pid), count,
+ offset, WRITE_LOCK);
if (NT_STATUS_IS_ERR(status)) {
if (!NT_STATUS_EQUAL(status,NT_STATUS_LOCK_NOT_GRANTED) &&
!NT_STATUS_EQUAL(status,NT_STATUS_FILE_LOCK_CONFLICT)) {
@@ -429,7 +428,6 @@ static BOOL process_lockingX(blocking_lock_record *blr)
uint16 lock_pid;
BOOL large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES);
char *data;
- BOOL my_lock_ctx = False;
NTSTATUS status = NT_STATUS_OK;
data = smb_buf(inbuf) + ((large_file_format ? 20 : 10)*num_ulocks);
@@ -452,7 +450,7 @@ static BOOL process_lockingX(blocking_lock_record *blr)
*/
errno = 0;
status = do_lock_spin(fsp,conn,lock_pid,count,offset,
- ((locktype & 1) ? READ_LOCK : WRITE_LOCK), &my_lock_ctx);
+ ((locktype & 1) ? READ_LOCK : WRITE_LOCK));
if (NT_STATUS_IS_ERR(status)) break;
}
diff --git a/source/smbd/error.c b/source/smbd/error.c
index 795bf0949cc..9d0e34bf527 100644
--- a/source/smbd/error.c
+++ b/source/smbd/error.c
@@ -93,11 +93,6 @@ int error_packet(char *outbuf,NTSTATUS ntstatus,
if (errno != 0)
DEBUG(3,("error string = %s\n",strerror(errno)));
-#if defined(DEVELOPER)
- if (unix_ERR_class != SMB_SUCCESS || unix_ERR_code != 0 || !NT_STATUS_IS_OK(unix_ERR_ntstatus))
- smb_panic("logic error in error processing");
-#endif
-
/*
* We can explicitly force 32 bit error codes even when the
* parameter "nt status" is set to no by pre-setting the
diff --git a/source/smbd/notify_hash.c b/source/smbd/notify_hash.c
index ec414454f9e..810e5079ba5 100644
--- a/source/smbd/notify_hash.c
+++ b/source/smbd/notify_hash.c
@@ -41,7 +41,7 @@ static BOOL notify_hash(connection_struct *conn, char *path, uint32 flags,
SMB_STRUCT_STAT st;
pstring full_name;
char *p;
- const char *fname;
+ char *fname;
size_t remaining_len;
size_t fullname_len;
void *dp;
@@ -115,7 +115,7 @@ static BOOL notify_hash(connection_struct *conn, char *path, uint32 flags,
if (flags & (FILE_NOTIFY_CHANGE_DIR_NAME|FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_FILE)) {
int i;
unsigned char tmp_hash[16];
- mdfour(tmp_hash, (const unsigned char *)fname, strlen(fname));
+ mdfour(tmp_hash, (unsigned char *)fname, strlen(fname));
for (i=0;i<16;i++)
data->name_hash[i] ^= tmp_hash[i];
}
@@ -125,7 +125,7 @@ static BOOL notify_hash(connection_struct *conn, char *path, uint32 flags,
*/
if (flags & (FILE_NOTIFY_CHANGE_ATTRIBUTES|FILE_NOTIFY_CHANGE_SECURITY))
- data->mode_sum += st.st_mode;
+ data->mode_sum = st.st_mode;
}
CloseDir(dp);
diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index b4e7a70088d..1c507449472 100644
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -522,11 +522,8 @@ static int do_ntcreate_pipe_open(connection_struct *conn,
int ret;
int pnum = -1;
char *p = NULL;
- NTSTATUS status;
- srvstr_get_path(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status))
- return ERROR_NT(status);
+ srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE);
if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0)
return ret;
@@ -590,7 +587,6 @@ int reply_ntcreate_and_X(connection_struct *conn,
char *p = NULL;
time_t c_time;
BOOL extended_oplock_granted = False;
- NTSTATUS status;
START_PROFILE(SMBntcreateX);
@@ -645,11 +641,7 @@ create_options = 0x%x root_dir_fid = 0x%x\n", flags, desired_access, file_attrib
if(!dir_fsp->is_directory) {
- srvstr_get_path(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBntcreateX);
- return ERROR_NT(status);
- }
+ srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE);
/*
* Check to see if this is a mac fork of some kind.
@@ -689,17 +681,9 @@ create_options = 0x%x root_dir_fid = 0x%x\n", flags, desired_access, file_attrib
dir_name_len++;
}
- srvstr_get_path(inbuf, &fname[dir_name_len], smb_buf(inbuf), sizeof(fname)-dir_name_len, STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBntcreateX);
- return ERROR_NT(status);
- }
+ srvstr_pull_buf(inbuf, &fname[dir_name_len], smb_buf(inbuf), sizeof(fname)-dir_name_len, STR_TERMINATE);
} else {
- srvstr_get_path(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBntcreateX);
- return ERROR_NT(status);
- }
+ srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE);
/*
* Check to see if this is a mac fork of some kind.
@@ -987,7 +971,6 @@ static int do_nt_transact_create_pipe( connection_struct *conn, char *inbuf, cha
int ret;
int pnum = -1;
char *p = NULL;
- NTSTATUS status;
/*
* Ensure minimum number of parameters sent.
@@ -999,10 +982,6 @@ static int do_nt_transact_create_pipe( connection_struct *conn, char *inbuf, cha
}
srvstr_pull(inbuf, fname, params+53, sizeof(fname), parameter_count-53, STR_TERMINATE);
- status = check_path_syntax(fname);
- if (!NT_STATUS_IS_OK(status)) {
- return ERROR_NT(status);
- }
if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0)
return ret;
@@ -1179,6 +1158,7 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o
smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK);
if (create_options & FILE_OPEN_BY_FILE_ID) {
+ END_PROFILE(SMBntcreateX);
return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
}
@@ -1208,10 +1188,6 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o
if(!dir_fsp->is_directory) {
srvstr_pull(inbuf, fname, params+53, sizeof(fname), parameter_count-53, STR_TERMINATE);
- nt_status = check_path_syntax(fname);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return ERROR_NT(nt_status);
- }
/*
* Check to see if this is a mac fork of some kind.
@@ -1241,16 +1217,8 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o
srvstr_pull(inbuf, &fname[dir_name_len], params+53, sizeof(fname)-dir_name_len,
parameter_count-53, STR_TERMINATE);
- nt_status = check_path_syntax(fname);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return ERROR_NT(nt_status);
- }
} else {
srvstr_pull(inbuf, fname, params+53, sizeof(fname), parameter_count-53, STR_TERMINATE);
- nt_status = check_path_syntax(fname);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return ERROR_NT(nt_status);
- }
/*
* Check to see if this is a mac fork of some kind.
@@ -1292,6 +1260,7 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o
/* Can't open a temp directory. IFS kit test. */
if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
+ END_PROFILE(SMBntcreateX);
return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
@@ -1392,6 +1361,7 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o
fsp->initial_allocation_size = SMB_ROUNDUP(allocation_size,SMB_ROUNDUP_ALLOCATION_SIZE);
if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
close_file(fsp,False);
+ END_PROFILE(SMBntcreateX);
return ERROR_NT(NT_STATUS_DISK_FULL);
}
} else {
@@ -1547,10 +1517,6 @@ static int call_nt_transact_rename(connection_struct *conn, char *inbuf, char *o
replace_if_exists = (SVAL(params,2) & RENAME_REPLACE_IF_EXISTS) ? True : False;
CHECK_FSP(fsp, conn);
srvstr_pull(inbuf, new_name, params+4, sizeof(new_name), -1, STR_TERMINATE);
- status = check_path_syntax(new_name);
- if (!NT_STATUS_IS_OK(status)) {
- return ERROR_NT(status);
- }
status = rename_internals(conn, fsp->fsp_name,
new_name, replace_if_exists);
diff --git a/source/smbd/password.c b/source/smbd/password.c
index 958ed663e67..32c24b3d679 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -291,9 +291,7 @@ BOOL user_ok(const char *user,int snum, gid_t *groups, size_t n_groups)
if (lp_invalid_users(snum)) {
str_list_copy(&invalid, lp_invalid_users(snum));
if (invalid && str_list_substitute(invalid, "%S", lp_servicename(snum))) {
- if ( invalid && str_list_sub_basic(invalid, current_user_info.smb_name) ) {
- ret = !user_in_list(user, (const char **)invalid, groups, n_groups);
- }
+ ret = !user_in_list(user, (const char **)invalid, groups, n_groups);
}
}
if (invalid)
@@ -301,10 +299,8 @@ BOOL user_ok(const char *user,int snum, gid_t *groups, size_t n_groups)
if (ret && lp_valid_users(snum)) {
str_list_copy(&valid, lp_valid_users(snum));
- if ( valid && str_list_substitute(valid, "%S", lp_servicename(snum)) ) {
- if ( valid && str_list_sub_basic(valid, current_user_info.smb_name) ) {
- ret = user_in_list(user, (const char **)valid, groups, n_groups);
- }
+ if ( valid && str_list_sub_basic(valid, current_user_info.smb_name) ) {
+ ret = user_in_list(user, (const char **)valid, groups, n_groups);
}
}
if (valid)
diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 5c9451cf377..6ac4cffddb4 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -39,33 +39,21 @@ unsigned int smb_echo_count = 0;
extern BOOL global_encrypted_passwords_negotiated;
/****************************************************************************
- Ensure we check the path in *exactly* the same way as W2K.
+ Ensure we check the path in the same way as W2K.
****************************************************************************/
-NTSTATUS check_path_syntax(const char *name)
+static NTSTATUS check_path_syntax(const char *name)
{
- while (*name == '\\' || *name == '/')
+ while (*name == '\\')
name++;
- if (name[0] == '.' && name[1] == '\0')
+ if (strequal(name, "."))
return NT_STATUS_OBJECT_NAME_INVALID;
- else if (name[0] == '.' && name[1] == '.' &&
- (name[2] == '\\' || name [2] == '/' || name[2] == '\0'))
+ else if (strequal(name, ".."))
return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
return NT_STATUS_OK;
}
/****************************************************************************
- Pull a string and check the path - provide for error return.
-****************************************************************************/
-
-size_t srvstr_get_path(char *inbuf, char *dest, const char *src, size_t dest_len, int flags, NTSTATUS *err)
-{
- size_t ret = srvstr_pull_buf( inbuf, dest, src, dest_len, flags);
- *err = check_path_syntax(dest);
- return ret;
-}
-
-/****************************************************************************
Reply to a special message.
****************************************************************************/
@@ -414,11 +402,11 @@ int reply_chkpth(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
START_PROFILE(SMBchkpth);
- srvstr_get_path(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), STR_TERMINATE, &status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBchkpth);
+ srvstr_pull_buf(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), STR_TERMINATE);
+
+ status = check_path_syntax(name);
+ if (!NT_STATUS_IS_OK(status))
return ERROR_NT(status);
- }
RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
@@ -428,10 +416,8 @@ int reply_chkpth(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
if (check_name(name,conn)) {
if (VALID_STAT(sbuf) || SMB_VFS_STAT(conn,name,&sbuf) == 0)
- if (!(ok = S_ISDIR(sbuf.st_mode))) {
- END_PROFILE(SMBchkpth);
- return ERROR_BOTH(NT_STATUS_NOT_A_DIRECTORY,ERRDOS,ERRbadpath);
- }
+ if (!(ok = S_ISDIR(sbuf.st_mode)))
+ errno = ENOTDIR;
}
if (!ok) {
@@ -449,18 +435,13 @@ int reply_chkpth(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
* if the path is invalid.
*/
if (bad_path) {
- END_PROFILE(SMBchkpth);
return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
} else {
- END_PROFILE(SMBchkpth);
return ERROR_NT(NT_STATUS_OBJECT_NAME_NOT_FOUND);
}
- } else if (errno == ENOTDIR) {
- END_PROFILE(SMBchkpth);
+ } else if (errno == ENOTDIR)
return ERROR_NT(NT_STATUS_NOT_A_DIRECTORY);
- }
- END_PROFILE(SMBchkpth);
return(UNIXERROR(ERRDOS,ERRbadpath));
}
@@ -487,16 +468,10 @@ int reply_getatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
time_t mtime=0;
BOOL bad_path = False;
char *p;
- NTSTATUS status;
-
START_PROFILE(SMBgetatr);
p = smb_buf(inbuf) + 1;
- p += srvstr_get_path(inbuf, fname, p, sizeof(fname), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBgetatr);
- return ERROR_NT(status);
- }
+ p += srvstr_pull_buf(inbuf, fname, p, sizeof(fname), STR_TERMINATE);
RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
@@ -562,17 +537,11 @@ int reply_setatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
SMB_STRUCT_STAT sbuf;
BOOL bad_path = False;
char *p;
- NTSTATUS status;
START_PROFILE(SMBsetatr);
p = smb_buf(inbuf) + 1;
- p += srvstr_get_path(inbuf, fname, p, sizeof(fname), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBsetatr);
- return ERROR_NT(status);
- }
-
+ p += srvstr_pull_buf(inbuf, fname, p, sizeof(fname), STR_TERMINATE);
unix_convert(fname,conn,0,&bad_path,&sbuf);
mode = SVAL(inbuf,smb_vwv0);
@@ -683,7 +652,6 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
BOOL expect_close = False;
BOOL can_open = True;
BOOL bad_path = False;
- NTSTATUS nt_status;
START_PROFILE(SMBsearch);
*mask = *directory = *fname = 0;
@@ -696,11 +664,7 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
maxentries = SVAL(inbuf,smb_vwv0);
dirtype = SVAL(inbuf,smb_vwv1);
p = smb_buf(inbuf) + 1;
- p += srvstr_get_path(inbuf, path, p, sizeof(path), STR_TERMINATE,&nt_status);
- if (!NT_STATUS_IS_OK(nt_status)) {
- END_PROFILE(SMBsearch);
- return ERROR_NT(nt_status);
- }
+ p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE);
p++;
status_len = SVAL(p, 0);
p += 2;
@@ -865,17 +829,12 @@ int reply_fclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
char status[21];
int dptr_num= -2;
char *p;
- NTSTATUS err;
START_PROFILE(SMBfclose);
outsize = set_message(outbuf,1,0,True);
p = smb_buf(inbuf) + 1;
- p += srvstr_get_path(inbuf, path, p, sizeof(path), STR_TERMINATE,&err);
- if (!NT_STATUS_IS_OK(err)) {
- END_PROFILE(SMBfclose);
- return ERROR_NT(err);
- }
+ p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE);
p++;
status_len = SVAL(p,0);
p += 2;
@@ -918,16 +877,11 @@ int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
BOOL bad_path = False;
files_struct *fsp;
int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
- NTSTATUS status;
START_PROFILE(SMBopen);
share_mode = SVAL(inbuf,smb_vwv0);
- srvstr_get_path(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBopen);
- return ERROR_NT(status);
- }
+ srvstr_pull_buf(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), STR_TERMINATE);
RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
@@ -1000,7 +954,6 @@ int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
int smb_action = 0;
BOOL bad_path = False;
files_struct *fsp;
- NTSTATUS status;
START_PROFILE(SMBopenX);
/* If it's an IPC, pass off the pipe handler. */
@@ -1015,11 +968,7 @@ int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
}
/* XXXX we need to handle passed times, sattr and flags */
- srvstr_get_path(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBopenX);
- return ERROR_NT(status);
- }
+ srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE);
RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
@@ -1125,17 +1074,12 @@ int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
files_struct *fsp;
int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
SMB_STRUCT_STAT sbuf;
- NTSTATUS status;
START_PROFILE(SMBcreate);
com = SVAL(inbuf,smb_com);
createmode = SVAL(inbuf,smb_vwv0);
- srvstr_get_path(inbuf, fname, smb_buf(inbuf) + 1, sizeof(fname), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBcreate);
- return ERROR_NT(status);
- }
+ srvstr_pull_buf(inbuf, fname, smb_buf(inbuf) + 1, sizeof(fname), STR_TERMINATE);
RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
@@ -1195,16 +1139,11 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
int tmpfd;
SMB_STRUCT_STAT sbuf;
char *p, *s;
- NTSTATUS status;
START_PROFILE(SMBctemp);
createmode = SVAL(inbuf,smb_vwv0);
- srvstr_get_path(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBctemp);
- return ERROR_NT(status);
- }
+ srvstr_pull_buf(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), STR_TERMINATE);
pstrcat(fname,"\\TMXXXXXX");
RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
@@ -1296,7 +1235,6 @@ static NTSTATUS can_rename(char *fname,connection_struct *conn, SMB_STRUCT_STAT
ret = NT_STATUS_SHARING_VIOLATION;
unix_ERR_class = 0;
unix_ERR_code = 0;
- unix_ERR_ntstatus = NT_STATUS_OK;
return ret;
}
close_file(fsp,False);
@@ -1485,12 +1423,12 @@ int reply_unlink(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
dirtype = SVAL(inbuf,smb_vwv0);
- srvstr_get_path(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBunlink);
- return ERROR_NT(status);
- }
+ srvstr_pull_buf(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), STR_TERMINATE);
+ status = check_path_syntax(name);
+ if (!NT_STATUS_IS_OK(status))
+ return ERROR_NT(status);
+
RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
DEBUG(3,("reply_unlink : %s\n",name));
@@ -1567,13 +1505,8 @@ void send_file_readbraw(connection_struct *conn, files_struct *fsp, SMB_OFF_T st
if (nread > 0) {
ret = read_file(fsp,outbuf+4,startpos,nread);
-#if 0 /* mincount appears to be ignored in a W2K server. JRA. */
if (ret < mincount)
ret = 0;
-#else
- if (ret < nread)
- ret = 0;
-#endif
}
_smb_setlen(outbuf,ret);
@@ -1673,6 +1606,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
/* ensure we don't overrun the packet size */
maxcount = MIN(65535,maxcount);
+ maxcount = MAX(mincount,maxcount);
if (!is_locked(fsp,conn,(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK,False)) {
SMB_OFF_T size = fsp->size;
@@ -1692,10 +1626,8 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
nread = MIN(maxcount,(size - startpos));
}
-#if 0 /* mincount appears to be ignored in a W2K server. JRA. */
if (nread < mincount)
nread = 0;
-#endif
DEBUG( 3, ( "readbraw fnum=%d start=%.0f max=%d min=%d nread=%d\n", fsp->fnum, (double)startpos,
(int)maxcount, (int)mincount, (int)nread ) );
@@ -1720,7 +1652,6 @@ int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length
size_t numtoread;
NTSTATUS status;
files_struct *fsp = file_fsp(inbuf,smb_vwv0);
- BOOL my_lock_ctx = False;
START_PROFILE(SMBlockread);
CHECK_FSP(fsp,conn);
@@ -1740,21 +1671,13 @@ int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length
* protocol request that predates the read/write lock concept.
* Thus instead of asking for a read lock here we need to ask
* for a write lock. JRA.
- * Note that the requested lock size is unaffected by max_recv.
*/
status = do_lock_spin(fsp, conn, SVAL(inbuf,smb_pid),
- (SMB_BIG_UINT)numtoread, (SMB_BIG_UINT)startpos, WRITE_LOCK, &my_lock_ctx);
+ (SMB_BIG_UINT)numtoread, (SMB_BIG_UINT)startpos, WRITE_LOCK);
if (NT_STATUS_V(status)) {
-#if 0
- /*
- * We used to make lockread a blocking lock. It turns out
- * that this isn't on W2k. Found by the Samba 4 RAW-READ torture
- * tester. JRA.
- */
-
- if (lp_blocking_locks(SNUM(conn)) && !my_lock_ctx && ERROR_WAS_LOCK_DENIED(status)) {
+ if (lp_blocking_locks(SNUM(conn)) && ERROR_WAS_LOCK_DENIED(status)) {
/*
* A blocking lock was requested. Package up
* this smb into a queued request and push it
@@ -1766,21 +1689,10 @@ int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length
return -1;
}
}
-#endif
END_PROFILE(SMBlockread);
return ERROR_NT(status);
}
- /*
- * However the requested READ size IS affected by max_recv. Insanity.... JRA.
- */
-
- if (numtoread > max_recv) {
- DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
-Returning short read of maximum allowed for compatibility with Windows 2000.\n",
- (unsigned int)numtoread, (unsigned int)max_recv ));
- numtoread = MIN(numtoread,max_recv);
- }
nread = read_file(fsp,data,startpos,numtoread);
if (nread < 0) {
@@ -1822,16 +1734,6 @@ int reply_read(connection_struct *conn, char *inbuf,char *outbuf, int size, int
outsize = set_message(outbuf,5,3,True);
numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
- /*
- * The requested read size cannot be greater than max_recv. JRA.
- */
- if (numtoread > max_recv) {
- DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
-Returning short read of maximum allowed for compatibility with Windows 2000.\n",
- (unsigned int)numtoread, (unsigned int)max_recv ));
- numtoread = MIN(numtoread,max_recv);
- }
-
data = smb_buf(outbuf) + 3;
if (is_locked(fsp,conn,(SMB_BIG_UINT)numtoread,(SMB_BIG_UINT)startpos, READ_LOCK,False)) {
@@ -1899,7 +1801,6 @@ int send_file_readX(connection_struct *conn, char *inbuf,char *outbuf,int length
* correct amount of data).
*/
- SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
SSVAL(outbuf,smb_vwv5,smb_maxcnt);
SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
@@ -1938,7 +1839,6 @@ int send_file_readX(connection_struct *conn, char *inbuf,char *outbuf,int length
return(UNIXERROR(ERRDOS,ERRnoaccess));
}
- SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
SSVAL(outbuf,smb_vwv5,nread);
SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
SSVAL(smb_buf(outbuf),-2,nread);
@@ -2031,7 +1931,7 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size,
START_PROFILE(SMBwritebraw);
if (srv_is_signing_active()) {
- exit_server("reply_writebraw: SMB signing is active - raw reads/writes are disallowed.");
+ exit_server("reply_readbraw: SMB signing is active - raw reads/writes are disallowed.");
}
CHECK_FSP(fsp,conn);
@@ -2664,8 +2564,6 @@ int reply_lock(connection_struct *conn,
SMB_BIG_UINT count,offset;
NTSTATUS status;
files_struct *fsp = file_fsp(inbuf,smb_vwv0);
- BOOL my_lock_ctx = False;
-
START_PROFILE(SMBlock);
CHECK_FSP(fsp,conn);
@@ -2678,9 +2576,9 @@ int reply_lock(connection_struct *conn,
DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
fsp->fd, fsp->fnum, (double)offset, (double)count));
- status = do_lock_spin(fsp, conn, SVAL(inbuf,smb_pid), count, offset, WRITE_LOCK, &my_lock_ctx);
+ status = do_lock_spin(fsp, conn, SVAL(inbuf,smb_pid), count, offset, WRITE_LOCK);
if (NT_STATUS_V(status)) {
- if (lp_blocking_locks(SNUM(conn)) && !my_lock_ctx && ERROR_WAS_LOCK_DENIED(status)) {
+ if (lp_blocking_locks(SNUM(conn)) && ERROR_WAS_LOCK_DENIED(status)) {
/*
* A blocking lock was requested. Package up
* this smb into a queued request and push it
@@ -3023,19 +2921,13 @@ int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
NTSTATUS status;
START_PROFILE(SMBmkdir);
- srvstr_get_path(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBmkdir);
- return ERROR_NT(status);
- }
+ srvstr_pull_buf(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), STR_TERMINATE);
RESOLVE_DFSPATH(directory, conn, inbuf, outbuf);
status = mkdir_internal(conn, directory);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBmkdir);
+ if (!NT_STATUS_IS_OK(status))
return ERROR_NT(status);
- }
outsize = set_message(outbuf,0,0,True);
@@ -3190,14 +3082,9 @@ int reply_rmdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
BOOL ok = False;
BOOL bad_path = False;
SMB_STRUCT_STAT sbuf;
- NTSTATUS status;
START_PROFILE(SMBrmdir);
- srvstr_get_path(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBrmdir);
- return ERROR_NT(status);
- }
+ srvstr_pull_buf(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), STR_TERMINATE);
RESOLVE_DFSPATH(directory, conn, inbuf, outbuf)
@@ -3692,17 +3579,9 @@ int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
START_PROFILE(SMBmv);
p = smb_buf(inbuf) + 1;
- p += srvstr_get_path(inbuf, name, p, sizeof(name), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBmv);
- return ERROR_NT(status);
- }
+ p += srvstr_pull_buf(inbuf, name, p, sizeof(name), STR_TERMINATE);
p++;
- p += srvstr_get_path(inbuf, newname, p, sizeof(newname), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBmv);
- return ERROR_NT(status);
- }
+ p += srvstr_pull_buf(inbuf, newname, p, sizeof(newname), STR_TERMINATE);
RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
RESOLVE_DFSPATH(newname, conn, inbuf, outbuf);
@@ -3711,7 +3590,6 @@ int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
status = rename_internals(conn, name, newname, False);
if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBmv);
return ERROR_NT(status);
}
@@ -3829,23 +3707,14 @@ int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
BOOL bad_path2 = False;
BOOL rc = True;
SMB_STRUCT_STAT sbuf1, sbuf2;
- NTSTATUS status;
START_PROFILE(SMBcopy);
*directory = *mask = 0;
p = smb_buf(inbuf);
- p += srvstr_get_path(inbuf, name, p, sizeof(name), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBcopy);
- return ERROR_NT(status);
- }
- p += srvstr_get_path(inbuf, newname, p, sizeof(newname), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBcopy);
- return ERROR_NT(status);
- }
+ p += srvstr_pull_buf(inbuf, name, p, sizeof(name), STR_TERMINATE);
+ p += srvstr_pull_buf(inbuf, newname, p, sizeof(newname), STR_TERMINATE);
DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
@@ -3991,7 +3860,6 @@ int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
int outsize = 0;
BOOL ok = False;
pstring newdir;
- NTSTATUS status;
START_PROFILE(pathworks_setdir);
@@ -4001,11 +3869,7 @@ int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
return ERROR_DOS(ERRDOS,ERRnoaccess);
}
- srvstr_get_path(inbuf, newdir, smb_buf(inbuf) + 1, sizeof(newdir), STR_TERMINATE,&status);
- if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(pathworks_setdir);
- return ERROR_NT(status);
- }
+ srvstr_pull_buf(inbuf, newdir, smb_buf(inbuf) + 1, sizeof(newdir), STR_TERMINATE);
if (strlen(newdir) == 0) {
ok = True;
@@ -4180,7 +4044,6 @@ int reply_lockingX(connection_struct *conn, char *inbuf,char *outbuf,int length,
char *data;
BOOL large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
BOOL err;
- BOOL my_lock_ctx = False;
NTSTATUS status;
START_PROFILE(SMBlockingX);
@@ -4301,9 +4164,9 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
fsp->fsp_name, (int)lock_timeout ));
status = do_lock_spin(fsp,conn,lock_pid, count,offset,
- ((locktype & 1) ? READ_LOCK : WRITE_LOCK), &my_lock_ctx);
+ ((locktype & 1) ? READ_LOCK : WRITE_LOCK));
if (NT_STATUS_V(status)) {
- if ((lock_timeout != 0) && lp_blocking_locks(SNUM(conn)) && !my_lock_ctx && ERROR_WAS_LOCK_DENIED(status)) {
+ if ((lock_timeout != 0) && lp_blocking_locks(SNUM(conn)) && ERROR_WAS_LOCK_DENIED(status)) {
/*
* A blocking lock was requested. Package up
* this smb into a queued request and push it
diff --git a/source/smbd/service.c b/source/smbd/service.c
index e5655bd9f4c..44d73b2ab27 100644
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -259,27 +259,23 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev)
return NT_STATUS_OK;
}
+
/****************************************************************************
readonly share?
****************************************************************************/
-
static void set_read_only(connection_struct *conn, gid_t *groups, size_t n_groups)
{
char **list;
- const char *service = lp_servicename(conn->service);
+ char *service = lp_servicename(conn->service);
conn->read_only = lp_readonly(conn->service);
- if (!service)
- return;
+ if (!service) return;
str_list_copy(&list, lp_readlist(conn->service));
if (list) {
- if (!str_list_sub_basic(list, current_user_info.smb_name) ) {
+ if ( !str_list_sub_basic(list, current_user_info.smb_name) ) {
DEBUG(0, ("ERROR: read list substitution failed\n"));
}
- if (!str_list_substitute(list, "%S", service)) {
- DEBUG(0, ("ERROR: read list service substitution failed\n"));
- }
if (user_in_list(conn->user, (const char **)list, groups, n_groups))
conn->read_only = True;
str_list_free(&list);
@@ -287,22 +283,19 @@ static void set_read_only(connection_struct *conn, gid_t *groups, size_t n_group
str_list_copy(&list, lp_writelist(conn->service));
if (list) {
- if (!str_list_sub_basic(list, current_user_info.smb_name) ) {
+ if ( !str_list_sub_basic(list, current_user_info.smb_name) ) {
DEBUG(0, ("ERROR: write list substitution failed\n"));
}
- if (!str_list_substitute(list, "%S", service)) {
- DEBUG(0, ("ERROR: write list service substitution failed\n"));
- }
if (user_in_list(conn->user, (const char **)list, groups, n_groups))
conn->read_only = False;
str_list_free(&list);
}
}
+
/****************************************************************************
admin user check
****************************************************************************/
-
static void set_admin_user(connection_struct *conn, gid_t *groups, size_t n_groups)
{
/* admin user check */
@@ -894,9 +887,6 @@ void close_cnum(connection_struct *conn, uint16 vuid)
file_close_conn(conn);
dptr_closecnum(conn);
- /* make sure we leave the directory available for unmount */
- vfs_ChDir(conn, "/");
-
/* execute any "postexec = " line */
if (*lp_postexec(SNUM(conn)) &&
change_to_user(conn, vuid)) {
@@ -916,5 +906,8 @@ void close_cnum(connection_struct *conn, uint16 vuid)
smbrun(cmd,NULL);
}
+ /* make sure we leave the directory available for unmount */
+ vfs_ChDir(conn, "/");
+
conn_free(conn);
}
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index 3d53387c9f1..033e76a33e1 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -1407,34 +1407,17 @@ static int call_trans2qfsinfo(connection_struct *conn, char *inbuf, char *outbuf
switch (info_level) {
case SMB_INFO_ALLOCATION:
{
- SMB_BIG_UINT dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector;
+ SMB_BIG_UINT dfree,dsize,bsize;
data_len = 18;
SMB_VFS_DISK_FREE(conn,".",False,&bsize,&dfree,&dsize);
- block_size = lp_block_size(snum);
- if (bsize < block_size) {
- SMB_BIG_UINT factor = block_size/bsize;
- bsize = block_size;
- dsize /= factor;
- dfree /= factor;
- }
- if (bsize > block_size) {
- SMB_BIG_UINT factor = bsize/block_size;
- bsize = block_size;
- dsize *= factor;
- dfree *= factor;
- }
- bytes_per_sector = 512;
- sectors_per_unit = bsize/bytes_per_sector;
-
- DEBUG(5,("call_trans2qfsinfo : SMB_INFO_ALLOCATION id=%x, bsize=%u, cSectorUnit=%u, \
-cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)st.st_dev, (unsigned int)bsize, (unsigned int)sectors_per_unit,
- (unsigned int)bytes_per_sector, (unsigned int)dsize, (unsigned int)dfree));
-
SIVAL(pdata,l1_idFileSystem,st.st_dev);
- SIVAL(pdata,l1_cSectorUnit,sectors_per_unit);
+ SIVAL(pdata,l1_cSectorUnit,bsize/512);
SIVAL(pdata,l1_cUnit,dsize);
SIVAL(pdata,l1_cUnitAvail,dfree);
- SSVAL(pdata,l1_cbSector,bytes_per_sector);
+ SSVAL(pdata,l1_cbSector,512);
+ DEBUG(5,("call_trans2qfsinfo : bsize=%u, id=%x, cSectorUnit=%u, cUnit=%u, cUnitAvail=%u, cbSector=%d\n",
+ (unsigned int)bsize, (unsigned int)st.st_dev, ((unsigned int)bsize)/512, (unsigned int)dsize,
+ (unsigned int)dfree, 512));
break;
}
@@ -1802,9 +1785,12 @@ int set_bad_path_error(int err, BOOL bad_path, char *outbuf, int def_class, uint
err, (int)bad_path ));
if(err == ENOENT) {
+ unix_ERR_class = ERRDOS;
if (bad_path) {
+ unix_ERR_code = ERRbadpath;
return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
} else {
+ unix_ERR_code = ERRbadfile;
return ERROR_NT(NT_STATUS_OBJECT_NAME_NOT_FOUND);
}
}
diff --git a/source/tdb/tdbback.c b/source/tdb/tdbback.c
index 68b6fadc882..744cface557 100644
--- a/source/tdb/tdbback.c
+++ b/source/tdb/tdbback.c
@@ -18,11 +18,6 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-#ifdef STANDALONE
-#if HAVE_CONFIG_H
-#include <config.h>
-#endif
-
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
@@ -32,16 +27,10 @@
#include <fcntl.h>
#include <time.h>
#include <sys/mman.h>
-
#include <sys/stat.h>
#include <sys/time.h>
#include <ctype.h>
#include <signal.h>
-
-#else
-#include "includes.h"
-#endif
-
#include "tdb.h"
static int failed;
@@ -55,7 +44,8 @@ char *add_suffix(const char *name, const char *suffix)
fprintf(stderr,"Out of memory!\n");
exit(1);
}
- snprintf(ret, len, "%s%s", name, suffix);
+ strncpy(ret, name, len);
+ strncat(ret, suffix, len);
return ret;
}
diff --git a/source/tdb/tdbbackup.c b/source/tdb/tdbbackup.c
index 1a0e1c1588f..0eaf6b6c0b7 100644
--- a/source/tdb/tdbbackup.c
+++ b/source/tdb/tdbbackup.c
@@ -41,11 +41,6 @@
*/
-#ifdef STANDALONE
-#if HAVE_CONFIG_H
-#include <config.h>
-#endif
-
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
@@ -59,13 +54,6 @@
#include <sys/time.h>
#include <ctype.h>
#include <signal.h>
-
-#else
-
-#include "includes.h"
-
-#endif
-
#include "tdb.h"
#include "tdbback.h"
diff --git a/source/utils/net_ads_cldap.c b/source/utils/net_ads_cldap.c
index 44de9cb8911..595e6e94347 100644
--- a/source/utils/net_ads_cldap.c
+++ b/source/utils/net_ads_cldap.c
@@ -32,15 +32,19 @@ struct cldap_netlogon_reply {
GUID guid;
char forest[MAX_DNS_LABEL];
+ char unk0[MAX_DNS_LABEL];
char domain[MAX_DNS_LABEL];
char hostname[MAX_DNS_LABEL];
char netbios_domain[MAX_DNS_LABEL];
+ char unk1[MAX_DNS_LABEL];
char netbios_hostname[MAX_DNS_LABEL];
- char unk[MAX_DNS_LABEL];
+ char unk2[MAX_DNS_LABEL];
char user_name[MAX_DNS_LABEL];
+ char unk3[MAX_DNS_LABEL];
char site_name[MAX_DNS_LABEL];
+ char unk4[MAX_DNS_LABEL];
char site_name_2[MAX_DNS_LABEL];
uint32 version;
@@ -111,7 +115,7 @@ static unsigned pull_netlogon_string(char *ret, const char *ptr,
}
} while (*ptr);
- return followed_ptr ? ret_len : ret_len + 1;
+ return ret_len ? ret_len : 1;
}
/*
@@ -245,11 +249,13 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply)
p += GUID_SIZE;
p += pull_netlogon_string(reply->forest, p, (const char *)os3.data);
+ p += pull_netlogon_string(reply->unk0, p, (const char *)os3.data);
p += pull_netlogon_string(reply->domain, p, (const char *)os3.data);
p += pull_netlogon_string(reply->hostname, p, (const char *)os3.data);
p += pull_netlogon_string(reply->netbios_domain, p, (const char *)os3.data);
+ p += pull_netlogon_string(reply->unk1, p, (const char *)os3.data);
p += pull_netlogon_string(reply->netbios_hostname, p, (const char *)os3.data);
- p += pull_netlogon_string(reply->unk, p, (const char *)os3.data);
+ p += pull_netlogon_string(reply->unk2, p, (const char *)os3.data);
if (reply->type == SAMLOGON_AD_R) {
p += pull_netlogon_string(reply->user_name, p, (const char *)os3.data);
@@ -257,7 +263,9 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply)
*reply->user_name = 0;
}
+ p += pull_netlogon_string(reply->unk3, p, (const char *)os3.data);
p += pull_netlogon_string(reply->site_name, p, (const char *)os3.data);
+ p += pull_netlogon_string(reply->unk4, p, (const char *)os3.data);
p += pull_netlogon_string(reply->site_name_2, p, (const char *)os3.data);
reply->version = IVAL(p, 0);
@@ -341,16 +349,20 @@ int ads_cldap_netlogon(ADS_STRUCT *ads)
(reply.flags & ADS_NDNC) ? "yes" : "no");
printf("Forest:\t\t\t%s\n", reply.forest);
+ if (*reply.unk0) printf("Unk0:\t\t\t%s\n", reply.unk0);
printf("Domain:\t\t\t%s\n", reply.domain);
printf("Domain Controller:\t%s\n", reply.hostname);
printf("Pre-Win2k Domain:\t%s\n", reply.netbios_domain);
+ if (*reply.unk1) printf("Unk1:\t\t\t%s\n", reply.unk1);
printf("Pre-Win2k Hostname:\t%s\n", reply.netbios_hostname);
- if (*reply.unk) printf("Unk:\t\t\t%s\n", reply.unk);
+ if (*reply.unk2) printf("Unk2:\t\t\t%s\n", reply.unk2);
if (*reply.user_name) printf("User name:\t%s\n", reply.user_name);
+ if (*reply.unk3) printf("Unk3:\t\t\t%s\n", reply.unk3);
printf("Site Name:\t\t%s\n", reply.site_name);
+ if (*reply.unk4) printf("Unk4:\t\t\t%s\n", reply.unk4);
printf("Site Name (2):\t\t%s\n", reply.site_name_2);
d_printf("NT Version: %d\n", reply.version);
diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c
index d1c8300a497..64f2d3f68f9 100644
--- a/source/utils/net_rpc_samsync.c
+++ b/source/utils/net_rpc_samsync.c
@@ -182,9 +182,6 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret
result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type,
sync_context,
&num_deltas, &hdr_deltas, &deltas);
- if (NT_STATUS_IS_ERR(result))
- break;
-
clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), ret_creds);
for (i = 0; i < num_deltas; i++) {
display_sam_entry(&hdr_deltas[i], &deltas[i]);
diff --git a/source/utils/profiles.c b/source/utils/profiles.c
index 20b1222e723..3230eb21fc8 100644
--- a/source/utils/profiles.c
+++ b/source/utils/profiles.c
@@ -295,6 +295,7 @@ Hope this helps.... (Although it was "fun" for me to uncover this things,
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
+#include <sys/mman.h>
typedef unsigned int DWORD;
typedef unsigned short WORD;
@@ -609,12 +610,7 @@ int main(int argc, char *argv[])
* dealing with the records. We are interested in the sk record
*/
start = 0;
-
-#ifdef HAVE_MMAP
base = mmap(&start, sbuf.st_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
-#else
- base = (char *)-1;
-#endif
if ((int)base == -1) {
fprintf(stderr, "Could not mmap file: %s, %s\n", poptPeekArg(pc),
@@ -730,9 +726,7 @@ int main(int argc, char *argv[])
sk_hdr = (SK_HDR *)(base + OFF(IVAL(&sk_hdr->prev_off, 0)));
} while (sk_off != first_sk_off);
-#ifdef HAVE_MMAP
munmap(base, sbuf.st_size);
-#endif
poptFreeContext(pc);
diff --git a/source/utils/smbcacls.c b/source/utils/smbcacls.c
index 5a70d168842..58ee57b5dd2 100644
--- a/source/utils/smbcacls.c
+++ b/source/utils/smbcacls.c
@@ -389,7 +389,7 @@ static SEC_DESC *sec_desc_parse(char *str)
return NULL;
}
- ret = make_sec_desc(ctx,revision, SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid,
+ ret = make_sec_desc(ctx,revision, owner_sid, grp_sid,
NULL, dacl, &sd_size);
SAFE_FREE(grp_sid);
@@ -504,7 +504,7 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
return EXIT_FAILED;
}
- sd = make_sec_desc(ctx,old->revision, old->type,
+ sd = make_sec_desc(ctx,old->revision,
(change_mode == REQUEST_CHOWN) ? &sid : NULL,
(change_mode == REQUEST_CHGRP) ? &sid : NULL,
NULL, NULL, &sd_size);
@@ -679,7 +679,7 @@ static int cacl_set(struct cli_state *cli, char *filename,
sort_acl(old->dacl);
/* Create new security descriptor and set it */
- sd = make_sec_desc(ctx,old->revision, old->type, NULL, NULL,
+ sd = make_sec_desc(ctx,old->revision, NULL, NULL,
NULL, old->dacl, &sd_size);
fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS);
diff --git a/source/utils/testparm.c b/source/utils/testparm.c
index 085156305b1..34c25480d94 100644
--- a/source/utils/testparm.c
+++ b/source/utils/testparm.c
@@ -226,12 +226,7 @@ via the %%o substitution. With encrypted passwords this is not possible.\n", lp_
cname = poptGetArg(pc);
caddr = poptGetArg(pc);
-
- if ( cname && ! caddr ) {
- printf ( "ERROR: You must specify both a machine name and an IP address.\n" );
- return(1);
- }
-
+
if (new_local_machine) {
set_local_machine_name(new_local_machine, True);
}
@@ -351,9 +346,8 @@ via the %%o substitution. With encrypted passwords this is not possible.\n", lp_
if(cname && caddr){
/* this is totally ugly, a real `quick' hack */
for (s=0;s<1000;s++) {
- if (VALID_SNUM(s)) {
- if (allow_access(lp_hostsdeny(-1), lp_hostsallow(-1), cname, caddr)
- && allow_access(lp_hostsdeny(s), lp_hostsallow(s), cname, caddr)) {
+ if (VALID_SNUM(s)) {
+ if (allow_access(lp_hostsdeny(s), lp_hostsallow(s), cname, caddr)) {
printf("Allow connection from %s (%s) to %s\n",
cname,caddr,lp_servicename(s));
} else {
diff --git a/source/web/statuspage.c b/source/web/statuspage.c
index 9ce9c05b19f..21d7e457389 100644
--- a/source/web/statuspage.c
+++ b/source/web/statuspage.c
@@ -120,9 +120,9 @@ static void print_share_mode(share_mode_entry *e, char *fname)
d_printf("<td>");
switch (e->share_mode&0xF) {
- case 0: d_printf("%s", _("RDONLY ")); break;
- case 1: d_printf("%s", _("WRONLY ")); break;
- case 2: d_printf("%s", _("RDWR ")); break;
+ case 0: d_printf("RDONLY "); break;
+ case 1: d_printf("WRONLY "); break;
+ case 2: d_printf("RDWR "); break;
}
d_printf("</td>");
@@ -297,10 +297,6 @@ void status_page(void)
PID_or_Machine = 1;
}
- if (cgi_variable("show_pid_in_col_1")) {
- PID_or_Machine = 0;
- }
-
tdb = tdb_open_log(lock_path("connections.tdb"), 0, TDB_DEFAULT, O_RDONLY, 0);
if (tdb) tdb_traverse(tdb, traverse_fn1, NULL);
@@ -311,14 +307,14 @@ void status_page(void)
d_printf("<FORM method=post>\n");
if (!autorefresh) {
- d_printf("<input type=submit value=\"%s\" name=\"autorefresh\">\n", _("Auto Refresh"));
+ d_printf("<input type=submit value=\"%s\" name=autorefresh>\n", _("Auto Refresh"));
d_printf("<br>%s", _("Refresh Interval: "));
- d_printf("<input type=text size=2 name=\"refresh_interval\" value=\"%d\">\n",
+ d_printf("<input type=text size=2 name=\"refresh_interval\" value=%d>\n",
refresh_interval);
} else {
- d_printf("<input type=submit value=\"%s\" name=\"norefresh\">\n", _("Stop Refreshing"));
+ d_printf("<input type=submit value=\"%s\" name=norefresh>\n", _("Stop Refreshing"));
d_printf("<br>%s%d\n", _("Refresh Interval: "), refresh_interval);
- d_printf("<input type=hidden name=\"refresh\" value=\"1\">\n");
+ d_printf("<input type=hidden name=refresh value=1>\n");
}
d_printf("<p>\n");
@@ -422,8 +418,8 @@ void status_page(void)
if (tdb) tdb_close(tdb);
- d_printf("<br><input type=submit name=\"show_client_in_col_1\" value=\"%s\">\n", _("Show Client in col 1"));
- d_printf("<input type=submit name=\"show_pid_in_col_1\" value=\"%s\">\n", _("Show PID in col 1"));
+ d_printf("<br><input type=submit name=\"show_client_in_col_1\" value=\"Show Client in col 1\">\n");
+ d_printf("<input type=submit name=\"show_pid_in_col_1\" value=\"Show PID in col 1\">\n");
d_printf("</FORM>\n");
diff --git a/source/web/swat.c b/source/web/swat.c
index f4046b46a26..1c892559dd9 100644
--- a/source/web/swat.c
+++ b/source/web/swat.c
@@ -114,8 +114,7 @@ static int include_html(const char *fname)
fd = web_open(fname, O_RDONLY, 0);
if (fd == -1) {
- d_printf(_("ERROR: Can't open %s"), fname);
- d_printf("\n");
+ d_printf("ERROR: Can't open %s\n", fname);
return 0;
}
@@ -262,7 +261,7 @@ static void show_parameter(int snum, struct parm_struct *parm)
break;
case P_INTEGER:
- d_printf("<input type=text size=8 name=\"parm_%s\" value=\"%d\">", make_parm_name(parm->label), *(int *)ptr);
+ d_printf("<input type=text size=8 name=\"parm_%s\" value=%d>", make_parm_name(parm->label), *(int *)ptr);
d_printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'%d\'\">",
_("Set Default"), make_parm_name(parm->label),(int)(parm->def.ivalue));
break;
@@ -405,8 +404,7 @@ static int save_reload(int snum)
f = sys_fopen(dyn_CONFIGFILE,"w");
if (!f) {
- d_printf(_("failed to open %s for writing"), dyn_CONFIGFILE);
- d_printf("\n");
+ d_printf("failed to open %s for writing\n", dyn_CONFIGFILE);
return 0;
}
@@ -428,8 +426,7 @@ static int save_reload(int snum)
lp_killunused(NULL);
if (!load_config(False)) {
- d_printf(_("Can't reload %s"), dyn_CONFIGFILE);
- d_printf("\n");
+ d_printf("Can't reload %s\n", dyn_CONFIGFILE);
return 0;
}
iNumNonAutoPrintServices = lp_numservices();
@@ -498,8 +495,7 @@ static void show_main_buttons(void)
char *p;
if ((p = cgi_user_name()) && strcmp(p, "root")) {
- d_printf(_("Logged in as <b>%s</b>"), p);
- d_printf("<p>\n");
+ d_printf(_("Logged in as <b>%s</b><p>\n"), p);
}
image_link(_("Home"), "", "images/home.gif");
@@ -523,10 +519,10 @@ static void show_main_buttons(void)
****************************************************************************/
static void ViewModeBoxes(int mode)
{
- d_printf("<p>%s:&nbsp;\n", _("Current View Is"));
- d_printf("<input type=radio name=\"ViewMode\" value=0 %s>%s\n", ((mode == 0) ? "checked" : ""), _("Basic"));
- d_printf("<input type=radio name=\"ViewMode\" value=1 %s>%s\n", ((mode == 1) ? "checked" : ""), _("Advanced"));
- d_printf("<br>%s:&nbsp;\n", _("Change View To"));
+ d_printf("<p>%s\n", _("Current View Is:&nbsp \n"));
+ d_printf("<input type=radio name=\"ViewMode\" value=0 %s>Basic\n", (mode == 0) ? "checked" : "");
+ d_printf("<input type=radio name=\"ViewMode\" value=1 %s>Advanced\n", (mode == 1) ? "checked" : "");
+ d_printf("<br>%s\n", _("Change View To:&nbsp"));
d_printf("<input type=submit name=\"BasicMode\" value=\"%s\">\n", _("Basic"));
d_printf("<input type=submit name=\"AdvMode\" value=\"%s\">\n", _("Advanced"));
d_printf("</p><br>\n");
@@ -576,7 +572,7 @@ static void wizard_params_page(void)
/* Here we first set and commit all the parameters that were selected
in the previous screen. */
- d_printf("<H2>%s</H2>\n", _("Wizard Parameter Edit Page"));
+ d_printf("<H2>Wizard Parameter Edit Page</H2>\n");
if (cgi_variable("Commit")) {
commit_parameters(GLOBAL_SECTION_SNUM);
@@ -605,7 +601,7 @@ static void rewritecfg_file(void)
{
commit_parameters(GLOBAL_SECTION_SNUM);
save_reload(0);
- d_printf("<H2>%s</H2>\n", _("Note: smb.conf file has been read and rewritten"));
+ d_printf("<H2>Note: smb.conf %s</H2>\n", _("file has been read and rewritten"));
}
/****************************************************************************
@@ -713,37 +709,36 @@ static void wizard_page(void)
role = lp_server_role();
/* Here we go ... */
- d_printf("<H2>%s</H2>\n", _("Samba Configuration Wizard"));
+ d_printf("<H2>Samba Configuration Wizard</H2>\n");
d_printf("<form method=post action=wizard>\n");
if (have_write_access) {
- d_printf("%s\n", _("The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."));
- d_printf("%s", _("The same will happen if you press the commit button."));
- d_printf("<br><br>\n");
+ d_printf(_("The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments.\n"));
+ d_printf(_("The same will happen if you press the commit button."));
+ d_printf("<br><br>");
d_printf("<center>");
- d_printf("<input type=submit name=\"Rewrite\" value=\"%s\"> &nbsp;&nbsp;",_("Rewrite smb.conf file"));
- d_printf("<input type=submit name=\"Commit\" value=\"%s\"> &nbsp;&nbsp;",_("Commit"));
- d_printf("<input type=submit name=\"GetWizardParams\" value=\"%s\">", _("Edit Parameter Values"));
- d_printf("</center>\n");
+ d_printf("<input type=submit name=\"Rewrite\" value=%s> &nbsp;&nbsp;",_("Rewrite smb.conf file"));
+ d_printf("<input type=submit name=\"Commit\" value=%s> &nbsp;&nbsp;",_("Commit"));
+ d_printf("<input type=submit name=\"GetWizardParams\" value=%s>", _("Edit Parameter Values"));
+ d_printf("</center>");
}
d_printf("<hr>");
d_printf("<center><table border=0>");
- d_printf("<tr><td><b>%s:&nbsp;</b></td>\n", _("Server Type"));
- d_printf("<td><input type=radio name=\"ServerType\" value=\"0\" %s> %s&nbsp;</td>", ((role == ROLE_STANDALONE) ? "checked" : ""), _("Stand Alone"));
- d_printf("<td><input type=radio name=\"ServerType\" value=\"1\" %s> %s&nbsp;</td>", ((role == ROLE_DOMAIN_MEMBER) ? "checked" : ""), _("Domain Member"));
- d_printf("<td><input type=radio name=\"ServerType\" value=\"2\" %s> %s&nbsp;</td>", ((role == ROLE_DOMAIN_PDC) ? "checked" : ""), _("Domain Controller"));
- d_printf("</tr>\n");
+ d_printf("<tr><td><b>%s</b></td>\n", "Server Type:&nbsp;");
+ d_printf("<td><input type=radio name=\"ServerType\" value=0 %s> Stand Alone&nbsp;</td>", (role == ROLE_STANDALONE) ? "checked" : "");
+ d_printf("<td><input type=radio name=\"ServerType\" value=1 %s> Domain Member&nbsp;</td>", (role == ROLE_DOMAIN_MEMBER) ? "checked" : "");
+ d_printf("<td><input type=radio name=\"ServerType\" value=2 %s> Domain Controller&nbsp;</td>", (role == ROLE_DOMAIN_PDC) ? "checked" : "");
+ d_printf("</tr>");
if (role == ROLE_DOMAIN_BDC) {
- d_printf("<tr><td></td><td colspan=3><font color=\"#ff0000\">%s</font></td></tr>\n", _("Unusual Type in smb.conf - Please Select New Mode"));
+ d_printf("<tr><td></td><td colspan=3><font color=\"#ff0000\">Unusual Type in smb.conf - Please Select New Mode</font></td></tr>");
}
- d_printf("<tr><td><b>%s:&nbsp;</b></td>\n", _("Configure WINS As"));
- d_printf("<td><input type=radio name=\"WINSType\" value=\"0\" %s> %s&nbsp;</td>", ((winstype == 0) ? "checked" : ""), _("Not Used"));
- d_printf("<td><input type=radio name=\"WINSType\" value=\"1\" %s> %s&nbsp;</td>", ((winstype == 1) ? "checked" : ""), _("Server for client use"));
- d_printf("<td><input type=radio name=\"WINSType\" value=\"2\" %s> %s&nbsp;</td>", ((winstype == 2) ? "checked" : ""), _("Client of another WINS server"));
- d_printf("</tr>\n");
- d_printf("<tr><td></td><td></td><td></td><td>%s&nbsp;<input type=text size=\"16\" name=\"WINSAddr\" value=\"", _("Remote WINS Server"));
-
+ d_printf("<tr><td><b>%s</b></td>\n", "Configure WINS As:&nbsp;");
+ d_printf("<td><input type=radio name=\"WINSType\" value=0 %s> Not Used&nbsp;</td>", (winstype == 0) ? "checked" : "");
+ d_printf("<td><input type=radio name=\"WINSType\" value=1 %s> Server for client use&nbsp;</td>", (winstype == 1) ? "checked" : "");
+ d_printf("<td><input type=radio name=\"WINSType\" value=2 %s> Client of another WINS server&nbsp;</td>", (winstype == 2) ? "checked" : "");
+ d_printf("<tr><td></td><td></td><td></td><td>Remote WINS Server&nbsp;<input type=text size=\"16\" name=\"WINSAddr\" value=\"");
+
/* Print out the list of wins servers */
if(lp_wins_server_list()) {
int i;
@@ -751,27 +746,28 @@ static void wizard_page(void)
for(i = 0; wins_servers[i]; i++) d_printf("%s ", wins_servers[i]);
}
- d_printf("\"></td></tr>\n");
+ d_printf("\"></td></tr>");
if (winstype == 3) {
- d_printf("<tr><td></td><td colspan=3><font color=\"#ff0000\">%s</font></td></tr>\n", _("Error: WINS Server Mode and WINS Support both set in smb.conf"));
- d_printf("<tr><td></td><td colspan=3><font color=\"#ff0000\">%s</font></td></tr>\n", _("Please Select desired WINS mode above."));
+ d_printf("<tr><td></td><td colspan=3><font color=\"#ff0000\">Error: WINS Server Mode and WINS Support both set in smb.conf</font></td></tr>");
+ d_printf("<tr><td></td><td colspan=3><font color=\"#ff0000\">Please Select desired WINS mode above.</font></td></tr>");
}
- d_printf("<tr><td><b>%s:&nbsp;</b></td>\n", _("Expose Home Directories"));
- d_printf("<td><input type=radio name=\"HomeExpo\" value=\"1\" %s> Yes</td>", (have_home == -1) ? "" : "checked ");
- d_printf("<td><input type=radio name=\"HomeExpo\" value=\"0\" %s> No</td>", (have_home == -1 ) ? "checked" : "");
- d_printf("<td></td></tr>\n");
+ d_printf("</tr>");
+ d_printf("<tr><td><b>%s</b></td>\n","Expose Home Directories:&nbsp;");
+ d_printf("<td><input type=radio name=\"HomeExpo\" value=1 %s> Yes</td>", (have_home == -1) ? "" : "checked ");
+ d_printf("<td><input type=radio name=\"HomeExpo\" value=0 %s> No</td>", (have_home == -1 ) ? "checked" : "");
+ d_printf("<td></td></tr>");
/* Enable this when we are ready ....
- * d_printf("<tr><td><b>%s:&nbsp;</b></td>\n", _("Is Print Server"));
- * d_printf("<td><input type=radio name=\"PtrSvr\" value=\"1\" %s> Yes</td>");
- * d_printf("<td><input type=radio name=\"PtrSvr\" value=\"0\" %s> No</td>");
- * d_printf("<td></td></tr>\n");
+ * d_printf("<tr><td><b>%s</b></td>\n","Is Print Server:&nbsp;");
+ * d_printf("<td><input type=radio name=\"PtrSvr\" value=1 %s> Yes</td>");
+ * d_printf("<td><input type=radio name=\"PtrSvr\" value=0 %s> No</td>");
+ * d_printf("<td></td></tr>");
*/
d_printf("</table></center>");
d_printf("<hr>");
- d_printf("%s\n", _("The above configuration options will set multiple parameters and will generally assist with rapid Samba deployment."));
+ d_printf(_("The above configuration options will set multiple parameters and will generally assist with rapid Samba deployment.\n"));
d_printf("</form>\n");
}
@@ -784,7 +780,7 @@ static void globals_page(void)
unsigned int parm_filter = FLAG_BASIC;
int mode = 0;
- d_printf("<H2>%s</H2>\n", _("Global Parameters"));
+ d_printf("<H2>%s</H2>\n", _("Global Variables"));
if (cgi_variable("Commit")) {
commit_parameters(GLOBAL_SECTION_SNUM);
@@ -941,7 +937,7 @@ static BOOL change_password(const char *remote_machine, const char *user_name,
pstring msg_str;
if (demo_mode) {
- d_printf("%s\n<p>", _("password change in demo mode rejected"));
+ d_printf("%s<p>", _("password change in demo mode rejected\n"));
return False;
}
@@ -954,7 +950,7 @@ static BOOL change_password(const char *remote_machine, const char *user_name,
}
if(!initialize_password_db(True)) {
- d_printf("%s\n<p>", _("Can't setup password database vectors."));
+ d_printf("Can't setup password database vectors.\n<p>");
return False;
}
@@ -980,7 +976,7 @@ static void chg_passwd(void)
/* Make sure users name has been specified */
if (strlen(cgi_variable(SWAT_USER)) == 0) {
- d_printf("<p>%s\n", _(" Must specify \"User Name\" "));
+ d_printf("<p>%s", _(" Must specify \"User Name\" \n"));
return;
}
@@ -996,26 +992,26 @@ static void chg_passwd(void)
*/
if (((!am_root()) && (strlen( cgi_variable(OLD_PSWD)) <= 0)) ||
((cgi_variable(CHG_R_PASSWD_FLAG)) && (strlen( cgi_variable(OLD_PSWD)) <= 0))) {
- d_printf("<p>%s\n", _(" Must specify \"Old Password\" "));
+ d_printf("<p>%s", _(" Must specify \"Old Password\" \n"));
return;
}
/* If changing a users password on a remote hosts we have to know what host */
if ((cgi_variable(CHG_R_PASSWD_FLAG)) && (strlen( cgi_variable(RHOST)) <= 0)) {
- d_printf("<p>%s\n", _(" Must specify \"Remote Machine\" "));
+ d_printf("<p>%s", _(" Must specify \"Remote Machine\" \n"));
return;
}
/* Make sure new passwords have been specified */
if ((strlen( cgi_variable(NEW_PSWD)) <= 0) ||
(strlen( cgi_variable(NEW2_PSWD)) <= 0)) {
- d_printf("<p>%s\n", _(" Must specify \"New, and Re-typed Passwords\" "));
+ d_printf("<p>%s", _(" Must specify \"New, and Re-typed Passwords\" \n"));
return;
}
/* Make sure new passwords was typed correctly twice */
if (strcmp(cgi_variable(NEW_PSWD), cgi_variable(NEW2_PSWD)) != 0) {
- d_printf("<p>%s\n", _(" Re-typed password didn't match new password "));
+ d_printf("<p>%s", _(" Re-typed password didn't match new password\n"));
return;
}
}
@@ -1045,11 +1041,9 @@ static void chg_passwd(void)
if(local_flags == 0) {
d_printf("<p>");
if (rslt == True) {
- d_printf(_(" The passwd for '%s' has been changed."), cgi_variable(SWAT_USER));
- d_printf("\n");
+ d_printf(_(" The passwd for '%s' has been changed. \n"), cgi_variable(SWAT_USER));
} else {
- d_printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable(SWAT_USER));
- d_printf("\n");
+ d_printf(_(" The passwd for '%s' has NOT been changed. \n"), cgi_variable(SWAT_USER));
}
}
@@ -1082,15 +1076,15 @@ static void passwd_page(void)
/*
* Create all the dialog boxes for data collection
*/
- d_printf("<tr><td> %s : </td>\n", _("User Name"));
+ d_printf("<tr><td>%s</td>\n", _(" User Name : "));
d_printf("<td><input type=text size=30 name=%s value=%s></td></tr> \n", SWAT_USER, new_name);
if (!am_root()) {
- d_printf("<tr><td> %s : </td>\n", _("Old Password"));
+ d_printf("<tr><td>%s</td>\n", _(" Old Password : "));
d_printf("<td><input type=password size=30 name=%s></td></tr> \n",OLD_PSWD);
}
- d_printf("<tr><td> %s : </td>\n", _("New Password"));
+ d_printf("<tr><td>%s</td>\n", _(" New Password : "));
d_printf("<td><input type=password size=30 name=%s></td></tr>\n",NEW_PSWD);
- d_printf("<tr><td> %s : </td>\n", _("Re-type New Password"));
+ d_printf("<tr><td>%s</td>\n", _(" Re-type New Password : "));
d_printf("<td><input type=password size=30 name=%s></td></tr>\n",NEW2_PSWD);
d_printf("</table>\n");
@@ -1129,15 +1123,15 @@ static void passwd_page(void)
/*
* Create all the dialog boxes for data collection
*/
- d_printf("<tr><td> %s : </td>\n", _("User Name"));
+ d_printf("<tr><td>%s</td>\n", _(" User Name : "));
d_printf("<td><input type=text size=30 name=%s value=%s></td></tr>\n",SWAT_USER, new_name);
- d_printf("<tr><td> %s : </td>\n", _("Old Password"));
+ d_printf("<tr><td>%s</td>\n", _(" Old Password : "));
d_printf("<td><input type=password size=30 name=%s></td></tr>\n",OLD_PSWD);
- d_printf("<tr><td> %s : </td>\n", _("New Password"));
+ d_printf("<tr><td>%s</td>\n", _(" New Password : "));
d_printf("<td><input type=password size=30 name=%s></td></tr>\n",NEW_PSWD);
- d_printf("<tr><td> %s : </td>\n", _("Re-type New Password"));
+ d_printf("<tr><td>%s</td>\n", _(" Re-type New Password : "));
d_printf("<td><input type=password size=30 name=%s></td></tr>\n",NEW2_PSWD);
- d_printf("<tr><td> %s : </td>\n", _("Remote Machine"));
+ d_printf("<tr><td>%s</td>\n", _(" Remote Machine : "));
d_printf("<td><input type=text size=30 name=%s></td></tr>\n",RHOST);
d_printf("</table>");
@@ -1182,7 +1176,7 @@ static void printers_page(void)
d_printf(_("Printer names marked with [*] in the Choose Printer drop-down box "));
d_printf(_("are autoloaded printers from "));
d_printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
- d_printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));
+ d_printf(_("Attempting to delete these printers from SWAT will have no effect.\n"));
if (cgi_variable("Commit") && snum >= 0) {
commit_parameters(snum);
@@ -1228,8 +1222,8 @@ static void printers_page(void)
break;
}
d_printf("<table>\n");
- d_printf("<tr><td><input type=submit name=\"selectshare\" value=\"%s\"></td>\n", _("Choose Printer"));
- d_printf("<td><select name=\"share\">\n");
+ d_printf("<tr><td><input type=submit name=selectshare value=\"%s\"></td>\n", _("Choose Printer"));
+ d_printf("<td><select name=share>\n");
if (snum < 0 || !lp_print_ok(snum))
d_printf("<option value=\" \"> \n");
for (i=0;i<lp_numservices();i++) {
@@ -1254,8 +1248,8 @@ static void printers_page(void)
if (have_write_access) {
d_printf("<table>\n");
- d_printf("<tr><td><input type=submit name=\"createshare\" value=\"%s\"></td>\n", _("Create Printer"));
- d_printf("<td><input type=text size=30 name=\"newshare\"></td></tr>\n");
+ d_printf("<tr><td><input type=submit name=createshare value=\"%s\"></td>\n", _("Create Printer"));
+ d_printf("<td><input type=text size=30 name=newshare></td></tr>\n");
d_printf("</table>");
}
diff --git a/swat/help/welcome.html b/swat/help/welcome.html
index 59429ba47df..8fc54ad5f29 100644
--- a/swat/help/welcome.html
+++ b/swat/help/welcome.html
@@ -33,12 +33,13 @@ Please choose a configuration action using one of the above buttons
<li><a href="/swat/help/smbclient.1.html" target="docs">smbclient</a> - command line SMB client
<li><a href="/swat/help/smbmnt.8.html" target="docs">smbmnt</a> - helper utility for mounting SMB filesystems on Linux hosts
<li><a href="/swat/help/smbmount.8.html" target="docs">smbmount</a> - user space tool for mounting SMB filesystems under Linux
+ <li><a href="/swat/help/smbspool.8.html" target="docs">smbspool</a> - command line SMB print client
<li><a href="/swat/help/smbumount.8.html" target="docs">smbumount</a> - user space tool for umounting SMB filesystems under Linux
<li><a href="/swat/help/ntlm_auth.1.html" target="docs">ntlm_auth</a> - allow external programs to use NTLM authentication
<li><a href="/swat/help/smbcquotas.1.html" target="docs">smbcquotas</a> - get or set quotas on NTFS 5 shares
<li><a href="/swat/help/smbsh.1.html" target="docs">smbsh</a> - Allow access to remote SMB shares using a UNIX shell
- <li><a href="/swat/help/smbspool.8.html" target="docs">smbspool</a> - Send a print job to an SMB printer
<li><a href="/swat/help/smbtree.1.html" target="docs">smbtree</a> - Text-based SMB network browsing
+ <li><a href="/swat/help/smbspool.8.html" target="docs">smbspool</a> - Send a print job to an SMB printer
</ul>
<li><b>Diagnostic Utilities</b>
<ul>
diff --git a/swat/lang/ja/help/welcome.html b/swat/lang/ja/help/welcome.html
index fee6d2084ae..f8266cf825b 100644
--- a/swat/lang/ja/help/welcome.html
+++ b/swat/lang/ja/help/welcome.html
@@ -1,4 +1,4 @@
-<h2>SWAT : Samba Web Administration Tool !</h2>
+<h2>SWAT : Samba Web Administaration Tool !</h2>
<p>Sambaの設定は上のボタンをクリックして行います。 </p>
diff --git a/swat/lang/ja/images/globals.gif b/swat/lang/ja/images/globals.gif
new file mode 100644
index 00000000000..5f8eb15b34a
--- /dev/null
+++ b/swat/lang/ja/images/globals.gif
Binary files differ
diff --git a/swat/lang/ja/images/home.gif b/swat/lang/ja/images/home.gif
new file mode 100644
index 00000000000..a4e61229583
--- /dev/null
+++ b/swat/lang/ja/images/home.gif
Binary files differ
diff --git a/swat/lang/ja/images/passwd.gif b/swat/lang/ja/images/passwd.gif
new file mode 100644
index 00000000000..c8242bf7228
--- /dev/null
+++ b/swat/lang/ja/images/passwd.gif
Binary files differ
diff --git a/swat/lang/ja/images/printers.gif b/swat/lang/ja/images/printers.gif
new file mode 100644
index 00000000000..f0db94cb57a
--- /dev/null
+++ b/swat/lang/ja/images/printers.gif
Binary files differ
diff --git a/swat/lang/ja/images/samba.gif b/swat/lang/ja/images/samba.gif
new file mode 100644
index 00000000000..0c13dc9ef37
--- /dev/null
+++ b/swat/lang/ja/images/samba.gif
Binary files differ
diff --git a/swat/lang/ja/images/shares.gif b/swat/lang/ja/images/shares.gif
new file mode 100644
index 00000000000..afc1b55cf5e
--- /dev/null
+++ b/swat/lang/ja/images/shares.gif
Binary files differ
diff --git a/swat/lang/ja/images/status.gif b/swat/lang/ja/images/status.gif
new file mode 100644
index 00000000000..f506cda77f8
--- /dev/null
+++ b/swat/lang/ja/images/status.gif
Binary files differ
diff --git a/swat/lang/ja/images/viewconfig.gif b/swat/lang/ja/images/viewconfig.gif
new file mode 100644
index 00000000000..ebc05f6c69d
--- /dev/null
+++ b/swat/lang/ja/images/viewconfig.gif
Binary files differ
View Lorry Controller Status